• Home
  • Blog
  • PowerShell
  • Azure
  • Microsoft 365
  • Exchange
  • Cloud
    • PowerShell Series
    • Microsoft Azure PowerShell Series
  • Microsoft Graph
No Result
View All Result
  • Home
  • Blog
  • PowerShell
  • Azure
  • Microsoft 365
  • Exchange
  • Cloud
    • PowerShell Series
    • Microsoft Azure PowerShell Series
  • Microsoft Graph
No Result
View All Result
No Result
View All Result

Check the Last Time a User Sign-in to Microsoft 365 or Azure AD

February 13, 2023
in Azure, Blog, Cloud, Exchange Online, Exchange Server, Microsoft 365, Microsoft Graph, PowerShell

Table of Contents

While investigating a malicious user’s activities, you might want to track their previous logins. There’re a few ways to achieve that goal.

Check login activity in Microsoft 365 with GUI

Check login activity in Microsoft 365 with Microsoft Graph

Connect-MgGraph -Scopes "User.Read.All","AuditLog.Read.All"
Select-MgProfile beta
$userid = (Get-MgUser -UserId '[email protected]').id
Get-MgUser -Userid $userid -Property SignInActivity | Select-Object -ExpandProperty SignInActivity | FL
#Output
LastNonInteractiveSignInDateTime  : 2/2/2023 2:06:47 AM
LastNonInteractiveSignInRequestId : d8fa780f-c164-4606-b8c1-23d4702af000
LastSignInDateTime                : 2/2/2023 2:06:46 AM
LastSignInRequestId               : 6830f9e6-5be4-4e7d-a381-1cfbef0fc300
AdditionalProperties              : {}
$userid = (Get-MgUser -UserId '[email protected]').id
Get-MgUser -UserId $userid -Property SignInActivity | 
Select @{Name = 'LastSignInDateTime'; Expression = {$_.SignInActivity.LastSignInDateTime}}
#Output
LastSignInDateTime
------------------
2/2/2023 2:06:46 AM
$userid = (Get-MgUser -UserId '[email protected]').id
Get-MgUser -UserId $userid -Property SignInActivity | 
Select @{Name = 'LastSignIn'; Expression = {$_.SignInActivity.LastSignInDateTime}}, `
@{Name = 'LastNonInteractiveSignIn'; Expression = {$_.SignInActivity.LastNonInteractiveSignInDateTime}}
#Output
LastSignIn               : 2/2/2023 2:06:46 AM
LastNonInteractiveSignIn : 2/2/2023 2:06:47 AM

Get the last login date and time for all users

$userids = Get-MgUser -All | Select-Object Id, DisplayName, UserPrincipalName 
$Report=@()
ForEach($userid in $userids) {
Write-Host "Checking the last sign-in for: $($userid.UserPrincipalName)" -ForegroundColor Yellow
$llt = Get-MgUser -UserId $userid.Id -Property SignInActivity | 
       Select @{Name = 'LastSignIn'; Expression = {$_.SignInActivity.LastSignInDateTime}}, `
              @{Name = 'LastNonInteractiveSignIn'; Expression = {$_.SignInActivity.LastNonInteractiveSignInDateTime}}

$Obj = New-Object -TypeName PSObject -Property $([ordered]@{
        "DisplayName" = $userid.DisplayName
        "UserName" = $userid.UserPrincipalName
        "LastSignIn" = $llt.LastSignIn
        "LastNonInteractiveSignIn" = $llt.LastNonInteractiveSignIn
    })

$Report+=$Obj    
}
$Report

Find Last Logon Time Using Exchange Online PowerShell

Get-MailboxStatistics -Identity [email protected] | Select LastLogonTime
PS C:\> Get-MailboxStatistics -Identity [email protected] | Select LastLogonTime

LastLogonTime
-------------
2/4/2023 9:22:34 AM
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select-Object DisplayName,LastLogonTime
PS C:\> Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select-Object DisplayName,LastLogonTime

DisplayName LastLogonTime
----------- -------------
Ben         2/4/2023 9:22:34 AM
Bon Ben     2/4/2023 2:13:07 PM
Bon Ben     2/4/2023 9:38:07 AM
Chris       2/4/2023 10:35:2...
Info        1/11/2023 2:36:3...
...
$Report = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | `
Get-MailboxStatistics | Select-Object DisplayName,LastLogonTime
$Report | Export-CSV "C:\Report.csv" -NoTypeInformation -Encoding UTF8
5/5 - (1 vote)
Previous Post

How to Export Last Logon Time in Microsoft 365 with Graph API

 Next Post

Get-MgUser Insufficient Privileges to Complete the Operation

Related Posts

Private: How To Install and Configure the Squid Proxy Server on Linux

How to Run a Bash Script from an URL on Internet

March 27, 2023
Private: How to Enable and Configure SNMP with IDRAC on Dell Server

How to Monitor a Docker Container using PRTG

April 9, 2023
How to Install Docker on Ubuntu Server

How to Install Docker on Ubuntu Server

March 27, 2023
Ftr38

How To Open Port 80/443 in Azure Virtual Machine

April 7, 2023
Ftr6

How to Open Ports to an Azure Virtual Machine

March 19, 2023
How to Replace Printers using the Universal Print Microsoft 365

How to Install Universal Print PowerShell Module

March 16, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • How to Run a Bash Script from an URL on Internet
  • How to Monitor a Docker Container using PRTG
  • How to Install Docker on Ubuntu Server

Categories

  • Active Directory (1)
  • Azure (10)
  • Blog (41)
  • Cloud (7)
  • Exchange Online (9)
  • Exchange Server (7)
  • Linux (1)
  • Microsoft 365 (10)
  • Microsoft Defender for Endpoint (1)
  • Microsoft Graph (7)
  • Microsoft Universal Print (2)
  • Network Monitoring (1)
  • PowerShell (17)
  • Windows 10 (2)
  • Windows 11 (4)
  • Windows Package Manager (7)
Stay in Touch

Discord Server

Join the Discord server with the site members for all questions and discussions.

Telegram Community

Jump in Telegram server. Ask questions and discuss everything with the site members.

Youtube Channel

Watch more videos, learning and sharing with Leo ❤❤❤. Sharing to be better.

Newsletter

Join the movement and receive our weekly Tech related newsletter. It’s Free.

General

Microsoft Windows

Microsoft Office

VMware

VirtualBox

Technology

PowerShell

Microsoft 365

Microsoft Teams

Email Servers

Socials

Twitter

Telegram

YouTube

Discord

Copyright 2024 © All rights Reserved. Design by Leo with ❤

No Result
View All Result
  • Home
  • Blog
  • PowerShell
  • Azure
  • Microsoft 365
  • Exchange
  • Cloud
    • PowerShell Series
    • Microsoft Azure PowerShell Series
  • Microsoft Graph