Microsoft 365: Find the Last Login Date of the Users
Requirement: Find the last Login Date and time stamp of all users in the Microsoft 365 tenant.
PowerShell to Generate the Last Login Date Report in Office 365
Managing user accounts effectively is crucial for organizations using Office 365. One of the essential aspects of user management is monitoring user activity, including their last login dates. In this blog post, we will guide you through the process of finding the last login date of users in Office 365 using PowerShell.
Microsoft 365 Admin Center, Azure AD Sign-in Logs, and the PowerShell cmdlet Get-AzureADAuditSignInLogs – All three have a limitation of 30 days Logs in Office 365!
If you want to search for the last login date within the past 30 days of all users using PowerShell, Here is the script for you:
#Config Parameters
$CSVPath = "C:\Temp\SigninLogs.csv"
$SigninLogs = @()
#Connect to Azure AD
Connect-AzureAD | Out-Null
#Get All users from Azure AD
$AllUsers = Get-AzureADUser -All $true
$TotalUsers = $AllUsers.Count
#Function to get the last login time stamp of the user
Function Get-UserLastLogin([string] $UserObjectID)
{
Try {
Write-host -f Yellow "Collecting Last Login date of the User Object:"$UserObjectID
#Get the Successful Signin Logs of the user
$SigninLog = Get-AzureADAuditSignInLogs -All:$true -Filter "userID eq '$UserObjectID' and status/errorCode eq 0" | Select -First 1
#Return Last Login Date
$LoginDetails = New-Object psobject -Property @{
LoginTime = $SigninLog.CreatedDateTime
App = $SigninLog.AppDisplayName
}
Return $LoginDetails
}
Catch {
$message = $_
If ($message -like "*Too Many Requests*")
{
Write-host "`tSleeping for 10 seconds due to throttling limitations..." -ForegroundColor Cyan
Sleep 10
#Recursive function call to retry the entry that was throttled
Get-UserLastLogin $UserObjectID
}
Else
{
Write-host $Message -ForegroundColor Red
}
}
}
#Loop through all users
$Counter = 1
$AllUsers | ForEach-Object {
Write-Progress -Activity "Checking Signin Logs:" -Status "Processing $($_.UserPrincipalName) ($Counter of $TotalUsers)" -PercentComplete (($Counter / $TotalUsers) * 100)
#Call the function to get the sign-in log
$SignInLog = Get-UserLastLogin $_.ObjectID
#Get the Last Login Date
If ($SignInLog.LoginTime -eq $Null)
{
$LastLoginDate = "No Log-in Events Found!"
}
Else
{
$LastLoginDate = Get-Date $SignInLog.LoginTime
}
#Collect data
$SigninLogs += [PSCustomObject][ordered]@{
UserLoginName = $_.UserPrincipalName
UserDisplayName = $_.DisplayName
LastLogin = $LastLoginDate
Application = $SignInLog.App
}
$Counter++
}
$SigninLogs
#Export Data to CSV
$SigninLogs | Export-Csv -Path $CSVPath -NoTypeInformation
However, the above script can get data for only 30 days.
Generate Last Login Report for Office 365 using Graph API PowerShell
The Microsoft Graph API can get the last login date without a 30-day limit!
Prerequisites
Before accessing the Office 365 user’s last login information, you need to install the Microsoft Graph PowerShell module. Refer here for How to Install Microsoft Graph PowerShell Module?
#Connect to Microsoft Graph
Connect-MgGraph -Scopes "AuditLog.Read.All","User.Read.All"
#Set the Graph Profile
Select-MgProfile beta
#Properties to Retrieve
$Properties = @(
'Id','DisplayName','Mail','UserPrincipalName','UserType', 'AccountEnabled', 'SignInActivity'
)
#Get All users along with the properties
$AllUsers = Get-MgUser -All -Property $Properties #| Select-Object $Properties
$SigninLogs = @()
ForEach ($User in $AllUsers)
{
$SigninLogs += [PSCustomObject][ordered]@{
LoginName = $User.UserPrincipalName
Email = $User.Mail
DisplayName = $User.DisplayName
UserType = $User.UserType
AccountEnabled = $User.AccountEnabled
LastSignIn = $User.SignInActivity.LastSignInDateTime
}
}
$SigninLogs
#Export Data to CSV
$SigninLogs | Export-Csv -Path "C:\Temp\SigninLogs.csv" -NoTypeInformation
This script retrieves all users in your Office 365 tenant, gathers their last sign-in information, and outputs the results to a CSV report.
Hi Salaudeen,
Seems “AuditLog.Read.All” is not enough to issue a get-mguser command. Script asks me again to logon, and :
Get-MgUser : Insufficient privileges to complete the operation.
At line:13 char:1
+ $AllUsers = Get-MgUser -All -Property $Properties #| Select-Object $P …
same here 🙂
Add “User.Read.All” to the scopes.