-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathMSGraphSignDownloadWithClientApp.ps1
More file actions
157 lines (136 loc) · 5.72 KB
/
MSGraphSignDownloadWithClientApp.ps1
File metadata and controls
157 lines (136 loc) · 5.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# ------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# ------------------------------------------------------------
Import-Module Azure
# Replace with your tenantId or tenantDomain
$tenantId = ""
# Replace with your desired time ranges
$toDate = "{0:s}" -f (get-date).ToUniversalTime() + "Z"
$fromDate = "{0:s}" -f (get-date).AddDays(-7).ToUniversalTime() + "Z"
# You can add more filters here
$url = "https://graph.microsoft.com/beta/auditLogs/signIns?`$filter=createdDateTime ge $fromDate and createdDateTime le $toDate"
# By default, it saves the result to DownloadedReport_currentTime.csv. Change it to different file name as needed.
$now = "{0:yyyyMMdd_hhmmss}" -f (get-date)
$outputFile = ".\AAD_SignInReport_$now.csv"
# Configure a client App with the following permissions:
# -----------------------------------------------------------------------------------------------------------------
# AppId | Application Permissions | Delegated Permissions
# Windows Azure Active Directory (Microsoft.Azure.ActiveDirectory)| Read Directory Data |
# Microsoft Graph | Read all audit log data |
# ------------------------------------------------------------------------------------------------------------------
$clientId = "" # ApplicationId, check the documentation for the permissions
$clientSecret = "" # Should be a ~44 character string insert your info here
###################################
#### DO NOT MODIFY BELOW LINES ####
###################################
Function Expand-Collections {
[cmdletbinding()]
Param (
[parameter(ValueFromPipeline)]
[psobject]$MSGraphObject
)
Begin {
$IsSchemaObtained = $False
}
Process {
If (!$IsSchemaObtained) {
$OutputOrder = $MSGraphObject.psobject.properties.name
$IsSchemaObtained = $True
}
$MSGraphObject | ForEach-Object {
$singleGraphObject = $_
$ExpandedObject = New-Object -TypeName PSObject
$OutputOrder | ForEach-Object {
Add-Member -InputObject $ExpandedObject -MemberType NoteProperty -Name $_ -Value $(($singleGraphObject.$($_) | Out-String).Trim())
}
$ExpandedObject
}
}
End {}
}
Function Get-AppToken($tenantId, $clientId, $clientSecret)
{
$loginURL = "https://login.windows.net"
$msgraphEndpoint = "https://graph.microsoft.com"
# Get an Oauth 2 access token based on client id, secret and tenant domain
$body = @{grant_type="client_credentials";resource=$msgraphEndpoint;client_id=$clientId;client_secret=$clientSecret}
$url = "$loginURL/$tenantId/oauth2/token?api-version=1.0"
$oauth = Invoke-RestMethod -Method Post -Uri $url -Body $body
$token = $oauth.access_token
if ($token -eq $null) {
$ErrorString = "ERROR: Failed to get an Access Token"
Write-Output $ErrorString
$Error = New-Object System.Exception $ErrorString
Throw $Error
}
return @{'Authorization'="$($oauth.token_type) $($token)"}
}
Write-Output "--------------------------------------------------------------"
Write-Output "Downloading report from $url"
Write-Output "Output file: $outputFile"
Write-Output "--------------------------------------------------------------"
# Call Microsoft Graph
$count=0
$retryCount = 0
$oneSuccessfulFetch = $False
$headers = Get-AppToken -clientSecret $clientSecret -clientId $clientId -tenantId $tenantId
Do {
Write-Output "Fetching data using Url: $url"
Try {
$myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headers -Uri $url)
$convertedReport = ($myReport.Content | ConvertFrom-Json).value
$convertedReport | Expand-Collections | ConvertTo-Csv -NoTypeInformation | Add-Content $outputFile
$url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink'
$count = $count+$convertedReport.Count
Write-Output "Total Fetched: $count"
$oneSuccessfulFetch = $True
$retryCount = 0
}
Catch [System.Net.WebException] {
$statusCode = [int]$_.Exception.Response.StatusCode
Write-Output $statusCode
Write-Output $_.Exception.Message
if($statusCode -eq 401 -and $oneSuccessfulFetch)
{
# Token might have expired! Renew token and try again
$headers = Get-AppToken -clientSecret $clientSecret -clientId $clientId -tenantId $tenantId
$oneSuccessfulFetch = $False
}
elseif($statusCode -eq 429)
{
# throttled request, wait for a few seconds and retry
Start-Sleep -s 5
}
elseif($statusCode -eq 403 -or $statusCode -eq 400 -or $statusCode -eq 401)
{
Write-Output "Please check the permissions of the user"
break;
}
else {
if ($retryCount -lt 5) {
Write-Output "Retrying..."
$retryCount++
}
else {
Write-Output "Download request failed. Please try again in the future."
break
}
}
}
Catch {
$exType = $_.Exception.GetType().FullName
$exMsg = $_.Exception.Message
Write-Output "Exception: $_.Exception"
Write-Output "Error Message: $exType"
Write-Output "Error Message: $exMsg"
if ($retryCount -lt 5) {
Write-Output "Retrying..."
$retryCount++
}
else {
Write-Output "Download request failed. Please try again in the future."
break
}
}
Write-Output "--------------------------------------------------------------"
} while(-not[string]::IsNullOrEmpty($url))