Hi @Kenneth Huddleston ,
Thanks for reaching out.
Yes, it is possible to get the sign in activity details of application using PowerShell command:
Get-AzureADAuditSignInLogs -Filter "appId eq 'xxx-d9f9-48b1-a8ad-xxx'"
Get-AzureADAuditSignInLogs -Filter "appDisplayName eq 'myApp'"
To query the last login date of application can be filter using
Get-AzureADAuditSignInLogs -Filter "appDisplayName eq 'myApp'" | Select-Object -First 1 | Format-List
To run these commands, you need to install AzureAD Preview first
Install-Module AzureADPreview
and need to connect with your Azure AD tenant using
Connect-AzureAD
To get the sign in details of service principal, you need to get it using Audit logs
Get-MgAuditLogSignIn -Filter "appid eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' and signInEventTypes/any(t:t eq 'servicePrincipal')"
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.