Idea ID: 2870425

Update azure collector to support the Microsoft Graph API AND be also able to support the /beta additional API’s

Status: New Idea

The current collector uses the Azure AD Graph API.

The new Microsoft Graph API includes additional user attribute that are highly valuable, in particular the last login time

            "signInActivity": {
                "lastSignInDateTime": "2020-12-07T04:40:59Z",
                "lastSignInRequestId": "2047c4cf-31a1-4383-8576-1588578a2301"
            }

To be able to collect this attribute required BOTH the collector be updated to support  Azure AD Graph API but also (presently) it's only available under the /beta branch.

Being able to collect login times for accounts is invaluable from a governance perspective as it allows tracking of stale account and also provides valuable information on account being accessed when believed to be disabled (du to the account being detached from whatever directory sync tool is being used to provision the account).