Graph API via PowerShell: Find Sign In Logs for Specific user and time

Scenario: You want to use Graph API to query the SignIn logs.

Scriptlet:
Notes:
1. It performs a get-accesstoken function which can be found and loaded from this blog: Get an Access Token for Graph API via PowerShell – Ex-Shell


#Sign-In Logs Varaibles, edit below:
$Start = "2021-10-01"
$End = "2021-10-05"
$appuri = "https://graph.microsoft.com/v1.0/auditlogs/signIns?$('$filter')=(userprincipalname eq 'steveman@superhero.com') and (createdDateTime ge $start) and (createdDateTime lt $end)"

#Clean the URI
$appuri = ([System.Uri]$appuri).AbsoluteUri

#Loop it for ALL SignIn logs
Do{
"$appUri"
$header = get-accesstoken 
$results = @()
$RestSplat = @{ 
    URI         = $appuri
    Headers     = $header
    Method      = 'GET' 
    ContentType = "application/json" 
} 
$Tempresults =  Invoke-RestMethod @RestSplat 
$results += $tempresults.value
$appuri = $tempresults."@odata.NextLink"
}While($appuri -ne $null)

#
$results |Select CreatedDateTime,ClientAppUsed,userprincipalname
Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: