Hi,
Pulling my hair out with this one a little as I can't seem to figure out where I'm going wrong. I'm pulling together some details for our Azure AD Registered Android devices and using that info to look up the device owner - all working just fine. I'm using client secret to get token (code not shown)
I'd like to be able to check Azure AD sign-in logs for any given user to check if they have any non-interactive sign-ins but I just can't seem to wrap my head round it. No matter than I've tried with the $filter options I always seem to get a 1000 results and its a mixture of all users.
Starting simple I'm trying to return just logs for a specific user - doesn't work
[uri]$uriSignins = "https://graph.microsoft.com/v1.0/auditLogs/signIns?&$filter=(userPrincipalName eq 'username@mydomain.com')"
$resSignins = Invoke-RestMethod -Method Get -Uri $uriSignins.AbsoluteUri -Headers @{Authorization = "Bearer $($Token)"}
$resSignins.value
Trying example 2 from this MS page, https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http, also does work - just returns 1000 results despite the filter mentioning just the top 10.
I've also tried example 3 from ms page, https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-beta&tabs=http, using beta to return non-interactive sign ins - same happens. No filtering applied and Invoke-RestMethod just give me 1000 results.
Can anyone guide me in the right direction and point our where I'm going wrong?