PowerShell command to see last login / activity for Service Principal and/or App Registration

Question

PowerShell command to see last login / activity for Service Principal and/or App Registration

Kenneth Huddleston 60

Is there a powershell method to view the last login for an Azure Service Principal or App registration? I know this can be done via the UI, just looking to pull it via powershell for reporting purposes.

Shweta Mathur 13,076 Reputation points Microsoft Employee

2023-03-06T08:15:19.9133333+00:00

Hi @Kenneth Huddleston ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks, Shweta

Shweta Mathur 13,076 Reputation points Microsoft Employee

2023-03-06T08:15:19.9133333+00:00

Hi @Kenneth Huddleston ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks, Shweta

Answer 1

You will have to crawl the Audit logs for that, as SP objects do not expose the signInActivity property directly. Here's an example:

Get-MgAuditLogSignIn -Filter "appid eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' and signInEventTypes/any(t:t eq 'servicePrincipal')" -Top 10 | select *

where I'm filtering based on specific appID/client_ID value.

PowerShell command to see last login / activity for Service Principal and/or App Registration

1 answer

Activity