Friday, January 28, 2022

Pass List of users and get Azure AD Signin logs

 Pass List of users and get Azure AD Signin logs. You can loop through AD users in case of no list of users to pass. Note that this gives logs for last 30 days and if you want previous logs then need to get from Security Centre Audit Logs.


Connect-AzureAD

$Headers = "Email`tInteractive`tLastLogon" >><folderpath>\ADUsersSignIns.csv


#$SetDate = (Get-Date).AddDays(-1);

#$SetDate = Get-Date($SetDate) -format yyyy-MM-dd 


foreach($line in Get-Content <folderpath>\ADUsers.txt) 

    {

     $UPN = $line

     try

     {

     #$LoginTime = Get-AzureAdAuditSigninLogs -filter "userprincipalname eq '$UPN' and createdDateTime gt 2022-01-21T00:30:00.0Z" -top 1 | select CreatedDateTime, UserPrincipalName, IsInteractive

     $LoginTime = Get-AzureAdAuditSigninLogs -filter "userprincipalname eq '$UPN'" -top 1 | select CreatedDateTime, UserPrincipalName, IsInteractive

     $NewLine = $UPN + "`t" + $LoginTime.IsInteractive + "`t" + $LoginTime.CreatedDateTime

     $NewLine >><folderpath>\ADUsersSignIns.csv

     }

     catch{

     $NewLine = $UPN + "`t" + "" + "`t" + "Too Many Requests"

     $NewLine >><folderpath>\ADUsersSignIns.csv


     }

    

    }