Yes, that's the expected behavior currently - both failed and successful attempts are returned. Microsoft is looking into providing a "success" timestamp in a future updated, no ETA yet though.
Graph API Users signInActivity returns RequestId of Failed Logins
I wonder if anyone has insights into this issue. I've using the Graph API to return a user's information including signInActivity. I've noticed that for some users, the lastSignInDateTime and lastSignInRequestId will be for a failed sign in log. I can see this the most for users whose accounts are actively being spammed with login attempts by malicous actors and Microsoft is started blocking the authentications. Any ideas of how I can get accurate signInActivity for my users? The signIns API is soooooo slow, so I'd like to avoid searching it if possible.
Here is an example of the API response
And here is what the sign-in request looks like.
2 answers
Sort by: Most helpful
-
-
Tony Morrow 0 Reputation points
2024-02-14T20:05:08.8933333+00:00 Looks like they are making progress. The beta API has new information in the signInActivity object which includes "lastSuccessfulSignInDateTime". Only issue now is response time. Adding signInActivity to the query takes 300-1000ms to return.