Non-interactive sign-ins logs with PowerShell

PT Maliborski 266 Reputation points

Hi Everyone,

Hybrid environment in the production/manufacturing area.
Around 250 (and growing) production employees get Azure AD online only account with F1 license and access to MS Teams only.
Initial authentication with conditional access (authenticator app + SMS/text message)

Request was made to check/monitor - monthly - how many employees actually logged on to MS Teams on their mobile phones.


I can filter those employees as they have specific AAD group with group licensing - so I have the list of users.
Going through these accounts in the AAD portal I've noticed:

  • some employees never signed in;
  • those that signed in are only visible in the Non-interactive sign-in (I understand this is because they use MS Teams app - not a computer). Initial sign-in was with Authenticator app/SMS, but as logs are only kept for 30 days, those are not visible in Interactive sign-ins.

Help required:

I've tried using Get-AzureADAuditSignInLogs but that only works with Internactive sign-ins (I confirmed this with this week logs - AAD portal shows recent login but Get-AzureADAuditSignInLogs doesn't).
I don't really want to go through 250 users to check each for sign-in logs LOL

Maybe someone had such a case?
Ideally exporting those with PS would be nice but I can't find anything for Non-interactive sign-ins.

Or maybe there is some other solution I could use in that case?
Any help appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,559 questions
0 comments No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,541 Reputation points Microsoft Employee

    @PT Maliborski
    Thank you for the detailed post and I apologize for the delayed response!


    • You have a requirement to check and monitor how many employees log into the Microsoft Teams App using their mobile phones on a monthly basis.
    • When using the Get-AzureADAuditSignInLogs PowerShell command, only interactive sign-ins are returned.

    When it comes to viewing the non-interactive sign-ins, you should be able to do this via the Microsoft Graph List signIns Beta API, or the Get-MgAuditLogSignIn PowerShell Graph Module.

    Microsoft Graph List signIns Beta API:

    #Retrieve the first 10 sign-ins where the signInEventType is not interactiveUser starting with the latest sign-in  
    GET$filter=(signInEventTypes/any(t: t ne 'interactiveUser'))&$orderBy=createdDateTime DESC&$top=10  


    Select-MgProfile -Name "beta"  
    Connect-MgGraph -Scopes "AuditLog.Read.All","Directory.Read.All"  
    Write-Host "Getting NonInteractive User Sign ins"  
    Get-MgAuditLogSignIn -Filter "(signInEventTypes/any(t: t eq 'noninteractiveUser'))" -Sort "createdDateTime DESC"  

    Additional Links:
    Using MS Graph to get both interactive and non-interactive sign in events log - 3rd party article detailing other Graph Queries.
    MS Graph: Can Get-MgAuditLogSignIn get non interactive signins information - Within this thread, if you scroll to the answer provided by @mark daley , you'll find some more PS examples.

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 additional answers

Sort by: Most helpful