This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I am trying to get the last login of the users in my tenant as well as what service (Outlook / Sharepoint / etc) they used to log in.
I've ran a few scripts that give me results but nothing that I really need.
I am looking for a script (or a set of cmdlets) that would output me a CSV that would look something like this
Column A = UPN
Column B = Last Login
Column C = What they used to log in (Outlook / Sharepoint / Teams)
I'm wondering if there is a way directly in Azure AD to do this or if it is something I would need to run in Powershell?
Thank you very much in advance!
Hi,
You can explore the Get-AzureADSigninLogs CMDlet check out over here Get-AzureADAuditSignInLogs.md and here
Hope this helps.
JS
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
I am going to have a look at this tonight and do a few tests.
If I need help I will surely post back.
Thanks again! :)
Hello again,
I reviewed the docs and I'm fairly certain I have everything OK in terms of the script but I cannot get a cmdlet to work. I'm a little unsure why I am pretty sure I installed the correct modules.
I keep getting the below error.
Get-AzureADAuditSignInLogs : The term 'Get-AzureADAuditSignInLogs' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
path is correct and try again.
I tried using this to bypass the error
Install-Module AzureADPreview -AllowClobber -Force
and
Install-Module AzureADPreview
Nothing works I'm a bit lost.
This is my script, my column A has the header UserPrincipalName
$file = Import-Csv -Path "My_file_with_usernames.csv" -delimiter ","
foreach ($employee in $file) {
Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$User'" -Top 1 | `
select CreatedDateTime, UserPrincipalName, IsInteractive, AppDisplayName, IpAddress, TokenIssuerType, @{Name = 'DeviceOS'; Expression = {$_.DeviceDetail.OperatingSystem}}
#write data to file
$userData += $OutputData;
$userData | Export-csv -path C:\Path-to-my-CSV -Append -Encoding UTF8
}
The purpose of this script is to go take everyone from Column A in my CSV (UserPrincipalName) and get the following info
Lastlogindate
Interactive login or not
What IP they are logging in from
What application they logged in from
OS
Does this look correct? Thank you VERY much again!
Are you missing the below line?
Import-Module AzureADPreview
Also you are using $employee in your foreach loop, however I cannot see where it is being used. Should this be replaced by $user?
Hello,
I ran the line
Import-Module AzureADPreview
But I still get the same issue
Get-AzureADAuditSignInLogs : The term 'Get-AzureADAuditSignInLogs' is not recognized as the name of a cmdlet
Any ideas?
Is there any other way of getting this kind of output without using Get-AzureADAuditSignInLogs cmdlet?
I'm at a bit of a loss
I also tried this with no success
AzureADPreview\Connect-AzureAD
Hi Anthony,
Did you uninstalled previous version of the module and installed the preview module? If yes and you still have same issue I will suggest you to log a call with Microsoft
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.
I think I might have found the issue but I don't know how to correct it
When I run
Get-Module AzureADPreview
It does not return any version
But when I run
Install-Module AzureADPreview
It just skips to the next line
I'm running these commands on a powershell that has administrative rights
When I run the installer with the verbose command I get the following (Install-module AzureADPreview -Verbose)
VERBOSE: Using the provider 'PowerShellGet' for searching packages.
VERBOSE: The -Repository parameter was not specified. PowerShellGet will use all of the registered repositories.
VERBOSE: Getting the provider object for the PackageManagement Provider 'NuGet'.
VERBOSE: The specified Location is 'https://www.powershellgallery.com/api/v2' and PackageManagementProvider is 'NuGet'.
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='AzureADPreview'' for ''.
VERBOSE: Total package yield:'1' for the specified package 'AzureADPreview'.
VERBOSE: Skipping installed module AzureADPreview 2.0.2.149.
Just for reference here is my PSversion
Name Value
---- -----
PSVersion 5.1.22000.832
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22000.832
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I also have PS V7 installed on my machine and when I run the command rom PS7 I get the following output
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
VERBOSE: The installation scope is specified to be 'CurrentUser'.
VERBOSE: The specified module will be installed in 'C:\Users\Me\Documents\PowerShell\Modules'.
VERBOSE: Version '2.0.2.149' of module 'AzureADPreview' is already installed at 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\2.0.2.149'.
Name Value
---- -----
PSVersion 7.2.7
PSEdition Core
GitCommitId 7.2.7
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Thanks!