0 votes

Is it possible to get a report created that would show us the last X days of the specified users' Azure sign-ins?

The data I'd love to see is found at Home > Tenant > Users > username Activity: Sign-ins

The items that are most important are: Date, Application, Status, IP address, Conditional Access, Authentication requirement

This would help our Helpdesk get a better grasp on why some lockouts are occurring.

Thanks in advance!

by (50 points)
0

Hello,

The report can be generated only using a PowerShell script in a custom report. For us to write the script, please, clarify whether your Microsoft 365 tenant is registered in Adaxes with a user or an application account. To check it:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Cloud Services and select Microsoft 365.
  4. In the Result Pane on the right, right-click your Microsoft 365 tenant and click Edit. image.png
  5. Activate the Authentication tab. image.png

Examples and any additional information about the desired report will be much appreciated.

0

Let's go with Application Account. I'm currently using a user account, but I can fix that so I'm using the best possible connection methods.

Thanks.

0

Hello,

Thank you for the clarification. Due to peculiarities of the Get-AzureADAuditSignInLogs cmdlet, the report can output only up to 1000 log records. Retrieving a greater amount of records from Microsoft 365 can exceed the script execution timeout and fail the report generation. If the 1000 log records limit is fine for you, please, clarify the following:

  • Do we understand correctly that the script should be written considering the application account authentication?
  • Will the report be generated on multiple accounts or on a single one at a time?
0

Oh 1000 would be more than enough. I would like to be able to do 7 days worth and if 1000 logins occur withing 7 days then I can justr check Azure for the rest.

Application account is perfect, thanks.

Single user is all we'd need.

You guys are the best. Thanks.

1 Answer

0 votes
ago by (215k points)

Hello,

Application account is perfect, thanks.

As the Get-AzureADAuditSignInLogs cmdlet does not work when authentication to Azure AD is performed via an application account, the report will use the credentials specified in the Run as section of the Script settings to connect to Azure AD.

Oh 1000 would be more than enough.

Thank you for specifying. For the report to work, you will need to install the AzureADPreview module on each computer where your Adaxes service runs. To create the report:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, right-click your service node.
  3. In the context menu, navigate to New and click Report. image.png
  4. On the first step of the Create Report wizard, specify a report name and select Script. image.png
  5. Click Next twice.
  6. Click New. image.png
  7. Select AD object picker. image.png
  8. Click Next.
  9. Specify a parameter name and display name (e.g. User).
  10. Click Next.
  11. Click Configure. image.png
  12. In the Display only objects that match the following LDAP filter field, enter the following: (sAMAccountType=805306368) image.png
  13. Click OK.
  14. Click Finish.
  15. Click New again.
  16. Select Edit box. image.png
  17. Click Next.
  18. Specify a parameter name and display name (e.g. Days).
  19. Click Next.
  20. Select Numeric. image.png
  21. Click Finish.
  22. Click Next.
  23. In the Report-specific columns section, click Add. image.png
  24. Specify a Display name for the column that will store user login dates (e.g. Date).
  25. Select Date/Time Regular date. image.png
  26. Click Next.
  27. Select Template.
  28. Specify the initial value for the column (e.g. (empty)). This value is required only to create the column. Actual values will be generated via the PowerShell script. image.png
  29. Click Finish.
  30. Click Add again.
  31. Specify a Display name for the column that will store the target applications (e.g. Application) and select Text. image.png
  32. Click Next.
  33. Select Template and specify the initial value for the column.
  34. Click Finish.
  35. Repeat steps 30-34 for the columns that will store the sign-in statuses (e.g. Status), IP addresses of the devices used to connect to your tenant (e.g. IP address), applied conditional access rules (e.g. Conditional Access), and authentication requirements for the sign-ins (e.g. Authentication requirement).
  36. Click Next.
  37. Use this script in the corresponding field.
  38. Click Next twice and finish creating the report.
0

This is perfect. Thank you. I appreciate your help.

Related questions

0 votes
1 answer

When we log out of the self service portal, the system returns the user to /Adaxes/[portal name]/#/SignIn Is it possible to have it return users to the common signin portal instead ? (/Adaxes#/SignIn)

asked Jul 6, 2020 by dgrandja (60 points)
0 votes
1 answer

Hi, is it possible to save to an Adaxes attribute the value of the last Sign In from Azure AD? When we query users for Last Logon, we, of course, can only see the Last Logon value from AD It would be very useful to know the latest login in Azure AD as well

asked Jun 22, 2020 by manuel.galli (100 points)
0 votes
0 answers

When trying to sign in to the self service portal users are getting kicked right back out or getting these messages. This happens to me as well when trying to log in ... Transition has been aborted", "The Transition errored" , and "The parameter is incorrect".

asked Mar 28, 2019 by lindsey.i.hale (20 points)
0 votes
1 answer

I'm trying to create a custom command to Sign out a user of all Office 365 sessions via powershell. Unfortunately the cmdlet requires the AzureAD module which is ... stored O365 credential with the Adaxes powershell module? We're using Adaxes version 2017.2

asked Apr 30, 2018 by markcox (70 points)
0 votes
1 answer

Hello, I have enabled the auto logon option and provided I use http://localhost/AdaxesAdmin things are fine, but if I use the FQDN of the server or 127.0.0.1 then I get a ... this error goes away, but it still doesn't work. Thank you in advance for any help.

asked Apr 29, 2014 by dazbo (390 points)
2,523 questions
2,267 answers
6,079 comments
497,802 users