Add Account Age Condition for Never-Signed-In Users

What is a one sentence summary of your feature request?

Only report never-signed-in user accounts when the account age exceeds a configurable period such as 90 days.

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

The inactive user accounts report currently includes users who have never signed in, regardless of when the account was created. This may generate unnecessary findings for newly provisioned accounts that have not yet been used.

A useful enhancement would be the ability to evaluate both account age and sign-in status. For example, a user account should only be reported if it has never signed in and was created more than 90 days ago. This would reduce noise and improve the quality of Risk Assessment results.

How do you currently solve the challenges you have by not having this feature?

Currently, there is no way to distinguish newly created accounts from genuinely stale never-used accounts, requiring manual verification.

This is an excellent and very practical suggestion, Ali!
New account provisioning workflows frequently result in accounts that appear in the never-signed-in report before users have even had a chance to log in. Adding a compound condition (no sign-in AND account age > configurable days) would make this risk indicator significantly more actionable and reduce alert fatigue for administrators. This is closely related to your other requests around configurable thresholds and dataset extensions, and we see them as part of a broader initiative to make Risk Assessment policies more flexible.

We are logging this request alongside those. As a temporary workaround, exporting the report and joining with AD data (querying whenCreated via PowerShell) can help you filter out new accounts manually. We will keep you updated as this area evolves.