cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Guest user account sign-ins

Graham_Sparky_Harrison
Copper Contributor

‎Apr 06 2023 06:45 AM

‎Apr 06 2023 06:45 AM

Guest user account sign-ins

Hello,

 

We have log analytics setup and i am trying to create a new query in Kusto Query Language to find user type=guest that have not signed in for more than 60 days. Please can anyone assist?

 

kind regards,

Graham

 

364 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Apr 06 2023 06:57 AM

‎Apr 06 2023 06:57 AM

Re: Guest user account sign-ins

@Graham_Sparky_Harrison 

Can I assume you have the SigninLogs Table, to check - is this AAD? 
You may also want to uncomment line #4 if you want to check just for successful sign-ins?

 

SigninLogs
| where TimeGenerated > ago (90d)
| where UserType == "Guest"
//| where ResultType == 0
| summarize arg_max(TimeGenerated,*) by UserPrincipalName
| extend LastSignin = datetime_diff("day", now(), TimeGenerated)
| where LastSignin > 60

 

 

 

0 Likes
Reply