@PT Maliborski
Thank you for the detailed post and I apologize for the delayed response!
Issue:
- You have a requirement to check and monitor how many employees log into the
Microsoft Teams App
using their mobile phones on a monthly basis. - When using the Get-AzureADAuditSignInLogs PowerShell command, only
interactive sign-ins
are returned.
When it comes to viewing the non-interactive sign-ins, you should be able to do this via the Microsoft Graph List signIns Beta API, or the Get-MgAuditLogSignIn PowerShell Graph Module.
Microsoft Graph List signIns Beta API:
#Retrieve the first 10 sign-ins where the signInEventType is not interactiveUser starting with the latest sign-in
GET https://graph.microsoft.com/beta/auditLogs/signins?&$filter=(signInEventTypes/any(t: t ne 'interactiveUser'))&$orderBy=createdDateTime DESC&$top=10
Select-MgProfile -Name "beta"
Connect-MgGraph -Scopes "AuditLog.Read.All","Directory.Read.All"
Write-Host "Getting NonInteractive User Sign ins"
Get-MgAuditLogSignIn -Filter "(signInEventTypes/any(t: t eq 'noninteractiveUser'))" -Sort "createdDateTime DESC"
DisConnect-MgGraph
Additional Links:
Using MS Graph to get both interactive and non-interactive sign in events log - 3rd party article detailing other Graph Queries.
MS Graph: Can Get-MgAuditLogSignIn get non interactive signins information - Within this thread, if you scroll to the answer provided by @mark daley , you'll find some more PS examples.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.