0 votes

Is it possible to get a report created that would show us the last X days of the specified users' Azure sign-ins?

The data I'd love to see is found at Home > Tenant > Users > username Activity: Sign-ins

The items that are most important are: Date, Application, Status, IP address, Conditional Access, Authentication requirement

This would help our Helpdesk get a better grasp on why some lockouts are occurring.

Thanks in advance!

by (80 points)
0

Hello,

The report can be generated only using a PowerShell script in a custom report. For us to write the script, please, clarify whether your Microsoft 365 tenant is registered in Adaxes with a user or an application account. To check it:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Cloud Services and select Microsoft 365.
  4. In the Result Pane on the right, right-click your Microsoft 365 tenant and click Edit. image.png
  5. Activate the Authentication tab. image.png

Examples and any additional information about the desired report will be much appreciated.

0

Let's go with Application Account. I'm currently using a user account, but I can fix that so I'm using the best possible connection methods.

Thanks.

0

Hello,

Thank you for the clarification. Due to peculiarities of the Get-AzureADAuditSignInLogs cmdlet, the report can output only up to 1000 log records. Retrieving a greater amount of records from Microsoft 365 can exceed the script execution timeout and fail the report generation. If the 1000 log records limit is fine for you, please, clarify the following:

  • Do we understand correctly that the script should be written considering the application account authentication?
  • Will the report be generated on multiple accounts or on a single one at a time?
0

Oh 1000 would be more than enough. I would like to be able to do 7 days worth and if 1000 logins occur withing 7 days then I can justr check Azure for the rest.

Application account is perfect, thanks.

Single user is all we'd need.

You guys are the best. Thanks.

1 Answer

0 votes
by (216k points)

Hello,

Application account is perfect, thanks.

As the Get-AzureADAuditSignInLogs cmdlet does not work when authentication to Azure AD is performed via an application account, the report will use the credentials specified in the Run as section of the Script settings to connect to Azure AD.

Oh 1000 would be more than enough.

Thank you for specifying. For the report to work, you will need to install the AzureADPreview module on each computer where your Adaxes service runs. To create the report:

  1. Launch Adaxes Administration console.
  2. In the Console Tree, right-click your service node.
  3. In the context menu, navigate to New and click Report. image.png
  4. On the first step of the Create Report wizard, specify a report name and select Script. image.png
  5. Click Next twice.
  6. Click New. image.png
  7. Select AD object picker. image.png
  8. Click Next.
  9. Specify a parameter name and display name (e.g. User).
  10. Click Next.
  11. Click Configure. image.png
  12. In the Display only objects that match the following LDAP filter field, enter the following: (sAMAccountType=805306368) image.png
  13. Click OK.
  14. Click Finish.
  15. Click New again.
  16. Select Edit box. image.png
  17. Click Next.
  18. Specify a parameter name and display name (e.g. Days).
  19. Click Next.
  20. Select Numeric. image.png
  21. Click Finish.
  22. Click Next.
  23. In the Report-specific columns section, click Add. image.png
  24. Specify a Display name for the column that will store user login dates (e.g. Date).
  25. Select Date/Time Regular date. image.png
  26. Click Next.
  27. Select Template.
  28. Specify the initial value for the column (e.g. (empty)). This value is required only to create the column. Actual values will be generated via the PowerShell script. image.png
  29. Click Finish.
  30. Click Add again.
  31. Specify a Display name for the column that will store the target applications (e.g. Application) and select Text. image.png
  32. Click Next.
  33. Select Template and specify the initial value for the column.
  34. Click Finish.
  35. Repeat steps 30-34 for the columns that will store the sign-in statuses (e.g. Status), IP addresses of the devices used to connect to your tenant (e.g. IP address), applied conditional access rules (e.g. Conditional Access), and authentication requirements for the sign-ins (e.g. Authentication requirement).
  36. Click Next.
  37. Use this script in the corresponding field.
  38. Click Next twice and finish creating the report.
0

This is perfect. Thank you. I appreciate your help.

0

Sorry, but what do I have to fill in at point 33? I've selected template, but what is the value. The same for Status, Ip address, conditional acess and authentication requirement?

0

Hello,

It works the same way as at step 28. You need to specify a value (e.g. empty) just to create the custom column. Actual values will be generated via the PowerShell script.

0

ok thanks.

another questions. What is the meaning of "Days" in step 18. In the report view I've to enther the user where I want to see the sign-in, but what in Days? If I enter 1000 I won't see anything

0

Hello,

It is the name of the parameter created on steps 15-21. It corresponds to the number of days a user should be inactive to be added to the report.

0

ok, but If I enter "0" the results stay blank. I there something that I'm doing wrong?

0

Hello,

Such a result is expected. The parameter value cannot be 0.

Related questions

0 votes
1 answer

Hello, The report named Inactive users allowed to log in shows the Active Directory sign-in (Last-Logon-Timestamp) and Azure AD sign-in (Last Logon) but only for Active Directory ... updated by an Azure logic App. But we'd love to have this natively in Adaxes.

asked Dec 13, 2022 by Gavin.Raymen (40 points)
0 votes
1 answer

We manage employee user accounts in our on-premise Active Directory and synchronize them to Azure Active Directory using Azure AD Connect. We'd like to be able to generate ... if this is possible so we can easily identify user accounts that are truly inactive.

asked May 9, 2023 by RickWaukCo (320 points)
0 votes
1 answer

Hi, what is the correct way to create Adaxes Report that will show all explicit Azure role OWNER assignments? I know how to do it in PowerShell so just ... SubscriptionId $Subscription.Id -Force Get-AzRoleAssignment | ? RoleDefinitionName -eq 'owner' } Thanks!

asked Jan 17, 2022 by KIT (910 points)
0 votes
1 answer

I have a custom command, copied from the buit-in deprovisioning script, that revokes all licenses and blocks sign in; however, I get an insufficient permissions error on the ... be happening. I can assign licenses with no issues. Any help would be appreciated.

asked Apr 12, 2023 by Michael Long (70 points)
0 votes
1 answer

Getting "object reference not set to an instance" when trying to sign into Office 365 Tenant Was working fine before

asked Sep 1, 2021 by davm79 (40 points)
3,326 questions
3,026 answers
7,727 comments
544,681 users