Get Last Logon Time of users in Office 365
In this article we will use PowerShell script to get last logon time for users in Office 365.
Table of Contents
Many industries have compliance requirements that mandate monitoring and auditing user activity, including login times. Having access to last logon time information helps organizations demonstrate compliance with these regulations.
Connect to Exchange Online PowerShell
To be able to run below PowerShell script, you need to connect to Exchange Online module first. Open Windows PowerShell as administrator and run below PowerShell commands:
Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnlineGet last logon time for a user
In this scenario we will get last logon time for a user using PowerShell command. To achieve this we will use Get-MailboxStatistics PowerShell command.
Replace Bob Ross with the actual display name of the user and run below PowerShell command:
Get-MailboxStatistics -Identity "Bob Ross" | Select-Object DisplayName, LastLogonTimeThe above command will display the last logon time for the user as shown below:
Get last logon time for all users in Office 365
To get last logon time for all users in Office 365, run below PowerShell script:
# Get all users
$AllUsers = Get-Mailbox -ResultSize Unlimited
# Loop through each user
foreach ($User in $AllUsers) {
$UserPrincipalName = $User.UserPrincipalName
# Get last logon time
$LastLogon = Get-MailboxStatistics -Identity $UserPrincipalName | Select-Object -ExpandProperty LastLogonTime
# Display user details on screen
Write-Host "User Principal Name: $UserPrincipalName"
Write-Host "Last Logon Time : $LastLogon"
Write-Host "-----------------------------"
}The above script will display the Email Address of the users along with the Last Logon Time of all the users in your Exchange Online organization as shown below:
Export Last Logon time for all users in CSV
To export the last logon report in CSV file, run below PowerShell script. Make sure to replace the path where you want to save the CSV file.
# Get all users
$AllUsers = Get-Mailbox -ResultSize Unlimited
# Create an array to store results
$LastLogonReport = @()
# Loop through each user
foreach ($User in $AllUsers) {
$UserPrincipalName = $User.UserPrincipalName
# Get last logon time
$LastLogon = Get-MailboxStatistics -Identity $UserPrincipalName | Select-Object -ExpandProperty LastLogonTime
# Create a custom object with user details
$UserDetails = [PSCustomObject]@{
UserPrincipalName = $UserPrincipalName
LastLogon = $LastLogon
}
# Add user details to the report array
$LastLogonReport += $UserDetails
}
# Output the report
$LastLogonReport | Export-Csv -Path "LastLogonReport.csv" -NoTypeInformation
The above script will fetch last logon report for all the user, and will export the results in a CSV file as shown below:
Get last logon time for users using CSV file
In this scenario we will use a CSV file to get last logon time for the users.
Create a CSV file with a column EmailAddress that will contain the email addresses of the users as shown below:
Replace “C:\csv\lastlogon.csv” with the actual path of the CSV file, and run below PowerShell script:
# Path to the input CSV file
$csvFilePath = "C:\csv\lastlogon.csv"
# Read the CSV file and iterate through each row
$users = Import-Csv $csvFilePath
# Initialize an array to store the results
$results = @()
foreach ($user in $users) {
$email = $user.EmailAddress
$mailboxStats = Get-MailboxStatistics -Identity $email
$lastLogonTime = $mailboxStats.LastLogonTime
# Add the result to the results array
$results += [PSCustomObject]@{
EmailAddress = $email
LastLogonTime = $lastLogonTime
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeThe above script will read the email addresses within the CSV file, it will fetch the last logon time for all the users, and will display the output as shown below:
Get last logon time for all shared mailboxes
In this scenario we will get last logon time for all the shared mailboxes in Exchange Online organization.
# Get all shared mailboxes
$sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited
# Initialize an array to store the results
$results = @()
# Iterate through each shared mailbox
foreach ($sharedMailbox in $sharedMailboxes) {
$mailboxStats = Get-MailboxStatistics -Identity $sharedMailbox.Identity
$lastLogonTime = $mailboxStats.LastLogonTime
# Add the result to the results array
$results += [PSCustomObject]@{
SharedMailbox = $sharedMailbox.DisplayName
LastLogonTime = $lastLogonTime
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeGet last logon time for all the user mailboxes
In this scenario we will get last logon time for all the user mailboxes in Exchange Online organization.
