PowerShell command to see last login / activity for Service Principal and/or App Registration

Kenneth Huddleston 145 Reputation points

Is there a powershell method to view the last login for an Azure Service Principal or App registration? I know this can be done via the UI, just looking to pull it via powershell for reporting purposes.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,180 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 98,516 Reputation points MVP

    You will have to crawl the Audit logs for that, as SP objects do not expose the signInActivity property directly. Here's an example:

    Get-MgAuditLogSignIn -Filter "appid eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' and signInEventTypes/any(t:t eq 'servicePrincipal')" -Top 10 | select *

    where I'm filtering based on specific appID/client_ID value.

    0 comments No comments