Display any user from AzureAD signin logs that used a device not registered/joined in our environment

Phil Crombie 0 Reputation points
2023-03-22T10:59:52.2133333+00:00

Im trying to identify users with BYOD devices accessing corporate resources. Currently we have no byod controls and would like to see who and which devices are connecting.
I thought something like this may work
https://graph.microsoft.com/beta/auditLogs/signIns?$top=100&$filter=deviceDetail/isManaged eq false&$select=userDisplayName,deviceDetail/operatingSystem,deviceDetail/isManaged

But get an error saying "Bad request , select options not supported".
Im new to this so struggle a bit when it goes wrong. Can anyone help, oh and is there any way I can get this into Excel?
Thanks in advance
:)

PS used ps to do this but obvs they are registered and I want to find those that we dont know about if that makes sense lol
Get-AzureADDevice -All $true -Filter "IsManaged eq false and AccountEnabled eq true" | ft displayname, objectType, accountenabled,deviceostype,ismanaged,profiletype, ApproximateLastLogonTimeStamp -AutoSize

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,867 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 104K Reputation points MVP
    2023-03-22T11:08:40.55+00:00

    Try this for the query:

    https://graph.microsoft.com/v1.0/auditLogs/signIns?$top=100&$filter=deviceDetail/isManaged+eq+false

    Should work in both /beta and /v1.0.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.