How to Get Azure Authentication Details on SignIn Activities via Microsoft Graph
I need to fetch all details of the user signin activities via Microsoft Graph lib. I gave all the permission(maybe further more) I can get all information about signin activity but just Authentication Details are missing.
Please see the picture which one I indicate
Here is my code block to obtain all signin logs
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "aaaaaa-bbbb-cccc-dddd-fffffff";
var clientId = "kkkkkkkk-zzzz-yyyy-xxxxx-ghhhhhhh";
var clientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
var tenantName = "example.com";
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
var totalList = new List<Microsoft.Graph.Models.SignIn>();
GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var signIns = await graphClient.AuditLogs.SignIns.GetAsync();
var aulogs= await graphClient.AuditLogs.GetAsync();
How can I also obtain the Authentication Details ? SignIn class has no such as Property.
Posting details proof of work @Tiny Wang,
In v1.0 version of Microsoft Graph API, authenticationDetails property is not available in the response but it is available in beta version of Microsoft Graph API However, APIs in the /beta version of Microsoft Graph are still being developed and mostly not recommendable. It's best to stick with the v1.0 version for production.
For using Microsoft Graph APIBeta version need to have Microsoft Entra ID P1 or P2 licenses.
Initially, I registered Microsoft Entra application, granted and consented Application type API Permissions AuditLog.Read.All and Directory.Read.All:
Make use of below C# code, To fetch SignIndetail for all users with property authenticationDetails:
using Microsoft.Identity.Client;
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;
public class Program
{
private const string TenantId = "<tenant_id>";
private const string ClientId = "<app_id>";
private const string ClientSecret = "<client_secret>";
private const string Scope = "https://graph.microsoft.com/.default";
public static async Task Main(string[] args)
{
var accessToken = await GetAccessTokenAsync();
Console.WriteLine($"Access Token: {accessToken}");
var signInId = "YOUR_SIGNIN_ID";
await GetSignInLogAsync(signInId, accessToken);
}
private static async Task<string> GetAccessTokenAsync()
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithClientSecret(ClientSecret)
.WithAuthority(new Uri($"https://login.microsoftonline.com/{TenantId}"))
.Build();
var result = await app.AcquireTokenForClient(new[] { Scope }).ExecuteAsync();
return result.AccessToken;
}
private static async Task GetSignInLogAsync(string signInId, string accessToken)
{
using var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var response = await httpClient.GetAsync($"https://graph.microsoft.com/beta/auditLogs/signIns");
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Sign-In Log: {content}");
}
}
Output:
The maximum and default size is 1000 objects and by default the most recent signIns are returned first.
Reference: