Back to blog

Report Improvement: Calculations for Exchange Login

10 Apr 2018 by Doug Davis

We have made some improvements to our method for determining the last time an Office 365 user logged into their Exchange Online mailbox.

Our previous reporting method for the ‘Last Mailbox log in’ was based on data returned by Exchange Online. Unfortunately, we found that the data includes logins by background service assistants, such as the Mailbox Folder Assistant, as well as users.

As a result, the figures calculated from the last login are not reflective of actual user login events. Instead, the data gives an indication of general login activity against the mailbox. The result is that the information shown in Radar Reporting was not as precise as we wanted it to be because the last activity for a mailbox may have been a maintenance service or other administrative activity. In effect, an inactive mailbox often showed up as active because a background process accessed the mailbox to check its contents.

Once we realised the issue, we set out to find an accurate source for user interaction with mailboxes. We now use a method based on the Microsoft Graph API that only tracks actual user logins. If you compare the number of active mailboxes reported for a tenant, you might see a reduction in the number of Exchange logins. In our tests, we have noted a reduction of approximately 30% in the number of user logins.

The data collected under this new method is named ‘Exchange Last Activity’ and will replace the Last Mailbox Login attribute within Radar Reporting.You will notice this change in the ‘Inactive Users by Service’ and ‘Inactive Exchange Users’ reports within the Radar Reporting for Office 365 report node, as well in any custom reporting you may have added this data selection to.

The new reports use Microsoft’s Graph API and there is a process to ensure that the Radar Reporting service account has read access to the information we can get out of this API. To enable use of the new method, go to Profile and Settings and select the OAuth API Access Permissions. If the dialog shows Permission Not Configured, you must select the Connect to Azure Active Directory to enable Radar to use the Graph API to connect and read data from your tenant.Once the permissions are set, the dialog will go green and Radar will use the Graph API to retrieve statistics for your tenant.More detail on this process can be found here.

Custom reports using the older metric will continue to work for two months and will then be phased out. Please update any custom reports to this new data attribute.

We have added a visual banner to the tool to highlight this change. Please contact us if you have any questions.