Users: Last Sign-In
Retrieving the last sign in of accounts using Microsoft Graph and the signInActivity
property.
- Entra ID updates the SignInActivity property roughly once every 6 hours.
- All times returned are in UTC+0
PowerShell
Connect-MgGraph -Scopes @('User.Read.All, AuditLog.Read.All')
$select = 'signInActivity, userPrincipalName'
$params = @{
'All' = $true;
'PageSize' = '999';
'ConsistencyLevel' = 'eventual';
'CountVariable' = 'userCount';
'Select' = $select;
}
$users = Get-MgUser @params
$users | ForEach-Object {
# Store the last sign-in in a new property (comparing interactive and non-interactive)
$PSItem | Add-Member -NotePropertyName LastSignIn -NotePropertyValue $null -Force
if ($PSItem.SignInActivity.LastNonInteractiveSignInDateTime -gt
$PSItem.SignInActivity.LastSignInDateTime) {
$PSItem.LastSignIn = $PSItem.SignInActivity.LastNonInteractiveSignInDateTime
}
else {
$PSItem.LastSignIn = $PSItem.SignInActivity.LastSignInDateTime
}
}
$users | Select-Object Id, UserPrincipalName, LastSignIn
Dependencies
Microsoft Graph SDK for PowerShell
Install-Module Microsoft.Graph -AllowClobber -Force
Connect-MgGraph
Using the Microsoft Graph Command Line Tools Enterprise Application:
Connect-MgGraph -Scopes @('')
Using an existing Access Token:
Connect-MgGraph -AccessToken (ConvertTo-SecureString 'ey..' -AsPlainText -Force)
Using an Application Registration (Platform: Mobile and desktop applications, redirect http://localhost):
Connect-MgGraph -ClientId 'abc..' -TenantId 'abc..'
Using a ClientId and Secret (Password):
$tenantId = ''
$clientId = ''
$secret = ConvertTo-SecureString '' -AsPlainText -Force
$secretCredential = New-Object System.Management.Automation.PSCredential ($clientId, $secret)
$params = @{
'SecretCredential' = $secretCredential
'TenantId' = $tenantId
}
Connect-MgGraph @params