How to get "Last Non-Interactive Sign-in" for a guest users in Entra ID using power shell ?

Abhi Patel 0 Reputation points
2024-03-21T02:13:05.09+00:00

Hello Folk,

Currently I am working on a script which remove Guest user if they don't sing in in last 6 months. I can filtered out those users who didn't logged in in last 6 months and created 2 years ago. But this filter works on 'Last Interactive Sign-in'.

Also, I notice that some guest users Last Interactive Sign-ins are more than 6 months old but they have Last Non-Interactive Sign-in recently. That means my current script filter those guest users as well who has recent Last Non-Interactive Sign-ins (but interactive sign ins are too old), and I don't want that.

So, that means those guest users still user their Azure account through Non-interactive sign in, and removing them is not my purpose.

If you see attached photo, this user has recent Non-interactive sign in but Interactive sign-in is in Nov 2020, and my script shows this user as well to remove or disable account.

So, my question is: How to get Last Non-interactive sign in for a user in Entra ID ?

Help would be highly appreciated.

Many thanks in advance.
Screenshot 2024-03-21 122613

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,325 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 27,491 Reputation points Microsoft Employee
    2024-03-21T10:15:58.49+00:00

    @Abhi Patel Thank you for reaching out to us, As I understand you are looking to get non interactive sign in logs via PowerShell.

    Non-interactive signins are available via the Graph BETA API. They have not yet been published to Graph v1.0

    Using the PowerShell Graph Module Microsoft.Graph.Users you can retrieve the non-interactive Sign-in via the signinactivity property.

    Reference:

    https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-beta&tabs=http

    Also, similar ask has been discussed here - https://learn.microsoft.com/en-us/answers/questions/837979/ms-graph-can-get-mgauditlogsignin-get-non-interact more details on the cmdlet can be found from this QnA post.

    You can leverage this tool as well for any tasks which you want PowerShell reference, which is developed by our PM's - https://graphxray.merill.net/

    Graph X-Ray lets you view the Graph API and PowerShell log of actions taken in the Azure Active Directory and Intune portal.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.