Tutorial: How to download and use a script to access sign-in logs
You can download the sign-in activities data if you want work with it outside the Azure portal. The Download option in the Azure portal creates a CSV file of the most recent 5000 records. If you need more flexibility, for instance, to download more than 5000 records at a time, or to download the logs at scheduled intervals, you can use the Script button to generate a PowerShell script to download your data.
In this tutorial, you learn how to generate a script to download all the sign-in logs from the last 24 hours and schedule it to run every day.
- An Azure Active Directory tenant with a premium (P1/P2) license.
- A user, who is in the global administrator, security administrator, security reader or report reader role for the tenant. In addition, any user can access their own sign-ins.
- If you want to run the downloaded script on your Windows 10 machine, set up the AzureRM module and set execution policy.
- Navigate to the Azure portal and select your directory.
- Select Azure Active Directory and select Sign-ins from the Monitoring section.
- Use the Date Range filter drop-down and select 24 Hours to get data from the last 24 hours.
- Select Apply and verify that the filter is applied as expected.
Select Script from the top menu to download the Powershell script with the applied filters.
Open the Task Scheduler application on your Windows machine and select Create Basic Task.
- Enter a name and description for the task and click Next.
- Select the Daily radio button to allow the task to run daily and enter the start date and time.
- In the action menu, select Start a program and select the downloaded script and select Next.
Review the scheduled task and select Finish to create the task.
Now, your task will run every day and save the sign-in records from the last 24 hours into a file of the format AAD_SignInReport_YYYYMMDD_HHMMSS.csv. You can also edit the downloaded PowerShell script to save it under a different file name, or to modify the number of records downloaded.