Enterprise Applications Usage Reports

Copper Contributor

Hi all,


I have a requirement to locate Enterprise Apps which have not been signed into interactively or non-interactively within the last 90 days. I am trying to figure out the best way to do this autonomously. You can report on usage insights in Azure AD > Enterprise Applications but that just shows actively use EAs. I need to find those not in use so we can flag them and eventually delete (manually) after review.


Does anyone have any MS Graph PowerShell to achieve this? I've been trying the following PowerShell to list all Enterprise Applications and then do a foreach loop and retrieve the sign in logs for each of them but I am getting Syntax errors. If anyone has a better way of doing this please let me know!

$Applications = Get-MgApplication -All | select DisplayName
foreach ($SignIn in $Applications) {
    Get-MgAuditLogSignIn -Filter "contains(appDisplayName,$SignIn)" -Top 10 }


Get-MgAuditLogSignIn : Invalid filter clause
At line:3 char:5
+ Get-MgAuditLogSignIn -Filter "contains(appDisplayName,$SignIn)" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ Top = 10, Ski...ndProperty = }:<>f__AnonymousType2`8) [Get-MgAuditLogSignIn_List1], RestException`1
+ FullyQualifiedErrorId : BadRequest,Microsoft.Graph.PowerShell.Cmdlets.GetMgAuditLogSignIn_List1

0 Replies