This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 47%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi! Relative to my last question : (Can you display last logon information on a AADJ laptop?) (quick summary: AADJ devices can't use the migration of the GPO "Display information about previous logons during user logon" as it displays "Security policies on this computer are set to show information about the last interactive sign-in, but Windows couldn't retrieve that information. Contact your network administrator for help." instead)
So my question is: do you have any idea for a way to display this information to the user, as a notification preferably, as required by ISO 27K? Sending an e-mail would also be an option if a notification is really not possible.
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Sage Mirror ,
There isn't a built-in way that I know of to do this, but one option would be to stream the Azure AD sign-in logs to Azure Monitor. Then you could create a Logic App that notifies users based on the lastSignInDateTime
Hi Sage Mirror
Azure Active Directory Joined (AADJ) devices don't have the ability to use the traditional GPO "Display information about previous logons during user logon." However, you can still achieve similar functionality by leveraging other Azure AD and Microsoft 365 capabilities.
You can create a solution to achieve this using Azure Functions, Logic Apps (like Marilee Turscak-MSFT mentioned) , and/or Power Automate, combined with Microsoft Graph API:
Azure AD Sign-ins: Azure AD provides sign-in logs that include information such as UserID, UserPrincipalName, Application, IP Address, Location, etc. This information is accessible via the Microsoft Graph API.
Azure Function: You can set up an Azure Function to periodically (or triggered by an event) pull the sign-in log information for a particular user using the Graph API. This function can parse the necessary information and prepare a message. The Azure Function could be triggered by a user's login event.
Microsoft Graph Notification: You could use Microsoft Graph notifications to deliver a notification to the user's device, this requires your application to have the necessary permissions and configurations to send notifications to user devices.
Email Alert: Similarly, you can use the Microsoft Graph API to send an email to the user with the last sign-in information.
Here's an example of a sign-ins request using Microsoft Graph API:
GET https://graph.microsoft.com/v1.0/auditLogs/signIns
Remember, you would need the necessary permissions to read sign-in logs.
This approach, however, requires custom development and may need regular maintenance based on the changes in the APIs and services.
As always, when you collect, process, or store any user data, make sure to comply with all relevant privacy laws and company policies.