How to extract the sign in logs details for all members of a particular group

Uzzaman, Hasan 0 Reputation points
2023-04-19T09:13:15.3933333+00:00

Hi could I please know how to extract the sign in logs for all members in Azure AD group. I have 1 group that contains 803 members. I was wondering how can I get sign in logs for all these members of this particular group

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,852 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 22,426 Reputation points Microsoft Employee
    2023-04-19T19:09:06.52+00:00

    Hi @Uzzaman, Hasan , to extract the sign-in logs for all members of a particular Azure AD group, you can use the Microsoft Graph API. Here's a step-by-step process:

    1. First, you need to obtain an access token for the Microsoft Graph API. Follow the instructions in the Microsoft Graph documentation to register an application and grant the necessary permissions.
    2. Next, query the group members using the Microsoft Graph API. Replace YOUR_GROUP_ID with the actual group ID: GET https://graph.microsoft.com/v1.0/groups/YOUR_GROUP_ID/members
    3. Parse the response to extract the user principal names (UPNs) or object IDs of the group members.
    4. For each user, query the sign-in logs using the Microsoft Graph API. Replace USER_UPN_OR_OBJECT_ID with the actual UPN or object ID of the user: GET https://graph.microsoft.com/beta/auditLogs/signIns?filter=userPrincipalName eq 'USER_UPN_OR_OBJECT_ID' Alternatively, you can filter by date range or other criteria as needed.
    5. Combine the sign-in logs for all users as required. Please note that you might need to handle pagination in the API responses if the number of group members or sign-in logs is large. Refer to the Microsoft Graph documentation for more information on handling pagination. Keep in mind that accessing sign-in logs requires an Azure Active Directory P1 or P2 license. Please let me know if you have any questions and I can help you further. If this answer helps you please mark it as "Verified" so other users can reference it. Thank you, James
    0 comments No comments