I am new to Powershell. I have a powershell script that uses the Microsoft Graph API. It loops through list of users reading from a CSV file and finds the devices for that user. For each of these devices I need to be able to find the logon date-time. I am trying the find the right cmdlet and syntax to use to achieve the desired result.
The info I am looking for is the one you see under the "Activity" column on the Microsoft Azure portal Users > Devices screen:
I have tried to call Get-AzureADAuditSignInLogs using the below syntax, but it is not returning a value. Here is what I have tried:
$deviceID = ‘123456-abcd-5555-9999-588888f66a11’
$deviceResults = Get-AzureADAuditSignInLogs -Filter "DeviceDetail/DeviceId eq '$deviceID'" -Top 1
I also tried this one:
Get-AzureADAuditSignInLogs | where-object -property DeviceDetail/DeviceId -eq '$deviceID'
Both these calls return nothing. I have also added Connect-AzureAD to the beginning of the code.
Any suggestions, ideas to solve my question would be tremendously helpful. Thanks!
Here is the complete code as I have it now:
# Connect to Graph API
Connect-MgGraph -NoWelcome
#Connect-AzureAD
#Import data from CSV file
$CSVData = Import-CSV -Path "C:\PSTest\Employees.csv"
function Test-AccountExists {
param(
$UserN
)
[bool] (Get-MgUser -Filter "Displayname eq '$UserN'" -ErrorAction
Ignore)
}
$resultsArr = @()
ForEach ($row in $CSVData){
$fullname = $($row.”First Name”) + “ “ + $($row.”Last Name”)
Write-Host $fullname
$empId = $($row.”Employee Id”)
# Function invocation
$result = Test-AccountExists -UserN $fullname
Write-Host $result
Write-Host $empId
If (($result) -eq $true) {
$userName = $fullname
$user = Get-MgUser -Filter "Displayname eq '$userName'"
$userId = $user.Id
Write-Host "User Principal Name: $($user.UserPrincipalName)"
Write-Host "User Id: $($userId)"
$devices = Get-MgUserOwnedDevice -UserId $userId
If ($devices) {
foreach ($device in $devices) {
$test = get-MgDevice -DeviceId $device.Id
#based on deviceId
#$LoginTime = Get-AzureADAuditSignInLogs -Filter "DeviceId eq '$device.Id'" -Top 1 | Select -ExpandProperty CreatedDateTime
Write-Host $test.DisplayName
Write-Host $device.Id
$deviceId = $device.Id
$testCompliance = Get-MgDevice -Filter "id eq '$deviceId' and isCompliant eq true"
if ($testCompliance) {
$complianceState = "Y"
}
else{
$complianceState = "N"
}
$resultrec = [PSCustomObject]@{
‘Employee Id’= $empId
‘Full Name’= $userName
‘User Principal Name’ = $user.UserPrincipalName
‘Device Name’ = $test.DisplayName
‘Compliance State’ = $complianceState
‘Azure Account’ = “Yes”
}
$resultsArr += $resultrec
} #for each device
}#If devices
else{
Write-Host “No devices exist for user”
$resultrec = [PSCustomObject]@{
‘Employee Id’= $empId
‘Full Name’= $userName
‘User Principal Name’ = $user.UserPrincipalName
‘Device Name’ = “No device in Azure”
‘Compliance State’ = “NA”
‘Azure Account’ = “Yes”
}
$resultsArr += $resultrec
}#No devices
}#If account exists
ElseIf (($result) -eq $false) {
Write-Host “Function returned false”
Write-Host "User Name in ElseIf:” + ($fullname)
$resultrec2 = [PSCustomObject]@{
‘Employee Id’= $empId
‘Full Name’= $fullname
‘User Principal Name’ = “NA”
‘Device Name’ = “NA”
‘Compliance State’ = “NA”
‘Azure Account’ = “No”
}
$resultsArr += $resultrec2
}
}#ForEach
# Export the resultsArrArr to a new CSV file
$resultsArr | Export-Csv -Path “C:\pstest\Results.csv” -
NoTypeInformation
#clear array after export
$resultsArr = @()
This answer requires the Microsoft.Graph.Authentication
Module (Connect-MgGraph
and Invoke-MgGraphRequest
are cmdlets from this Module) and the required permissions are:
You can get the user's owned devices by calling the List ownedDevices
Method from the user
Endpoint. For a single user and assuming you have their UserPrincipalName
or Id
, the code would look like this:
Connect-MgGraph
$endpoint = 'v1.0' # or `beta`
$user = '[email protected]' # Can use user's Id or UPN here
$response = Invoke-MgGraphRequest GET ('{0}/users/{1}?$expand=ownedDevices' -f $endpoint, $user)
$response['ownedDevices'] | ForEach-Object {
[pscustomobject]@{
DeviceOwner = $response['userPrincipalName']
DeviceId = $_['deviceId']
DeviceDisplayName = $_['displayName']
DeviceEnabled = $_['accountEnabled']
DeviceApproximateLastSignInDateTime = $_['approximateLastSignInDateTime']
}
}
Note that you will find much more properties in $response['ownedDevices']
, for the complete list see device
Properties. If you want additional properties added to your output, those need to be included in the [pscustomobject]
expression, i.e.: for isCompliant
you would need to add a IsCompliant = $_['isCompliant']
and so on.