Azure Active Directory Stale Users and Devices

If you are managing an active directory of a large organization and, normally, often new employees join, and old employees leave. To keep the active directory running smoothly and without issues, one of the tasks is to remove the stale users and devices from the Azure directory or on-premises active directory. In this article, we will see, how we can find a list of stale users and devices in the azure active directory.

Stale Devices in Azure Active Directory

You need to connect to Azure Active Directory using PowerShell.

Open PowerShell with administrative rights and run the following commands.

Install-Module -Name AzureAD
Install-Module msonline

Import-Module -Name AzureAD
Import-Module msonline


You will be prompted for credentials. Provide and you will be connected.

Once you are connected, you can run the following command to export the list of Azure stale devices in CSV format. You will find the date column and sort that to see which devices are not logged.

Get-MsolDevice -all | select-object -Property Enabled, DeviceId, DisplayName, DeviceTrustType, ApproximateLastLogonTimestamp | export-csv “C:\temp\az-devices.csv”

You can also automate this process by setting up in Azure AD by following steps.

  • Login
  • Search Intune and open Intune blade
  • Select Devices from the left menu
  • Select Device cleanup rules
  • Turn on “Delete devices based on last check-in date”
  • Set the number of days, so the device will be removed automatically if not checked in for this many days.

Azure ad stale devices

Stale Users / Accounts in Azure Active Directory

Finding stale users’ accounts is not as easy on Azure devices, the reason is that there is no attribute like “ApproximateLastLogonTimestamp”, however, Microsoft provides a way to get the lastSignInDateTime property using Microsoft Graph and this is still in Beta. I found a convenient PowerShell script and set up graph permission. You can find the script and how to use it in the link below.



Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More