SharePoint Diary » PowerShell » Microsoft 365: Find the Last Login Date of the Users

Microsoft 365: Find the Last Login Date of the Users

June 28, 2023 Salaudeen Rajack 3 Comments check last login office 365, export office 365 user last logon date to csv file, get last login office 365 powershell, get-azureadauditsigninlogs last 30 days, office 365 get last logon time powershell, office 365 last login date, office 365 last login report powershell, office 365 last sign in report

Requirement: Find the last Login Date and time stamp of all users in the Microsoft 365 tenant.

Managing user accounts effectively is crucial for organizations using Office 365. One of the essential aspects of user management is monitoring user activity, including their last login dates. In this blog post, we will guide you through the process of finding the last login date of users in Office 365 using PowerShell.

Microsoft 365 Admin Center, Azure AD Sign-in Logs, and the PowerShell cmdlet Get-AzureADAuditSignInLogs – All three have a limitation of 30 days Logs in Office 365!

office 365 get last logon time powershell

If you want to search for the last login date within the past 30 days of all users using PowerShell, Here is the script for you:

#Config Parameters
$CSVPath = "C:\Temp\SigninLogs.csv"
$SigninLogs = @()

#Connect to Azure AD
Connect-AzureAD | Out-Null

#Get All users from Azure AD
$AllUsers = Get-AzureADUser -All $true
$TotalUsers = $AllUsers.Count

#Function to get the last login time stamp of the user
Function Get-UserLastLogin([string] $UserObjectID)
{
    Try {
        Write-host -f Yellow "Collecting Last Login date of the User Object:"$UserObjectID

        #Get the Successful Signin Logs of the user
        $SigninLog = Get-AzureADAuditSignInLogs -All:$true -Filter "userID eq '$UserObjectID' and status/errorCode eq 0" | Select -First 1

        #Return Last Login Date
        $LoginDetails = New-Object psobject -Property @{
            LoginTime = $SigninLog.CreatedDateTime
            App = $SigninLog.AppDisplayName
        }
        Return $LoginDetails
    }
    Catch {
        $message = $_
        If ($message -like "*Too Many Requests*")
        {
            Write-host "`tSleeping for 10 seconds due to throttling limitations..." -ForegroundColor Cyan
            Sleep 10
            #Recursive function call to retry the entry that was throttled
            Get-UserLastLogin $UserObjectID
        }
        Else
        {
            Write-host $Message -ForegroundColor Red           
        }
    }
}

#Loop through all users
$Counter = 1
$AllUsers | ForEach-Object {
    Write-Progress -Activity "Checking Signin Logs:" -Status "Processing $($_.UserPrincipalName) ($Counter of $TotalUsers)" -PercentComplete (($Counter / $TotalUsers) * 100) 
    #Call the function to get the sign-in log
    $SignInLog = Get-UserLastLogin $_.ObjectID
    
    #Get the Last Login Date
    If ($SignInLog.LoginTime -eq $Null)
    {
        $LastLoginDate = "No Log-in Events Found!"
    }
    Else
    {
        $LastLoginDate = Get-Date $SignInLog.LoginTime
    }

    #Collect data
    $SigninLogs += [PSCustomObject][ordered]@{
        UserLoginName   = $_.UserPrincipalName
        UserDisplayName   = $_.DisplayName
        LastLogin  = $LastLoginDate
        Application = $SignInLog.App
    }
    $Counter++
}

$SigninLogs
#Export Data to CSV
$SigninLogs | Export-Csv -Path $CSVPath -NoTypeInformation

However, the above script can get data for only 30 days.

Generate Last Login Report for Office 365 using Graph API PowerShell

The Microsoft Graph API can get the last login date without a 30-day limit!

Prerequisites

Before accessing the Office 365 user’s last login information, you need to install the Microsoft Graph PowerShell module. Refer here for How to Install Microsoft Graph PowerShell Module?

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "AuditLog.Read.All","User.Read.All"

#Set the Graph Profile
Select-MgProfile beta

#Properties to Retrieve
$Properties = @(
    'Id','DisplayName','Mail','UserPrincipalName','UserType', 'AccountEnabled', 'SignInActivity'    
)

#Get All users along with the properties
$AllUsers = Get-MgUser -All -Property $Properties #| Select-Object $Properties

$SigninLogs = @()
ForEach ($User in $AllUsers)
{
    $SigninLogs += [PSCustomObject][ordered]@{
            LoginName       = $User.UserPrincipalName
            Email           = $User.Mail
            DisplayName     = $User.DisplayName
            UserType        = $User.UserType
            AccountEnabled  = $User.AccountEnabled
            LastSignIn      = $User.SignInActivity.LastSignInDateTime
    }
}

$SigninLogs

#Export Data to CSV
$SigninLogs | Export-Csv -Path "C:\Temp\SigninLogs.csv" -NoTypeInformation

This script retrieves all users in your Office 365 tenant, gathers their last sign-in information, and outputs the results to a CSV report.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

3 thoughts on “Microsoft 365: Find the Last Login Date of the Users”

Laurent F.
May 31, 2023 at 7:05 PM
Permalink

Hi Salaudeen,

Seems “AuditLog.Read.All” is not enough to issue a get-mguser command. Script asks me again to logon, and :
Get-MgUser : Insufficient privileges to complete the operation.
At line:13 char:1
+ $AllUsers = Get-MgUser -All -Property $Properties #| Select-Object $P …
Reply
- elder
  June 28, 2023 at 6:13 PM
  Permalink
  
  same here 🙂
  Reply
- Salaudeen RajackPost author
  June 28, 2023 at 6:30 PM
  Permalink
  
  Add “User.Read.All” to the scopes.
  Reply

PowerShell to Generate the Last Login Date Report in Office 365

Generate Last Login Report for Office 365 using Graph API PowerShell

Related Posts

Salaudeen Rajack

3 thoughts on “Microsoft 365: Find the Last Login Date of the Users”

Leave a Reply Cancel reply