The Get-MgAuditLogSignIn cmdlet in Microsoft Graph PowerShell retrieves sign-in activity logs for users in a Microsoft 365 tenant. It provides insights into login events, including user, location, IP address, and status.
Monitoring sign-ins is crucial for security and compliance. With Get-MgAuditLogSignIn, administrators can:
Before using this cmdlet, connect to Microsoft Graph with the required audit log permissions:
Connect-MgGraph -Scopes "AuditLog.Read.All"Syntax (essential parameters):
Get-MgAuditLogSignIn [-Top <Int32>] [-Filter <String>] [-Select <String>]You can limit the number of results, filter based on event ID, or query by date/time for targeted auditing.
Get-MgAuditLogSignIn -Top 10This command retrieves the top 10 most recent sign-in activities.
$signInId = "f2315678-1234-7890-dr45-p09o8iu76y"
$detailedSignIn = Get-MgAuditLogSignIn -Filter "id eq '$signInId'"
$detailedSignInSince every user sign-in event has an ID, you can pass it to fetch details of a specific sign-in.
$startDate = (get-date).AddDays(-30).ToString("yyyy-MM-ddTHH:mm:ssZ")
$signIns = Get-MgAuditLogSignIn -Filter "createdDateTime ge $startDate"
$signIns | Select-Object userPrincipalName, createdDateTime, ipAddress, location, statusThis script retrieves user sign-in activity for the last 30 days, including usernames, login times, IPs, and status.
Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.
Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.
© Your Site Name. All Rights Reserved. Design by HTML Codex