Graph API Users signInActivity returns RequestId of Failed Logins

Tony Morrow 0 Reputation points
2023-11-09T18:43:36.47+00:00

I wonder if anyone has insights into this issue. I've using the Graph API to return a user's information including signInActivity. I've noticed that for some users, the lastSignInDateTime and lastSignInRequestId will be for a failed sign in log. I can see this the most for users whose accounts are actively being spammed with login attempts by malicous actors and Microsoft is started blocking the authentications. Any ideas of how I can get accurate signInActivity for my users? The signIns API is soooooo slow, so I'd like to avoid searching it if possible.

Here is an example of the API response

User's image

And here is what the sign-in request looks like.

User's image

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,998 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 113.2K Reputation points MVP
    2023-11-10T07:45:42.6133333+00:00

    Yes, that's the expected behavior currently - both failed and successful attempts are returned. Microsoft is looking into providing a "success" timestamp in a future updated, no ETA yet though.


  2. Tony Morrow 0 Reputation points
    2024-02-14T20:05:08.8933333+00:00

    Looks like they are making progress. The beta API has new information in the signInActivity object which includes "lastSuccessfulSignInDateTime". Only issue now is response time. Adding signInActivity to the query takes 300-1000ms to return. User's image

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.