Yes, you can utilize Azure AD PowerShell module to fetch Audit and Sign-in logs from Azure AD tenant. Below are the steps and a basic example of how you can do this:
To Get Audit and Sign-in Logs For Audit logs use the following snippet: (after you connect to Azure)
Get-AzureADAuditDirectoryLogs
For Sign-in logs, you may need to use AzureAD V2 module and the Get-AzureADSignInLogs
cmdlet.
Schedule the script You can use Windows Task Scheduler to run your PowerShell script at a specific time of day or week. Here is an example script that gets today's audit logs and sign-in logs:
# Connect to Azure AD
Connect-AzureAD
# Get Today's date
$today = Get-Date
# Fetch Audit Logs
$auditLogs = Get-AzureADAuditDirectoryLogs -Filter "ActivityDateTime ge $today"
# Fetch Sign-in Logs (Requires AzureAD V2 module)
$signInLogs = Get-AzureADSignInLogs -Filter "CreatedDateTime ge $today"
# Process or Export logs as needed
$auditLogs | Export-Csv -Path "C:\Path\To\Export\AuditLogs.csv" -NoTypeInformation
$signInLogs | Export-Csv -Path "C:\Path\To\Export\SignInLogs.csv" -NoTypeInformation