Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

List all users' last login date

Iron Contributor

Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users.

70 Replies

No. Use the report in the O365 admin center -> Reports -> Usage -> Active users.

Thanks, Vasil. That will have to do, but what I really needed was to be able to sort on user type (internal user, guest user, administrator etc.)

I think this is what you need.

Login Activities.JPG

 

The above functionality is available in AdminDroid Office 365 Reporter.

The provided script gives you the last login information of users who have Exchange Online license whereas the requirement is to display "last logon time" of unlicensed users as well.

Hi Robert,

I tested the script it also provides the logon times for "Unlicensed Users" as well and exports them to a .CSV.

Once you've logged in and authenticated against your Office 365 tenant, you can then use the below commands.

 

# Connects you to Windows Azure Active Directory

Connect-MsolService

 

# Gets Unlicenced users and lists the "DisplayName, LastLogonTime and LastLogoffTime"

Get-MsolUser -UnlicensedUsersOnly | Foreach {Get-MailboxStatistics $_.UserPrincipalName | Select DisplayName, LastLogonTime, LastLogoffTime}

What about users who don't have mailboxes? I have a number of users for whom we have disabled the Exchange Online license. How can I get their logon statistics?

Just a warning that using the Get-MailboxStatistics cmdlet to get this information is highly unreliable (see @Tony Redmond's great blog on that here: https://www.petri.com/get-mailboxstatistics-cmdlet-wrong). The Office 365 usage reports is really the better answer here.

It's not only unreliable, it's impossible. Get-MailboxStatistics only returns statistics for mailboxes, but I specifically need logon statistics for people who do not have mailboxes.

or Get-AzureADAuditSignInLogs (AzureADPreview) or Search-UnifiedAuditLog

Hey @Robert Luck

Is this a secure tool? Since you are giving access to your whole organization.

I cannot seem to find the type of report I want in Azure reporting so I am thinking if investing is tool such as this one, is a smart investment..

Thanks!

@ManjaMso1 Yes, please check the blog to know more about the security implementation. Also, if you have any other queries, feel free to reach out to us.

@Thijs Lecomte 

 

This doesnt seem to work for me. When i try using it i either get this error: 

 

"error": {
"code": "Authentication_RequestFromUnsupportedUserRole",
"message": "User is not in the allowed roles",
"innerError": {
"request-id": "0119ef60-c3bb-40c1-8f58-7f201bf6d8da",
"date": "2020-05-01T21:46:51"
}

 

I checked i am global admin and part of the security reader groups. 

 

Or the command does work, but the results are returned with no logon dates. Have you had any luck getting to work ? recently?

 

Thanks, 

 

Robert 

One other Note: 

 

When i run this URL: https://graph.microsoft.com/v1.0/users?$select=displayName,userPrincipalName,signInActivity

 

From here: 

 

https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-beta&tabs=http#code-try-21 

 

After First selecting "Try it" next to the code. 

 

Then selecting V 1.0

 

It shows me users that are not in my tenant, that have never been in my tenant, and a tenant name that has never been mine. Just an FYI on that. 

 

Thanks, 

 

Robert 

HI Robert

Please take the following steps:
Navigate to https://developer.microsoft.com/en-us/graph/graph-explorer#
Click on the left 'signin with microsoft'. sign-in with your global administrator account.

Then click modify permission (on the left) and add User.ReadBasic.All permission

IF you then run the query:
GET https://graph.microsoft.com/beta/users?$select=displayName,userPrincipalName,signInActivity

You will get it.
YOu should run it in beta, not v1

You were trying the graph explorer without signing-in and then it uses sample data

@Thijs Lecomte 

 

Ahh!! Ok that makes sense. I will try your solution. 

 

Robert 

@Thijs Lecomte 

Ok that worked! Thanks for your assistance. Now how can i see all the users in the tenant? I am testing with my own tenant which only has about 20 users, so can i assume that if i run the above query on a larger tenant that it will just return all users? 

 

Also, How long does the logging go back for ? is the standard Windows Azure 90 Days? Can i access Microsoft Graph using Excel? 

 

Thanks, 

Robert