Microsoft Graph beta api for sign in filter

Question

Microsoft Graph beta api for sign in filter

Maria Valek 80

Hi All,

I have a requirement to extract non interactive signing from Microsoft graph for specific apps. I am using beta version as non interactive sign ins can only obtained through beta.

I am, however, facing an issue with the filters. It seems the API takes the first filter in the URL and uses that, ignoring the second or third one. Now I am aware there are limitations with the filter but I cannot find a comprehensive information that would enable me to understand.

This is the API I am using:

/beta/auditLogs/signins?&$filter=(signInEventTypes/any(t:+t+eq+'nonInteractiveUser'))&$startsWith(appDisplayName,'XYZ')&$createdDateTime+gt+timestamp (timestamp is dynamic for utcnow minus x hours)

Running this one searches for all noninteractive ones but ignores the app (not sure about the date). Due to the volume of data it eventually gets throttled.

If i run one where filter for appdisplayname is first in the api, it returns only interactive signing(ignoring the filter for noninteractive), which I guess is a default behaviour.

Is there anything that I can do or amend in the API to obtain the data I need?

Thank you.

Accepted answer

0 additional answers

Your answer

Answer 1

Hi @Maria Valek

Good afternoon and thank you for your question. You are correct and as I can see also, the nonInteractiveUsers under signInEventTypes is only accessible on beta and not available on v1.0.

I also reproduce this on my end and three below is not filtering the second/third part:

/beta/auditLogs/signins?&$filter=(signInEventTypes/any(t:+t+eq+'nonInteractiveUser'))&$startsWith(appDisplayName,'Graph Explorer')&$createdDateTime+gt+timestamp

/beta/auditLogs/signins?&$filter=(signInEventTypes/any(t:+t+eq+'nonInteractiveUser'))&$startsWith(appDisplayName, 'Graph Explorer') - Not working

/beta/auditLogs/signins?&$filter=(signInEventTypes/any(t:+t+eq+'nonInteractiveUser'))&$createdDateTime+gt+timestamp

I used the sample under the beta article of signIns and I was able to query it using $filter, $orderBy and $top.

https://graph.microsoft.com/beta/auditLogs/signins?&$filter=(signInEventTypes/any(t: t ne 'interactiveUser'))&$orderBy=createdDateTime DESC&$top=10

Although according to the optional query parameters:

This methods support the $top, $skiptoken and $filter OData query parameters to help customize the response.

I think the article needs to be update in what optional query it supports. There are two options:

1 - Create a ticket so that our support can submit feedback on the page.

2 - You can use the Submit and view feedback for the page on the lowest part of the article. GitHub sign-in will be required.

If I answered your question, please upvote and accept it as answer. Thank you and have a great day!

Maria Valek 80 Reputation points

2023-07-27T07:58:56.5966667+00:00

Hi, Thank you for your response.

So, there is no way I can get the data I need? I presume not.

If this is beta version, is this likely to be improved in the future?
msft-gu 1,355 Reputation points

2023-07-29T00:01:51.9466667+00:00

Hi @Maria Valek

Yes, not as of the moment.

Yes, there are beta versions of the API that are improved and release as v1.0. To add, if our developers receive multiple feedback and improvement for a specific feature, there is a high possibility that it will be deployed or implemented.

I hope I was able to answer your question but please let me know if you have any clarifications. Hope you have a good weekend! 😊
Maria Valek 80 Reputation points

2023-07-31T08:24:22.4633333+00:00

Thank you :)

Share via

Microsoft Graph beta api for sign in filter

0 additional answers

Your answer