I had a requirement where I needed to obtain the last user that logged in to a specific computer. All of the machines I deal with are either Azure joined or Hybrid joined so all logon events are recorded into Azure AD automatically.
Taking advantage of this I used the Microsoft Graph audit logs to allow me from PowerShell to obtain either the last user on a computer or show me a list of all logons for that device from the past 30 days.
https://github.com/SysadminPaul/Scripts/blob/main/Azure/GetComputerLastLogon.ps1
Leave a Reply