Getting last sign-in info of a user via Graph API

Had to do something around this today and thought I’d churn out a quick blog post.

The list signIns endpoint can be used to get sign-in info. To copy from the MS documentation, a typical response looks like this:

Above, there’s only one record, but by default the endpoint returns 1000 records. And they are sorted in descending order of the createdDateTime value.

So if you just want the sign-in info of one user it’s best to filter on that.

This will a bunch of recent sign-ins. In my case, for instance, I got about 400+ records. Obviously I don’t want all that if I am looking for my lates sign-in. In such cases, best to get only the top most record.

If using the PowerShell module, the equivalent is:

It’s also possible to filter by the clients too. The signIn record has a clientAppUsed property. So, I can do:

Where possible it is better to filter at the source (Graph) level rather than get all records and then filter them.

Bear in mind, these records are for both successful and unsuccessful sign-ins. Sometimes the top record would have a status.additionalDetails value of “The user didn’t enter the right credentials.  It’s expected to see some number of these errors in your logs due to users making mistakes.” – meaning, it wasn’t successful, and so is pretty useless if all I am looking for is the last successful sign-in.

The errorCode property within the status property can be used to filter on successful sign-ins. When successful the value is 0. So one can modify the above query to get the last successful sign-in of a user thus:

I would thought I should use the any operator to filter on errorCode but was wrong. It only supports eq as per the documentation. The documentation lists more properties that can be filtered upon.