Is there any PowerShell script to get the Audit and Sign-in logs from Azure AD tenant via PowerShell or we can create a scheduled script to run on particular period in day or week?

Question

Is there any PowerShell script to get the Audit and Sign-in logs from Azure AD tenant via PowerShell or we can create a scheduled script to run on particular period in day or week?

Answer 1

Yes, you can utilize Azure AD PowerShell module to fetch Audit and Sign-in logs from Azure AD tenant. Below are the steps and a basic example of how you can do this:

---

To Get Audit and Sign-in Logs For Audit logs use the following snippet: (after you connect to Azure)

Get-AzureADAuditDirectoryLogs

For Sign-in logs, you may need to use AzureAD V2 module and the Get-AzureADSignInLogs cmdlet.

---

Schedule the script You can use Windows Task Scheduler to run your PowerShell script at a specific time of day or week. Here is an example script that gets today's audit logs and sign-in logs:

# Connect to Azure AD
Connect-AzureAD
# Get Today's date
$today = Get-Date
# Fetch Audit Logs
$auditLogs = Get-AzureADAuditDirectoryLogs -Filter "ActivityDateTime ge $today"
# Fetch Sign-in Logs (Requires AzureAD V2 module)
$signInLogs = Get-AzureADSignInLogs -Filter "CreatedDateTime ge $today"
# Process or Export logs as needed
$auditLogs | Export-Csv -Path "C:\Path\To\Export\AuditLogs.csv" -NoTypeInformation
$signInLogs | Export-Csv -Path "C:\Path\To\Export\SignInLogs.csv" -NoTypeInformation

Answer 2

HiVinod Survase,

Surely you can do it, You can create Automation acount and schedule it according to your need .

Get-AzureADAuditSignInLogs -All $true | Export-CSV -Path "C:\AzureADAuditSignInLogs.csv" -NoTypeInformation

https://morgantechspace.com/2021/11/export-azure-ad-sign-in-audit-logs-using-powershell.html

You can take a look at above link for more details.

Please Click "Accept as answer" if this helps.