Microsoft Graph API can be used to get the last logon time of a user. To do this, you will need to make a GET request to the /users/{id}/lastLogonTimeStamp endpoint. This endpoint will return the last logon time of the user in the form of a timestamp. You can then use this timestamp to determine the exact date and time of the user’s last logon.
This query get’s.
DisplayName,UserPrincipalName,UsageLocation,Contry,LastSignInDateTime,IsLicensed,IsGuestUser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#client_id and client_secret are generated in Azure AD
$ClientID = ''
$ClientSecret = ''
$tenant_Id = ''
# Create the body of the request.
$Body = @{
Grant_Type = "client_credentials"
resource = "https://graph.microsoft.com"
client_id = $clientId
client_secret = $clientSecret
}
# Get the access token.
$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoft.com/$tenant_Id/oauth2/token?api-version=1.0" -Method POST -Body $Body
# Force TLS 1.2.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Get the access token.
$token = $ConnectGraph.access_token
# Variable Collections #
$Result = @()
#This request get users list with signInActivity.
$Uri = "https://graph.microsoft.com/beta/users?$select=displayName,userPrincipalName,contry,UsageLocation,userType,assignedLicenses,signInActivity,lastSignInDateTime&$top=999"
#function to get graph data with pagination
function Get-GraphData {
param (
[parameter(Mandatory)]
[string]$AccessToken,
[parameter(Mandatory)]
[string]$Uri
)
$Headers = @{
'Authorization' = "Bearer $AccessToken"
}
do {
$Results = Invoke-RestMethod -Uri $Uri -Headers $Headers -ErrorAction Stop
$QueryResults += $Results.value
$Uri = $Results.'@odata.nextLink'
} while ($Uri)
return $QueryResults
}
# Get the users.
[array]$Users = Get-GraphData -AccessToken $Token -Uri $uri
# Loop through the results and add them to the output array.
ForEach ($User in $Users) {
$Result += New-Object PSObject -property $([ordered]@{
DisplayName = $User.displayName
UserPrincipalName = $User.userPrincipalName
UsageLocation = $user.usageLocation
Contry = $User.country
LastSignInDateTime = if ($User.signInActivity.lastSignInDateTime) { [DateTime]$User.signInActivity.lastSignInDateTime } Else { $null }
IsLicensed = if ($User.assignedLicenses.Count -ne 0) { $true } else { $false }
IsGuestUser = if ($User.userType -eq 'Guest') { $true } else { $false }
})
}
# Write the results to a CSV file.
$Logfile = "lastlogon.csv"
$LogItem = New-Item -ItemType File -Name $Logfile
$Result | ConvertTo-Csv | Out-File $LogItem -Append
| DisplayName | UserPrincipalName | UsageLocation | Contry | LastSignInDateTime | IsLicensed | IsGuestUser |
|---|---|---|---|---|---|---|
| Adele Vance | AdeleV@blabla.com | US | United States | True | False | |
| Alex Wilber | AlexW@blabla.com | US | United States | True | False | |
| Diego Siciliani | DiegoS@blabla.com | US | United States | True | False | |
| Grady Archie | GradyA@blabla.com | US | United States | True | False | |
| Henrietta Mueller | HenriettaM@blabla.com | US | United States | True | False | |
| Isaiah Langer | IsaiahL@blabla.com | US | United States | True | False | |
| Johanna Lorenz | JohannaL@blabla.com | US | United States | True | False | |
| Joni Sherman | JoniS@blabla.com | US | United States | True | False | |
| Lee Gu | LeeG@blabla.com | US | United States | True | False | |
| Lidia Holloway | LidiaH@blabla.com | US | United States | True | False | |
| Lynne Robbins | LynneR@blabla.com | US | United States | True | False | |
| Megan Bowen | MeganB@blabla.com | US | United States | True | False | |
| Miriam Graham | MiriamG@blabla.com | US | United States | True | False | |
| Nestor Wilke | NestorW@blabla.com | US | United States | True | False | |
| Patti Fernandez | PattiF@blabla.com | US | United States | True | False | |
| Pradeep Gupta | PradeepG@blabla.com | US | Egypt | True | False | |
| Student 1 | Student_1@blabla.com | False | False | |||