PowerShell command to see last login / activity for Service Principal and/or App Registration

Kenneth Huddleston 145 Reputation points

Is there a powershell command that can be used to view the login activity for a Service Principal or App registration in Azure? Specifically, query the last login date for a service principal or app? I believe this can be done via the UI in the sign-in logs section of AAD. That being said, I would like to be able to pull this data from powershell.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,859 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,191 Reputation points Microsoft Employee

    Hi @Kenneth Huddleston ,

    Thanks for reaching out.

    Yes, it is possible to get the sign in activity details of application using PowerShell command:

    Get-AzureADAuditSignInLogs -Filter "appId eq 'xxx-d9f9-48b1-a8ad-xxx'" 
    Get-AzureADAuditSignInLogs -Filter "appDisplayName eq 'myApp'"

    To query the last login date of application can be filter using

    Get-AzureADAuditSignInLogs -Filter "appDisplayName eq 'myApp'" | Select-Object -First 1 | Format-List

    To run these commands, you need to install AzureAD Preview first

    Install-Module AzureADPreview

    and need to connect with your Azure AD tenant using


    Reference: https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadauditsigninlogs?view=azureadps-2.0-preview#example-2-get-sign-in-logs-for-a-user-or-application

    To get the sign in details of service principal, you need to get it using Audit logs

    Get-MgAuditLogSignIn -Filter "appid eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' and signInEventTypes/any(t:t eq 'servicePrincipal')"

    Reference: https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadauditdirectorylogs?view=azureadps-2.0-preview

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments