Overslaan naar hoofdinhoud
Inhoudsopgave overslaan

Hoe laatste aanmeldingsgegevens importeren uit Azure AD

You can import the last logon timestamp for users from Azure AD into eAdm. This data is valuable for creating automated rules, such as downgrading Microsoft 365 licenses that are no longer in use, which can lead to significant cost savings.

After the configuration is complete, the last logon timestamp will be imported and available in the user attribute AzureAdLastLogon.

Configuratie

To set up the import, you must first grant the correct permissions in your Azure AD portal.

  1. Log in to the Azure Portal with an administrator account.

  2. Navigeer naar Azure Active Directory.

  3. Go to App registrations.

  4. Search for your eAdm application (e.g., "Identum" or "eAdm") to find the integration application.

  5. In the application menu, select API permissions.

  6. Click + Add a permission and select Microsoft Graph.

  7. Kies Toepassingsmachtigingen.

  8. In the search box, type AuditLog.ReadAll and select the checkbox for that permission.

  9. Click Add permissions.

  10. Grant Admin Consent: On the API permissions screen, you must click the Grant admin consent for [Your Tenant] button. The status for the new permission must show a green checkmark and be listed as "Granted".

    Warning: The permission will not be active until admin consent has been granted.

  11. Activate the Import: Notify Identum support at support@identum.no and state that you have granted the permission and wish to activate the last logon import.

Use Case: Automated M365 License Downgrading

Once the AzureAdLastLogon attribute is populated, you can use it to build powerful license management rules.

For example, you can create a rule that automatically assigns a cheaper license to users who have not logged into Microsoft 365 for a specific period.

Voorbeeld:

This rule assigns an M365 F3 license but excludes anyone who has not logged in for over 90 days.

  • Attribuut: AzureAdLastLogon

  • Staat: Na

  • Argument: Now -90 days

You can combine this with a second rule that assigns those same inactive users a more basic license (e.g., Exchange Online only). This ensures users who don't actively use their full M365 suite are automatically moved to a lower-cost plan, optimizing your license spending.

Note: Contact us if you need assistance with Microsoft 365 license management. Optimizing these rules can generate significant savings.

JavaScript-fouten gedetecteerd

Let op: deze fouten kunnen afhankelijk zijn van de instellingen van je browser.

Als dit probleem zich blijft voordoen, neem dan contact op met onze supportafdeling.

Contact Ondersteuning Sluit