cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identifying all users who authenticate using Basic Auth via PowerShell?

steve_elliott
Brass Contributor

‎Jan 21 2019 05:37 AM

‎Jan 21 2019 05:37 AM

Identifying all users who authenticate using Basic Auth via PowerShell?

Is it possible to run a PS script of some sort which would identify all users who are connecting to O365 services (Exchange) using basic auth.

 

When we run the report via the GUI in Azure AD Sign-In's blade and filter by 'Client App' - this gives u the info we need but the export is limited to 5000 events.

 

Is there a way to extract this info to a CSV via PowerShell?

Labels:
23.4K Views
0 Likes
2 Replies
Reply
2 Replies
Vasil Michev

‎Jan 21 2019 10:04 AM

‎Jan 21 2019 10:04 AM

Re: Identifying all users who authenticate using Basic Auth via PowerShell?

Use the Azure AD blade or the Graph API. The "Script" button next to the "Download" one gives you a ready-to-use PowerShell script that queries the Graph API and fetches all the results, so you don't have to write your own.

 

If you want to use "standard" PowerShell, your best bet is the Unified Audit Log in the SCC, which unfortunately has been plagued with issues lately. Still, you can try getting the results via the Search-UnifiedAuditLog

cmdlet: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-unifi...

 

0 Likes
Reply
Steve Hernou

‎May 08 2019 05:14 AM

‎May 08 2019 05:14 AM

Re: Identifying all users who authenticate using Basic Auth via PowerShell?

Hi Steve

I just tried your approach (GUI - Sign Ins blade, filter on Client app for last 1 month) and when downloading the results to a CSV it obtains the first 250,000 records so maybe the limits have change between January and now.
0 Likes
Reply