Azure Active Directory sign-in logs

Use Get-ADSignInLogs to collect the contents of the Azure Active Directory sign-in log.

Note

Important note This module requires the Graph Beta module. Install it using the command: ‘Install-Module Microsoft.Graph.Beta’.

Usage

Running the script without any parameters will gather the Azure Active Directory sign-in log for the last 30 days:

Get-ADSignInLogs

Get the Azure Active Directory Audit Log before 2023-04-12:

Get-ADSignInLogs -endDate 2023-04-12

Get the Azure Active Directory Audit Log after 2023-04-12:

Get-ADSignInLogs -startDate 2023-04-12

Parameters

-startDate (optional)

  • startDate is the parameter specifying the start date of the date range.

-endDate (optional)

  • endDate is the parameter specifying the end date of the date range.

-OutputDir (optional)

  • OutputDir is the parameter specifying the output directory.

  • Default: The output will be written to: OutputAzureAD{date_SignInLogs}SignInLogs.json

-Encoding (optional)

  • Encoding is the parameter specifying the encoding of the JSON output file.

  • Default: UTF8

-UserIds (optional)

  • UserIds is the UserIds parameter filtering the log entries by the account of the user who performed the actions.

-MergeOutput (optional)

  • MergeOutput is the parameter specifying if you wish to merge CSV outputs to a single file.

-UserIds (optional)

  • UserIds is the UserIds parameter filtering the log entries by the account of the user who performed the actions.

-Interval (optional)

  • Interval is the parameter specifying the interval in which the logs are being gathered.

  • Default: 1440 minutes

Output

The output will be saved to the ‘AzureAD’ directory within the ‘Output’ directory, with the file name ‘SignInLogs.json’.