PowerShell command to see last login / activity for Service Principal and/or App Registration

Kenneth Huddleston 60 Reputation points

Is there a powershell method to view the last login for an Azure Service Principal or App registration? I know this can be done via the UI, just looking to pull it via powershell for reporting purposes.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,553 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 66,601 Reputation points MVP

    You will have to crawl the Audit logs for that, as SP objects do not expose the signInActivity property directly. Here's an example:

    Get-MgAuditLogSignIn -Filter "appid eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' and signInEventTypes/any(t:t eq 'servicePrincipal')" -Top 10 | select *

    where I'm filtering based on specific appID/client_ID value.