This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 15%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
I am trying to get the last login of the users in my tenant as well as what service (Outlook / Sharepoint / etc) they used to log in.
I've ran a few scripts that give me results but nothing that I really need.
I am looking for a script (or a set of cmdlets) that would output me a CSV that would look something like this
Column A = UPN
Column B = Last Login
Column C = What they used to log in (Outlook / Sharepoint / Teams)
I'm wondering if there is a way directly in Azure AD to do this or if it is something I would need to run in Powershell?
Thank you very much in advance!
Hi,
You can explore the Get-AzureADSigninLogs CMDlet check out over here Get-AzureADAuditSignInLogs.md and here
Hope this helps.
JS
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
I am going to have a look at this tonight and do a few tests.
If I need help I will surely post back.
Thanks again! :)
Hello again,
I reviewed the docs and I'm fairly certain I have everything OK in terms of the script but I cannot get a cmdlet to work. I'm a little unsure why I am pretty sure I installed the correct modules.
I keep getting the below error.
Get-AzureADAuditSignInLogs : The term 'Get-AzureADAuditSignInLogs' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
path is correct and try again.
I tried using this to bypass the error
Install-Module AzureADPreview -AllowClobber -Force
and
Install-Module AzureADPreview
Nothing works I'm a bit lost.
This is my script, my column A has the header UserPrincipalName
$file = Import-Csv -Path "My_file_with_usernames.csv" -delimiter ","
foreach ($employee in $file) {
Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$User'" -Top 1 | `
select CreatedDateTime, UserPrincipalName, IsInteractive, AppDisplayName, IpAddress, TokenIssuerType, @{Name = 'DeviceOS'; Expression = {$_.DeviceDetail.OperatingSystem}}
#write data to file
$userData += $OutputData;
$userData | Export-csv -path C:\Path-to-my-CSV -Append -Encoding UTF8
}
The purpose of this script is to go take everyone from Column A in my CSV (UserPrincipalName) and get the following info
Lastlogindate
Interactive login or not
What IP they are logging in from
What application they logged in from
OS
Does this look correct? Thank you VERY much again!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 88%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZC%3C/text%3E%3C/svg%3E)
Are you missing the below line?
Import-Module AzureADPreview
Also you are using $employee in your foreach loop, however I cannot see where it is being used. Should this be replaced by $user?
Hello,
I ran the line
Import-Module AzureADPreview
But I still get the same issue
Get-AzureADAuditSignInLogs : The term 'Get-AzureADAuditSignInLogs' is not recognized as the name of a cmdlet
Any ideas?
Is there any other way of getting this kind of output without using Get-AzureADAuditSignInLogs cmdlet?
I'm at a bit of a loss
I also tried this with no success
AzureADPreview\Connect-AzureAD
Hi Anthony,
Did you uninstalled previous version of the module and installed the preview module? If yes and you still have same issue I will suggest you to log a call with Microsoft
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.
I think I might have found the issue but I don't know how to correct it
When I run
Get-Module AzureADPreview
It does not return any version
But when I run
Install-Module AzureADPreview
It just skips to the next line
I'm running these commands on a powershell that has administrative rights
When I run the installer with the verbose command I get the following (Install-module AzureADPreview -Verbose)
VERBOSE: Using the provider 'PowerShellGet' for searching packages.
VERBOSE: The -Repository parameter was not specified. PowerShellGet will use all of the registered repositories.
VERBOSE: Getting the provider object for the PackageManagement Provider 'NuGet'.
VERBOSE: The specified Location is 'https://www.powershellgallery.com/api/v2' and PackageManagementProvider is 'NuGet'.
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='AzureADPreview'' for ''.
VERBOSE: Total package yield:'1' for the specified package 'AzureADPreview'.
VERBOSE: Skipping installed module AzureADPreview 2.0.2.149.
Just for reference here is my PSversion
Name Value
---- -----
PSVersion 5.1.22000.832
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22000.832
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I also have PS V7 installed on my machine and when I run the command rom PS7 I get the following output
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
VERBOSE: The installation scope is specified to be 'CurrentUser'.
