Graph API via PowerShell: Find Sign In Logs for Specific user and time

Scenario: You want to use Graph API to query the SignIn logs.

1. It performs a get-accesstoken function which can be found and loaded from this blog: Get an Access Token for Graph API via PowerShell – Ex-Shell

#Sign-In Logs Varaibles, edit below:
$Start = "2021-10-01"
$End = "2021-10-05"
$appuri = "$('$filter')=(userprincipalname eq '') and (createdDateTime ge $start) and (createdDateTime lt $end)"

#Clean the URI
$appuri = ([System.Uri]$appuri).AbsoluteUri

#Loop it for ALL SignIn logs
$header = get-accesstoken 
$results = @()
$RestSplat = @{ 
    URI         = $appuri
    Headers     = $header
    Method      = 'GET' 
    ContentType = "application/json" 
$Tempresults =  Invoke-RestMethod @RestSplat 
$results += $tempresults.value
$appuri = $tempresults."@odata.NextLink"
}While($appuri -ne $null)

$results |Select CreatedDateTime,ClientAppUsed,userprincipalname

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: