How to extract the sign in logs details for all members of a particular group

Question

Hi could I please know how to extract the sign in logs for all members in Azure AD group. I have 1 group that contains 803 members. I was wondering how can I get sign in logs for all these members of this particular group

Answer 1

Hi @Uzzaman, Hasan , to extract the sign-in logs for all members of a particular Azure AD group, you can use the Microsoft Graph API. Here's a step-by-step process:

1. First, you need to obtain an access token for the Microsoft Graph API. Follow the instructions in the Microsoft Graph documentation to register an application and grant the necessary permissions.
2. Next, query the group members using the Microsoft Graph API. Replace YOUR_GROUP_ID with the actual group ID: GET https://graph.microsoft.com/v1.0/groups/YOUR_GROUP_ID/members
3. Parse the response to extract the user principal names (UPNs) or object IDs of the group members.
4. For each user, query the sign-in logs using the Microsoft Graph API. Replace USER_UPN_OR_OBJECT_ID with the actual UPN or object ID of the user: GET https://graph.microsoft.com/beta/auditLogs/signIns?filter=userPrincipalName eq 'USER_UPN_OR_OBJECT_ID' Alternatively, you can filter by date range or other criteria as needed.
5. Combine the sign-in logs for all users as required. Please note that you might need to handle pagination in the API responses if the number of group members or sign-in logs is large. Refer to the Microsoft Graph documentation for more information on handling pagination. Keep in mind that accessing sign-in logs requires an Azure Active Directory P1 or P2 license. Please let me know if you have any questions and I can help you further. If this answer helps you please mark it as "Verified" so other users can reference it. Thank you, James