MS Graph: Can Get-MgAuditLogSignIn get non interactive signins information?

Matheus Sonego 26 Reputation points

I need to track logins, when using Get-MgAuditLogSignIn I only get information about the interactive logins. When trying to filter "isInteractive" as false I get a empty report. Is there a way to get the Non Interactive signins?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,397 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,590 questions
0 comments No comments
{count} votes

Accepted answer
  1. JanardhanaVedham-MSFT 3,536 Reputation points

    Hi @Matheus Sonego ,

    Please note that Get-MgAuditLogSignIn MS Graph PowerShell SDK command uses List signIns Graph API in the background. ** Currently this List signIns API retrieves the Azure AD user sign-ins for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs.** Hence this List signIns API or MS Graph PowerShell SDK command is not returning non-interactive user signins data.


    However upon my further research, there is "Sign-in logs" option available under "Monitoring" section of Azure Active Directory as you can see below and I could see both interactive and non-interactive user signin logs information. Also , we do have the options such as filters and download report in Azure AD portal. You can also review the same and see if it's useful to you.


    If the answer is helpful to you, please click "Accept Answer" and kindly upvote it. If you have additional questions about this answer, please click "Comment".

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. Johnny Stenberg 15 Reputation points

    You could use the following....

    Connect-MgGraph -Scopes AuditLog.Read.All

    Select-MgProfile -Name Beta

    $Filter = "(signInEventTypes/any(t: t ne 'interactiveUser'))"

    Get-MgAuditLogSignIn -Filter $Filter -all

    2 people found this answer helpful.
    0 comments No comments

  2. mark daley 6 Reputation points


    Non-interactive signins are available via the Graph BETA API. They have not yet been published to Graph v1.0

    Using the Powershell Graph Module Microsoft.Graph.Users you can retrieve the non-interactive Sign-in via the signinactivity property.

    Select-MgProfile beta
    Connect-MgGraph -Scopes AuditLog.Read.All, Organization.Read.All
    Get-MgUser -UserId {objectid} -Property signinactivity | Select-Object -ExpandProperty SignInActivity

    Note: You must use the Azure ObjectID of the account not the UPN.

    1 person found this answer helpful.

  3. Matheus Sonego 26 Reputation points

    Hm, so there are no ways to download the non interactive signins from MS Graph? I previously used the Azure Active Directory, but it is limited to 100.000 registers, that gives me only the timespan of one day each time I download the report. I would have to do it too many times, since I need about 3 months of data at least.

    Thank you for your help!

  4. Andrew 36 Reputation points

    I've created PowerShell function Get-AzureAuditAggregatedSignInEvent hosted at PS: needs module Microsoft.Graph.Intune to work

    0 comments No comments