Microsoft Graph service principle sign in

amir.dadon 0 Reputation points
2024-07-08T10:35:35.84+00:00

Hello, I am working on a new analytics service for our company, and I need to retrieve sign-in data for both users and service principals. I am using the following URL: https://graph.microsoft.com/v1.0/auditLogs/signIns. However, I am only getting user sign-ins in the response. Could you please guide me on how to retrieve the sign-in data for service principals? I have attached the data from the portal that I would like to access via the API. Thank you.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,004 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshukatara-6769 9,195 Reputation points
    2024-07-08T10:41:52.8066667+00:00

    Hi,

    The Microsoft Graph API documentation does not provide specific guidance on retrieving sign-in data for service principals. It appears that the endpoint you are using (https://graph.microsoft.com/v1.0/auditLogs/signIns) primarily returns user sign-ins.

    To retrieve sign-in data for service principals, you may need to ensure that your API request includes the necessary filters or parameters to include service principal sign-ins. Here are some steps you can try:

    Check API Permissions: Ensure that your application has the necessary permissions to access sign-in data for service principals. You may need permissions such as AuditLog.Read.All or Directory.Read.All.

    Use Filters: You can try using filters in your API request to specify that you want to include service principal sign-ins. For example:

       GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=appId eq 'your-service-principal-app-id'
    1. Check Documentation: Refer to the Microsoft Graph API documentation for any additional parameters or filters that might be required to retrieve service principal sign-ins.

    Please let us know if you have further questions

    Kindly accept answer if it helps

    Thanks
    Deepanshu

  2. Vasil Michev 105.7K Reputation points MVP
    2024-07-08T15:26:13.5633333+00:00

    Only user sign-ins are returned by default. For other types, you have to specifically "request" them, which you can do via a $filter query:

    GET https://graph.microsoft.com/beta/auditLogs/signIns?$filter=signInEventTypes/any(x:x+eq+'servicePrincipal')
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.