Now that we have the query, we can either run the query manually or in my case I will be setting up a script to run in a scheduled task to export this data. We also wanted to only have Logs that where created in the last 30 days. We only wanted to have Displayname,UPN,IP,App used and date the log was created. To connect to the sign-in Graph use the below Urlīelow is the command to connect and view all sign-in logs data will return all the default values for each sign-in log. Next step was to run the command to get to the access token for connecting to Microsoft Graph this is covered in the previous post so we won’t be going over that here. Permissions (from least to most privileged) Logged: The date and time the activity occurred. Use the Search field and drop-down lists to filter system log entries. The following table outlines the actions available on the System Logs screen. List signIns – Microsoft Graph v1.0 | Microsoft Docs Permission type Trend Vision One maintains system logs that provide summaries about system events that occurred. since we are using client secret we only require Application permission.īelow is the link to the Microsoft doc I used for getting info on listing sign-ins. To query sign-in logs the below API permission are required. Instead of manually filtering sign-in logs from Azure AD I want to automate this using Graph. We have been trying to audit guest account activity and sign-in logs are the only way I have been able to find if these account’s have been active for the last 30 days. In this post we will going through querying sign-in logs.Ĭonnecting to Microsoft GraphAPI Using PowerShell – TheSleepyAdmins In a previous post we went through configuring and connecting to Microsoft Graph API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |