Microsoft Graph service principle sign in

Question

Hello, I am working on a new analytics service for our company, and I need to retrieve sign-in data for both users and service principals. I am using the following URL: https://graph.microsoft.com/v1.0/auditLogs/signIns. However, I am only getting user sign-ins in the response. Could you please guide me on how to retrieve the sign-in data for service principals? I have attached the data from the portal that I would like to access via the API. Thank you.

Answer 1

Hi,

The Microsoft Graph API documentation does not provide specific guidance on retrieving sign-in data for service principals. It appears that the endpoint you are using (https://graph.microsoft.com/v1.0/auditLogs/signIns) primarily returns user sign-ins.

To retrieve sign-in data for service principals, you may need to ensure that your API request includes the necessary filters or parameters to include service principal sign-ins. Here are some steps you can try:

Check API Permissions: Ensure that your application has the necessary permissions to access sign-in data for service principals. You may need permissions such as AuditLog.Read.All or Directory.Read.All.

Use Filters: You can try using filters in your API request to specify that you want to include service principal sign-ins. For example:

   GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=appId eq 'your-service-principal-app-id'
   

1. Check Documentation: Refer to the Microsoft Graph API documentation for any additional parameters or filters that might be required to retrieve service principal sign-ins.

Please let us know if you have further questions

Kindly accept answer if it helps

Thanks
Deepanshu

Answer 2

Only user sign-ins are returned by default. For other types, you have to specifically "request" them, which you can do via a $filter query:

GET https://graph.microsoft.com/beta/auditLogs/signIns?$filter=signInEventTypes/any(x:x+eq+'servicePrincipal')