Azure AD PowerShell Signins Report for User Login Location

The following Azure Active Directory PowerShell script will generate a table that shows which user logged in and from were to Azure and Microsoft 365.

Azure AD Audit Signin

The report is based on the Azure AD sign-ins report, which is available from the Azure AD portal. I decided to make this report available using PowerShell.

PowerShell Script

By default, the report will display all the users that logged in, in the past 24 hours and will display, User Display Name, UPN, City, State and Region. This report can help detect login events from suspicious locations in case some user details have been compromised.

Before you run the script, Make sure you have the Azure AD PowerShell module running on PowerShell 5.1. Login using connect-azuread and run the script.

$SetDate = (Get-Date).AddDays(-1); $SetDate = Get-Date($SetDate) -format yyyy-MM-dd  
$array = Get-AzureADAuditSignInLogs -Filter "createdDateTime gt $SetDate" 

$data [email protected]()
foreach($item in $array)
{

   
   $row = "" | Select-Object User,UPN,City,State,Region
   $row.user = $item.UserDisplayName
   $row.upn = $item.UserPrincipalName
   $row.city = $item.Location.City
   $row.state = $item.Location.State
   $row.region = $item.Location.CountryOrRegion
   $data += $row 
}
$data | Format-Table -AutoSize

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.