Sep 22 2017
01:51 AM
- last edited on
Jan 14 2022
05:29 PM
by
TechCommunityAP
Sep 22 2017
01:51 AM
- last edited on
Jan 14 2022
05:29 PM
by
TechCommunityAP
Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users.
Jan 04 2022 10:46 AM
Jan 04 2022 10:26 PM
Jan 05 2022 09:00 AM
Jan 05 2022 11:07 PM
Jan 18 2022 12:34 PM
Mar 23 2022 07:01 AM
@NicolasHonThanks for this it worked as is. I was close but was having trouble with the actual lastsignindate being output. I think the OP originally wanted all users not just Guest users but should be easy to figure that out.
Mar 30 2022 05:04 AM - edited Mar 30 2022 05:07 AM
The Microsoft Graph API now supports the resource property signInActivity in users end-point, this resource exposes the lastSignInDateTime property which shows the last time a user made a successful sign-in. Fetching signInActivity property requires an Azure AD Premium P1/P2 license and the AuditLog.Read.All permission. The following request retrieves user details along with signInActivity property.
#GET Request
https://graph.microsoft.com/beta/users?$select=displayName,signInActivity
Before Microsoft Graph supports this property, we need to either get the mailbox last logon time using the Get-MailboxStatistics cmdlet or we need to crawl the Azure AD sign-in logs or the Unified audit logs in the Security and Compliance Center.
You can refer the below post to know more details about how to find and export Last login date for all Azure AD Users using PowerShell.
Mar 30 2022 08:35 AM - edited Mar 30 2022 08:43 AM
@Kevin Morgan license? ;) the lastsignin property is a static value that is populated for all user accounts including guest accounts (see thread) back to apr 2020.
Edit: I'm guessing you mean the tenant has 'any' aad p1/p2. Haven't tested this maybe you are right?
Mar 31 2022 04:10 AM
Yes the value may get populated for all users. But we need the license to retrieve the lastlogin value through Microsoft Graph API. The Microsoft's document itself still indicates the same and so my testing. Hope still there is no other API or PowerShell cmdlet to get the details without Azure AD Premium P1/P2 license. Can you please point me if you know any resources?
Mar 31 2022 12:41 PM
Apr 01 2022 12:07 AM
Apr 25 2022 01:00 PM
Jul 06 2022 12:25 AM - edited Jul 06 2022 12:37 AM
I wrote a detailed document on this. The solution returns, DisplayName, UserPrincipleName, LastLogin.
$mailboxes = Get-EXOMailbox -ResultSize Unlimited $mailboxes | ForEach-Object { $mbx = $_ $mbs = Get-EXOMailboxStatistics -Identity $mbx.UserPrincipalName | Where-Object LastLogonTime -LE (Get-Date).AddDays(-90) | Select DisplayName, LastLogonTime if ($mbs.LastLogonTime -ne $null){ $lt = $mbs.LastLogonTime }else{ $lt = "Normal User" } New-Object -TypeName PSObject -Property @{ DisplayName = $mbx.DisplayName UserPrincipalName = $mbx.UserPrincipalName LastLogonTime = $lt} }
You can read the complete from my blog: Get Last Logon Time of Office 365 Users PowerShell
Jul 06 2022 12:52 AM - edited Jul 06 2022 12:53 AM
LastLogonTime may not be the best attribute to target according to below and I think it is also limited to logins for exchange online which will not help for non mailbox enabled accounts. In the thread you will see a more robust solution that said thank you for your efforts. Sharing is always appreciated! https://o365reports.com/2019/06/18/office-365-users-last-logon-time-incorrect/
Jul 06 2022 04:33 AM - edited Jul 06 2022 04:35 AM
@Joshua Bines, Yes agree to you on some extend. Do you have any alternative fix to the script? Will be highly appreciated. Secondly and Importantly, the commercial issue is two or three years old. Thank You
Jul 06 2022 05:18 AM
Jul 06 2022 05:34 AM
Sep 12 2022 01:22 PM
Hello! @NicolasHon, how are you? Hope fine.
I extend you and anyone who knows the following question:
I'm getting some users with the LastSignInDateTime empty or with the following date (i reviewed the raw csv, and is not a excel format issue) 1/1/0001 21:00:00
I assume that the empty date means that they never log in to 365 but dont know if the date is the same.
Do you know who this means?
thanks in advance!!
Oct 11 2022 03:21 AM
Oct 17 2022 11:47 PM
This can be done using AzureADPreview
Import-Module AzureADPreview
$UsersUPN = (Get-AzureADUser -Top 20000).UserPrincipalName
foreach($user in $UsersUPN)
{
Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$user'" -Top 1| `
select CreatedDateTime, UserPrincipalName, IsInteractive, AppDisplayName, IpAddress, TokenIssuerType, @{Name = 'DeviceOS'; Expression = {$_.DeviceDetail.OperatingSystem}}
Start-Sleep -Seconds 5
}
A Start-Sleep -Seconds 5 delay should be added in order to bypass the "Too many requests" error code