Getting a list of all users last login status and date based on a criteria on AzureAD

Question

Hi!
I don't know if this is the correct place to post this question, but I can't seem to find a way to do this in a elegant way.

The use case is this:
I create a group of users using PowerShell from CSV formatted for the occasion, and then mail merge their temporary passwords into an email.
This is for an online only adult IT lessons, so we are speaking of people that will struggle with mandatory MFA or even with just the concept of using the username and password we sent them, so I have to check if users have tried to log in during the days after the user creation and prior to their first session.
This is OK, for now as our cohorts are 30/40 people and I can check the 0365 admin centre, but at the rate of growth, it will become unfeasible (I already had a bit of trouble with the last cohort of around 40ish users).

I've thought have telling people to let me know if they were able to login, as a sort of virtual hello and present! kind of deal, but getting people to read their emails is too much sometimes.
So i need a command that tells what the login status of users, bonus if I can get something that does a "For-each" based on the list on the original CSV.

Another possibility is something that tells me the login status based on the group, as they are all added to the same course group on creation, or based on a piece of info, like for example, I tag them by defining the State (as in location, I am based on the UK so that field is basically free real estate and it has come in sue for filtering) with something like Front305.
Any suggestions?

Answer 1

Hello anonymous user, you can use MS Graph List signIns operation. Records will be returned only for users that have logged in at least once. You can check the status property to get more information in case of an error.

Below you will find some samples:

Get latest sign in by user id:

https://graph.microsoft.com/v1.0/auditLogs/signins?$top=1&$filter=userId eq '<USER OBJECT ID>'

Get latest sign in by user upn:

https://graph.microsoft.com/v1.0/auditLogs/signins?$top=1&$filter=userPrincipalName eq '<USER UPN>'

Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.

Answer 2

I was interested in the cmdlets, but this might help.

Answer 3

I have stumbled my way into making a script, with lots of help, now I am just missing a piece, which is to filter out users that have not logged in yet, as in have no data in the LastSignInDateTime field:

param($path="$PSScriptRoot\reports",$pwdnochangedindays = 480)  
cd $path  

Start-transcript  
$cohort = read-host "Enter cohort to audited"  
# $notlogged = "| where-object {$_.LastSignInDate -ne $null}""  


Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Directory.AccessAsUser.All","User.Read.All","AuditLog.Read.All"   
Select-MgProfile -Name beta  

$MSGProps = @(  
    'id'  
    'displayName'  
    'CompanyName'  
    'State'  
    'OfficeLocation'  
    'department'  
    'signInActivity'  
    'userPrincipalName'  
    'userType'  
    'createdDateTime'  
    'accountEnabled'  
    'passwordPolicies'  
    'mail'  
    'lastPasswordChangeDateTime'  
    'OtherMails'  
    )  

$MSGSplat = @{  
    Filter = "userType eq 'Member' and AccountEnabled eq true and startsWith(State, '$cohort')"  
    all  = $true  
    Property = $MSGProps  
    }  

$MSGUser = Get-MgUser @MSGSplat  
$Results = Foreach ($SingleMSG in $MSGUser)  
    {  
    [pscustomobject]@{  
        Id                 = $SingleMSG.id  
        DisplayName        = $SingleMSG.displayName  
        CompanyName        = $SingleMSG.CompanyName  
        State              = $SingleMSG.State  
        OfficeLocation     = $SingleMSG.OfficeLocation  
        Department         = $SingleMSG.department  
        UserPrinciple      = $SingleMSG.userPrincipalName  
        UserType           = $SingleMSG.userType  
        Created            = $SingleMSG.createdDateTime  
        Enabled            = $SingleMSG.accountEnabled  
        Mail               = $SingleMSG.mail  
        PasswordChange     = $SingleMSG.lastPasswordChangeDateTime  
        PasswordPolicy     = $SingleMSG.passwordPolicies  
        LastSignInDate     = $SingleMSG.signInActivity.LastSignInDateTime   
        LastNonInteractive = $SingleMSG.signInActivity.LastNonInteractiveSignInDateTime  
        OtherMails = $SingleMSG | select-object -expand OtherMails  
        }  
    }  

$Results | Export-Csv -path  "$path\aad_user_report_$((Get-Date -format "dd-MMM-yyyy"))_$cohort.csv" -notypeinformation  
write-host "Report can be found here $path"  
Stop-transcript  

# Based on chadmcox create-AADMGUserReport.ps1   
# https://www.reddit.com/r/PowerShell/comments/vlrvca/expandproperty_csv_exporting_and_general_noobness/  
# https://www.reddit.com/r/PowerShell/comments/vi8rcv/getting_a_list_of_all_users_last_login_status_and/  

No idea how to do that, I have tried to add

$results | where-object {$_.LastSignInDate -ne $null} | Export-Csv -path "$path\aad_user_report_$((Get-Date -format "dd-MMM-yyyy"))_$cohort.csv" -notypeinformation

to the export oart of it , but no results from that.

Any suggestions?