Users: Last Sign-In

Retrieving the last sign in of accounts using Microsoft Graph and the signInActivity property.

• Entra ID updates the SignInActivity property roughly once every 6 hours.
• All times returned are in UTC+0

PowerShell

Connect-MgGraph -Scopes @('User.Read.All, AuditLog.Read.All')

$select = 'signInActivity, userPrincipalName'
$params = @{ 
    'All'              = $true; 
    'PageSize'         = '999';
    'ConsistencyLevel' = 'eventual'; 
    'CountVariable'    = 'userCount';
    'Select'           = $select;
}
$users = Get-MgUser @params
$users | ForEach-Object {
    # Store the last sign-in in a new property (comparing interactive and non-interactive)
    $PSItem | Add-Member -NotePropertyName LastSignIn -NotePropertyValue $null -Force
    if ($PSItem.SignInActivity.LastNonInteractiveSignInDateTime -gt
        $PSItem.SignInActivity.LastSignInDateTime) {
        $PSItem.LastSignIn = $PSItem.SignInActivity.LastNonInteractiveSignInDateTime
    }
    else {
        $PSItem.LastSignIn = $PSItem.SignInActivity.LastSignInDateTime
    }
}
$users | Select-Object Id, UserPrincipalName, LastSignIn

Dependencies

Microsoft Graph SDK for PowerShell

Install-Module Microsoft.Graph -AllowClobber -Force

Connect-MgGraph

Using the Microsoft Graph Command Line Tools Enterprise Application:

Connect-MgGraph -Scopes @('')

Using an existing Access Token:

Connect-MgGraph -AccessToken (ConvertTo-SecureString 'ey..' -AsPlainText -Force)

Using an Application Registration (Platform: Mobile and desktop applications, redirect http://localhost):

Connect-MgGraph -ClientId 'abc..' -TenantId 'abc..'

Using a ClientId and Secret (Password):

$tenantId = ''
$clientId = ''
$secret = ConvertTo-SecureString '' -AsPlainText -Force
$secretCredential = New-Object System.Management.Automation.PSCredential ($clientId, $secret)
$params = @{
    'SecretCredential' = $secretCredential
    'TenantId'         = $tenantId
}
Connect-MgGraph @params