This script only shows a list of users that have not logged in for 90 days or more if your tenancy happens to have fewer than 5000 matching audit log entries for the following actions over the last 90 days: UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed.
This script only shows a list of users that have not logged in for 90 days or more if your tenancy happens to have fewer than 5000 matching audit log entries for the following actions over the last 90 days: UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed.
$loggedOnUsers= Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed -ResultSize 5000In any reasonably active tenancy, you're going to get mainly false positives.
You need to batch these requests.