MgGraph - Retrieve Sign in activity on guest accounts
Retrieve UserPrincipalName, SignInActivity & CreatedDateTime
# Get all guest users with their UserPrincipalName, SignInActivity, and CreatedDateTime
Get-MgUser -All:$true -Filter "userType eq 'Guest'"-Property UserPrincipalName,SignInActivity,CreatedDateTime | Select-Object CreatedDateTime, UserPrincipalName, @{Name="LastLoginDate"; Expression={$_.SignInActivity.LastSignInDateTime}}
Explanation:
- Filter Expression:
"userType eq 'Guest'"is used to filter guest users. - Select-Object: This cmdlet is used to format the output. Here,
CreatedDateTimeandUserPrincipalNameare directly selected, whileLastSignInDateTimeis computed from theSignInActivityproperty.
Retrive UserPrincipalName, SignInActivity, CreatedDateTime & InvitationState
Retrieve User Information: Fetch guest users with
UserPrincipalName,SignInActivity, andCreatedDateTime.Retrieve Invitation Information: Use the Microsoft Graph API to fetch invitation details.
# Fetch all guest users and their SignInActivity and CreatedDateTime$guestUsers = Get-MgUser -All:$true -Filter "userType eq 'Guest'"-Property UserPrincipalName,SignInActivity,CreatedDateTime # Initialize an empty array to hold user details with invitation state $userDetails = @() foreach ($user in $guestUsers) { # Fetch the invitation details for each guest user $invitation = Get-MgInvitation-Filter "invitedUserPrincipalName eq '$($user.UserPrincipalName)'" # Create a custom object with all required properties $userDetails += [PSCustomObject]@{ CreatedDateTime = $user.CreatedDateTime UserPrincipalName = $user.UserPrincipalName LastLoginDate = $user.SignInActivity.LastSignInDateTime InvitationState = if ($invitation) { $invitation.InvitationStatus }else { "Not Invited" } } } # Display the user details $userDetails | Format-Table -AutoSize
Explanation:
Retrieve Guest Users:
Get-MgUser -Filter "userType eq 'Guest'"fetches guest users with theirUserPrincipalName,SignInActivity, andCreatedDateTime.
Fetch Invitation Details:
Get-MgInvitationis used to retrieve invitation details for each guest user based on theirUserPrincipalName. Ensure the required permissions are granted to access invitation details.
Combine Data:
- A loop processes each guest user, retrieves their invitation status, and combines this information into a custom object.
Output Data:
Format-Table -AutoSizeis used to display the data in a formatted table.
Permissions:
- To run this script, ensure you have the necessary permissions:
User.Read.AllorUser.ReadBasic.AllforGet-MgUserInvitation.Read.AllforGet-MgInvitation
Connect-MgGraph -Scopes "User.Read.All", "Directory.Read.All", "AuditLog.Read.All"
#Get all signin activity related properties for a user.
Get-MgUser -UserId '9063e8f7-ac7c-478a-93cc-ff0acdxxxxxx' -Property "SignInActivity"
| Select-Object -ExpandProperty SignInActivity | Select *
#Results
<#LastNonInteractiveSignInDateTime : 16/05/2023 7:26:37 AM
LastNonInteractiveSignInRequestId : 7727ea11-23de-48e3-a168-f7xxxxxxx
LastSignInDateTime : 1/12/2020 2:24:45 AM
LastSignInRequestId : 1d75c0af-b8db-4570-bcd0-5axxxxxxx
LastSuccessfulSignInDateTime :
LastSuccessfulSignInRequestId :
AdditionalProperties : {}
#>
#Export UserPrincipalName,CreatedDateTime, SignInActivity(LastSignInDateTime
& LastNonInteractiveSignInDateTime) from all guest accounts.
Get-MgUser -All:$true -Filter "userType eq 'Guest'"
-Property UserPrincipalName,SignInActivity,CreatedDateTime |
Select-Object CreatedDateTime,
UserPrincipalName,
@{Name="LastLoginDate"; Expression={$_.SignInActivity.LastSignInDateTime}},
@{Name="LastNonInteractiveloginDate"; Expression={$_.SignInActivity.LastNonInteractiveSignInDateTime}}
| Export-Csv -path C:\exports\guest_signin-info_v4.csv
Disconnect-MgGraph
No comments:
Post a Comment