# Get all shared mailboxes
$sharedMailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
# Initialize an array to store the results
$results = @()
# Iterate through each shared mailbox
foreach ($sharedMailbox in $sharedMailboxes) {
$mailboxStats = Get-MailboxStatistics -Identity $sharedMailbox.Identity
$lastLogonTime = $mailboxStats.LastLogonTime
# Add the result to the results array
$results += [PSCustomObject]@{
SharedMailbox = $sharedMailbox.DisplayName
LastLogonTime = $lastLogonTime
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeGet last logon time for users who haven’t logged in for 1 month
In this example we will get last logon time for the users who haven’t logged in for 1 month.
# Get the current date and calculate the date one month ago
$currentDate = Get-Date
$oneMonthAgo = $currentDate.AddMonths(-1)
# Get all mailbox users
$mailboxUsers = Get-Mailbox -ResultSize Unlimited
# Initialize an array to store the results
$results = @()
# Iterate through each mailbox user
foreach ($user in $mailboxUsers) {
$mailboxStats = Get-MailboxStatistics -Identity $user.Identity
$lastLogonTime = $mailboxStats.LastLogonTime
# Check if the user has not logged in for one month
if ($lastLogonTime -lt $oneMonthAgo) {
# Add the result to the results array
$results += [PSCustomObject]@{
User = $user.DisplayName
LastLogonTime = $lastLogonTime
}
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeGet last logon time for users who haven’t logged in for 1 week
In this example we will get last logon time for the users who haven’t logged in for 1 week.
# Get the current date and calculate the date one week ago
$currentDate = Get-Date
$oneWeekAgo = $currentDate.AddDays(-7)
# Get all mailbox users
$mailboxUsers = Get-Mailbox -ResultSize Unlimited
# Initialize an array to store the results
$results = @()
# Iterate through each mailbox user
foreach ($user in $mailboxUsers) {
$mailboxStats = Get-MailboxStatistics -Identity $user.Identity
$lastLogonTime = $mailboxStats.LastLogonTime
# Check if the user hasn't logged in for one week
if ($lastLogonTime -lt $oneWeekAgo) {
# Add the result to the results array
$results += [PSCustomObject]@{
User = $user.DisplayName
LastLogonTime = $lastLogonTime
}
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeGet last logon time for users who haven’t logged in for 1 year
In this example we will get last logon time for the users who haven’t logged in for 1 week.
# Get the current date and calculate the date one year ago
$currentDate = Get-Date
$oneYearAgo = $currentDate.AddYears(-1)
# Get all mailbox users
$mailboxUsers = Get-Mailbox -ResultSize Unlimited
# Initialize an array to store the results
$results = @()
# Iterate through each mailbox user
foreach ($user in $mailboxUsers) {
$mailboxStats = Get-MailboxStatistics -Identity $user.Identity
$lastLogonTime = $mailboxStats.LastLogonTime
# Check if the user hasn't logged in for one year
if ($lastLogonTime -lt $oneYearAgo) {
# Add the result to the results array
$results += [PSCustomObject]@{
User = $user.DisplayName
LastLogonTime = $lastLogonTime
}
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeGet last logon time for users who never logged in
In this example we will get last logon time for the users who never logged in.
The below script will show results only for user mailboxes and shared mailboxes. If you want to include other recipient types, modify the script accordingly.
# Get all mailbox users, excluding groups
$mailboxUsers = Get-Mailbox -ResultSize Unlimited | Where-Object { $_.RecipientType -eq 'UserMailbox' -or $_.RecipientType -eq 'SharedMailbox' }
# Initialize an array to store the results
$results = @()
# Iterate through each mailbox user
foreach ($user in $mailboxUsers) {
$mailboxStats = Get-MailboxStatistics -Identity $user.Identity
# Check if the user has never logged in
if (!$mailboxStats.LastLogonTime) {
# Add the result to the results array
$results += [PSCustomObject]@{
User = $user.DisplayName
LastLogonTime = "Never logged in"
}
}
}
# Display the results in a table format
$results | Format-Table -AutoSizeConclusion
Last logon time reports allows administrators to monitor user activity and identify any suspicious login patterns. For example, if a user’s account shows recent logins from unfamiliar locations or outside of normal business hours, it could indicate a potential security threat such as unauthorized access.
Identifying users who haven’t logged in for an extended period can help in identifying inactive accounts. These accounts may be candidates for deprovisioning or further investigation to determine if they are still needed.
You might like our other articles on Office 365 license management using Graph PowerShell, Manage user mailboxes using PowerShell, and Manage Office 365 users using Graph PowerShell.
Join us on YouTube for the latest videos on the Cloud technology and join our Newsletter for the early access of the blogs and updates.
Happy Scripting!