Thanks for the reply. Can you elaborate on why its best to use graph? I am noticing that the command "Get-AzureADAuditSignInLogs" is not showing me date\time that i would expect. Example if i use graph, i can see date\time for particular user. If run the command below it returns 0 results
Get-AzureAdAuditSigninLogs -top 1 -filter "userPrincipalName eq 'user@domain.com'"
I am using the below code in graph. Appears to be working
Connect-MgGraph -ClientId $appid -TenantId $TenantId -Certificate $cert | out-null
function queryAADUserLastSignin{
$uri = "
https://graph.microsoft.com/beta/users?`$select=Displayname,signInActivity,userPrincipalName,userType,externalUserState,externalUserStateChangeDateTime,creationType,createdDateTime,onPremisesSyncEnabled,accountEnabled,mail"
do{
$results = Invoke-MgGraphRequest -Uri $uri -Method GET -OutputType PSObject
$results.value | select displayname, userPrincipalName,userType,externalUserState,externalUserStateChangeDateTime,creationType,createdDateTime,accountEnabled, `
@{Name="lastSignInDateTime";Expression={$_.signInActivity.lastSignInDateTime}},mail
$uri = $Results.'@odata.nextlink'
}until ($uri -eq $null)
}
queryAADUserLastSignin | export-csv .\user_export1.csv -NoTypeInformation