Reputation: 45
Cannot get signed in users of Azure AD tenant using Microsoft Graph
I'm trying to get the list of user sign-ins into my Azure AD tenant using Microsoft Graph.
I'm using the below query to get them.
https://graph.microsoft.com/v1.0/auditLogs/signIns
But I'm getting the error like this: 
I understood that I'm missing a few permissions but I'm the global administrator of my tenant. I hope it is enough and no other permissions are needed. Still if needed, where to assign them?
Can anyone help me out with proper steps? Any help is appreciated. Thank you.
Upvotes: 2
Views: 609
Answers (1)
Reputation: 22317
As I already mentioned, even if you have global administrator role, you still need to assign permissions while querying in Microsoft Graph Explorer.
As the error says, to get list of sign-in logs, you need permissions like AuditLog.Read.All and Directory.Read.All.
Currently, it requires admin consent even after assigning both the permissions. As you are global admin, you can directly accept the consent.
To know how to assign those permissions and consent them, please check the steps below:
Go to Microsoft Graph Explorer -> Modify Permissions -> Select required permission -> Consent -> Accept
After assigning those permissions, you will get list of sign-in logs successfully without any errors.
For more information in detail, refer this.
Upvotes: 2
Related Questions
- Microsoft graph return "access token is empty"
- Authorization_IdentityNotFound Error while accessing graph API
- MS Graph api user authentication failing
- Authorization_IdentityNotFound on Microsoft Graph API request
- Microsoft graph api access
- Microsoft graph API: Unable to fetch users with the generated access token
- Unable to get access token from Azure AD when using Microsoft Graph Explorer
- Authenticate Azure AD user using graph api
- Microsoft graph and Azure Ad user authentication
- Azure Active Directory Graph API - access token for signed in user