> For the complete documentation index, see [llms.txt](https://docs.forestall.io/fsprotect/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.forestall.io/fsprotect/search-and-reports/azure-entities/entra-id/user.md). # User The **User** entity represents a user account in Azure Active Directory (Entra ID). | Field | Type | Possible Operators | Description | | -------------------------------- | ------- | ------------------------------------------------------------------ | -------------------------------------------------------------- | | Guid | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Unique identifier for the entity in FSProtect | | FSName | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Display name used in FSProtect | | ObjectID | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Azure AD Object ID of the user | | FirstName | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | First name of the user | | LastName | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Last name of the user | | Enabled | BOOLEAN | True / False | Whether the user account is enabled | | WhenCreated | DATE | Smaller, Larger, Between, Equal | Date the user account was created | | DisplayName | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Display name of the user in Azure AD | | Title | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Job title of the user | | PasswordLastSet | DATE | Smaller, Larger, Between, Equal | Date the user's password was last set | | Email | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Email address of the user | | OnPremImmutableID | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Immutable ID synced from on-premises AD | | OnPremSyncEnabled | BOOLEAN | True / False | Whether the user is synced from on-premises AD | | OnPremSID | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | On-premises Security Identifier (SID) | | IsInactive | BOOLEAN | True / False | Whether the user account is inactive | | OnPremLastSyncDateTime | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Last sync date/time from on-premises AD | | UserPrincipalName | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | User Principal Name (UPN) of the user | | UserType | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Type of user (e.g., Member, Guest) | | IsAZPrivileged | BOOLEAN | True / False | Whether the user has privileged access in Azure | | IsStealth | BOOLEAN | True / False | Whether the user is a stealth (shadow) admin | | IsAdmin | BOOLEAN | True / False | Whether the user has admin privileges | | WhenDeleted | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Date the user was deleted (if applicable) | | UsageLocation | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Usage location assigned to the user | | PasswordPolicies | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Password policies applied to the user | | TenantID | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Azure AD Tenant ID the user belongs to | | IsSsprRegistered | BOOLEAN | True / False | Whether the user is registered for Self-Service Password Reset | | IsSsprEnabled | BOOLEAN | True / False | Whether SSPR is enabled for the user | | IsSsprCapable | BOOLEAN | True / False | Whether the user is capable of using SSPR | | IsMfaCapable | BOOLEAN | True / False | Whether the user is capable of using MFA | | IsMfaRegistered | BOOLEAN | True / False | Whether the user is registered for MFA | | IsPasswordlessCapable | BOOLEAN | True / False | Whether the user is capable of passwordless authentication | | MethodsRegistered | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Authentication methods registered by the user | | LastSignInDateTime | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Last interactive sign-in date/time | | LastNonInteractiveSignInDateTime | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Last non-interactive sign-in date/time | | LastSuccessfulSignInDateTime | TEXT | Like, Not Like, Equal, Not Equal, Is Empty | Last successful sign-in date/time | | AZTier | NUMBER | Equal, Between, Smaller, Larger, Smaller or Equal, Larger or Equal | Azure tier classification assigned by FSProtect | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports/azure-entities/entra-id/user.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.