VERBOSE: The specified module will be installed in 'C:\Users\Me\Documents\PowerShell\Modules'.
VERBOSE: Version '2.0.2.149' of module 'AzureADPreview' is already installed at 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\2.0.2.149'.
Name Value
---- -----
PSVersion 7.2.7
PSEdition Core
GitCommitId 7.2.7
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Thanks!
Hello, I got past the AzureAD error
But now I am getting this error
Get-AzureADAuditSignInLogs : Error occurred while executing GetAuditSignInLogs
Code: UnknownError
Message: Too Many Requests
InnerError:
RequestId: 224647ce-a92e-46c4-b20a-525835e42c82
DateTimeStamp: Tue, 01 Nov 2022 19:41:14 GMT
HttpStatusCode: 429
HttpStatusDescription:
My script looks like this (am I doing something wrong)?
$file = Import-Csv -Path "TEST-UPN-LIST.csv" -delimiter ","
foreach ($user in $file) {
Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$User'" -Top 1 | `Export-csv -path .\Test.csv -Append -Encoding UTF8
select CreatedDateTime, UserPrincipalName, IsInteractive, AppDisplayName, IpAddress, TokenIssuerType, @{Name = 'DeviceOS'; Expression = {$_.DeviceDetail.OperatingSystem}}
}
Does this look right? Why would I be getting too many requests?
Is there any way around this?
Anyone have any ideas?
I'm at a bit of a loss.
If I'm going about this all wrong I'm open to any other suggestion / way of doing this
Basically, going back to my original post all I really want is to be able to have a script that will look at my CSV file that has my users in column A under the header UserPrincipalName and output it to a CSV file that has
Column A = Username
Column B = Last sign in date
Column C = What application they used
I'm really in need of some help here
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 28.000000000000004%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
this is because there have an other module in your OS, it is AzureAD. You can uninstall the AzureAD model from your OS or the session.
remove the AzureAD module, then you can find another world.
Hello @Anthony ,
I was able to dig through this and found desired results. Kindly try the following script:
CLS; $StartDate = (Get-Date).AddDays(-2); $StartDate = Get-Date($StartDate) -format yyyy-MM-dd
Write-Host "Fetching data from Azure Active Directory..."
$Records = Get-AzureADAuditSignInLogs -Filter "createdDateTime gt $StartDate" -all:$True
$Report = [System.Collections.Generic.List[Object]]::new()
ForEach ($Rec in $Records) {
Switch ($Rec.Status.ErrorCode) {
"0" {$Status = "Success"}
default {$Status = $Rec.Status.FailureReason}
}
$ReportLine = [PSCustomObject] @{
TimeStamp = Get-Date($Rec.CreatedDateTime) -format g
User = $Rec.UserPrincipalName
Name = $Rec.UserDisplayName
IPAddress = $Rec.IpAddress
ClientApp = $Rec.ClientAppUsed
Device = $Rec.DeviceDetail.OperatingSystem
Location = $Rec.Location.City + ", " + $Rec.Location.State + ", " + $Rec.Location.CountryOrRegion
Appname = $Rec.AppDisplayName
Resource = $Rec.ResourceDisplayName
Status = $Status
Correlation = $Rec.CorrelationId
Interactive = $Rec.IsInteractive }
$Report.Add($ReportLine) }
Write-Host $Report.Count "sign-in audit records processed."
$Report| Format-Table -AutoSize
$Report |Export-Csv -Path 'SignReport2.csv'
The output in PS console would look like this:
The output in Excel would look like this:
Please do let me know if you have any queries in the comments section.
Thanks,
Akshay Kaushik
Please "Accept the answer" and "Upvote" if the suggestion works as per your business need. This will help us and others in the community as well.
Hello @Anthony ,
Hope you got a chance to review the above response. Please do let me know if you have any further questions. Please "Accept the answer" and "Upvote" if the suggestion works as per your business need. This will help us and others in the community as well.
Thanks,
Akshay Kaushik