🎉 Our Microsoft 365 Reporting & Management Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Microsoft Entra ID

How to Find All Users Sign-Ins with Device Details in Microsoft 365

Are users signing in to Microsoft 365 from multiple devices, personal laptops, managed desktops, mobile phones, or shared workstations? Without proper visibility into these sign-ins, admins may face security blind spots, compliance risks, and unauthorized access. This guide shows how to retrieve all users’ sign-ins with device details to enable stronger access control and improve device compliance.

Solution 1
Solution 2
Solution 3
Solution 4
Important Tips
Errors and Resolution Steps
FAQs

Monitor User Sign-Ins with Device Details Using the Entra Admin Center

Microsoft 365 Permission Required
Report Reader Least Privilege
Global Administrator Most Privilege
  • Log in to the Microsoft Entra admin center.
  • Navigate to the Entra ID» Monitoring & health» Sign-in logs. Then, select the specific sign-in and switch to the Device info tab to view the device details.
  • This includes information such as device ID, browser, operating system, compliance status, managed status, and join type.
Monitor User Sign-Ins with Device Details Using the Entra Admin Center
  • Note: In the Entra admin center, you need to check each sign-in individually to view its device details.

Audit Entra User Sign-Ins Log with Device Information Using PowerShell

Microsoft 365 Permission Required
AuditLog.Read.All, Directory.Read.All Least Privilege
Directory.ReadWrite.All Most Privilege
  • Use the following cmdlet to connect to Microsoft Graph PowerShell with at least the Report Reader role.
  • Windows PowerShell Windows PowerShell 
     Connect-MgGraph -Scopes "AuditLog.Read.All", "Directory.Read.All"
  • Execute the PowerShell cmdlet below to list all user sign-ins with their device details.
  • Windows PowerShell Windows PowerShell 
     Get-MgBetaAuditLogSignIn -top 30 |
   Select-Object userDisplayName, userPrincipalName, createdDateTime,
     clientAppUsed, ipAddress,
     @{n='DeviceID';   e={$_.deviceDetail.DeviceId}},
     @{n='Devicename';   e={$_.deviceDetail.Displayname}},
     @{n='OS';         e={$_.deviceDetail.operatingSystem}},
     @{n='Browser';    e={$_.deviceDetail.browser}},
     @{n='IsManaged';  e={$_.deviceDetail.isManaged}},
     @{n='IsCompliant';e={$_.deviceDetail.isCompliant}}|format-table -autosize
  • The execution of the script displays all Microsoft 365 user sign-ins along with device details, such as device ID, device name, operating system, browser, managed status, and compliance status.
Audit Entra User Sign-Ins Log with Device Information Using PowerShell

Get All User Sign-Ins with Device Info Using PowerShell Script

Microsoft 365 Permission Required
Report Reader Least Privilege
Global Administrator Most Privilege
  • While PowerShell can retrieve user sign-ins along with device information, the process is time-consuming and requires multiple filters.
  • To simplify this, we have developed a script that exports Entra ID sign-in activity with device details.
  • Download and run the script to generate users' sign-ins with device details report that includes device name, UPN, OS, and more.
Get All User Sign-Ins with Device Info Using PowerShell Script
GetEntraSigninLogs.ps1
AdminDroid Microsoft 365 Sign-in Analytics

Gain Insights into M365 Device-Based Sign-Ins to Strengthen Identity Protection

AdminDroid’s Microsoft 365 sign-in analytics tool offers detailed reports on sign-ins based on last login, device details, risky sign-ins, and more. This helps to effectively monitor users' sign-in attempts without relying on complicated PowerShell scripts.

List Entra Devices with Last Sign-In Details for Security Review

Identify all Entra registered devices along with their last sign-in details to support security investigations and manage devices effectively.

Track Mobile Device User Sign-Ins in Entra ID

Identify mobile user sign-in logs to find users accessing Microsoft 365 from smartphones and tablets to improve endpoint visibility and enforce mobile access policies.

Identify Non-Compliant Device Sign-Ins in Microsoft 365

Monitor user sign-ins via non-compliant devices, such as those lacking encryption or updated configurations, to enforce stronger compliance controls.

Analyze Most Used Sign-In Devices in Entra ID to Improve Security

View user sign-in summary with devices to find the most frequently used ones and apply endpoint protection, like regular updates, disk encryption, etc, to help block malware and credential-stealing attacks.

Stay Informed About Blocked Sign-Ins in M365 with Device Insights

Receive instant alerts when a disabled user attempts to sign-in and review the device and location details to spot suspicious login attempts in Microsoft 365.

Remove Unmanaged Device Sign-Ins to Strengthen Endpoint Control

Detect users sign-ins from unmanaged devices to ensure only trusted devices can access resources in your Microsoft 365 organization.

Overall, AdminDroid strengthens Microsoft 365 security with actionable insights on user sign-ins, device compliance, and MFA usage. With these insights, you can quickly detect and respond to suspicious activity across your entire organization.

Explore a full range of reporting options
Download Live Demo

Important tips

Reset unused Intune device management permissions in Entra admin center if you are unable to add devices or face failures during sign-ins.

Set up a break-glass app in Entra ID to regain admin access when trusted devices are lost, stolen, or blocked by Conditional Access policies.

Block jailbroken or rooted devices that bypass built-in security controls in Microsoft 365 to prevent serious security breaches.

Common Errors and Resolution Steps

Below are common errors and troubleshooting steps that may occur while identifying users' sign-ins with device details.

Error Get-MgBetaAuditLogSignIn: The term ‘Get-MgBetaAuditLogSignIn’ is not recognized as a name of a cmdlet, function, script file, or executable program.

This error occurs while executing the 'Get-MgBetaAuditLogSignIn' cmdlet in PowerShell without the Microsoft.graph.beta module installed.

Fix Execute the PowerShell cmdlet below to install the Microsoft.graph.beta module. 
Install-Module -Name Microsoft.Graph.Beta

Error Get-MgBetaAuditLogSignIn_list: Authentication needed. Please call Connect-MgGraph.

This error occurs when the ‘Get-MgBetaAuditLogSignIn’ cmdlet is executed without connecting to the Microsoft Graph PowerShell module.

Fix Make sure you have connected to the Microsoft Graph PowerShell module by using the cmdlet below. 
Connect-MgGraph

Error Get-MgBetaAuditLogSignIn_list: User is not in the allowed roles.

This error occurs when you try to access Entra ID sign-in logs without the necessary admin permission.

Fix Please ensure that you possess one of the necessary administrative permissions listed below.
Global Administrator, Security Admin, Security Reader, Global Reader, or Reports Reader.

Error Get-MgBetaAuditLogSignIn_List: Calling principal does not have required MSGraph permissions AuditLog.Read.All.

This error occurs when the ‘Get-MgBetaAuditLogSignIn’ cmdlet is executed without AuditLog.Read.All permissions.

Fix Make sure you have connected to the Microsoft Graph PowerShell module with the required permissions by using the cmdlet below. 
Connect-MgGraph -Scopes "AuditLog.Read.All", "Directory.Read.All"

Error ./GetEntraSigninLogs.ps1: File C:\Users\pc\Downloads\GetEntraSigninLogs.ps1 cannot be loaded. The file C:\Users\pc\Downloads\GetEntraSigninLogs.ps1 is not digitally signed. You cannot run this script on the current system.

This error occurs when Windows PowerShell blocks the execution of the script due to security restrictions. It usually happens when the file is downloaded from the internet or when the execution policy is set to be restrictive.

Fix To resolve the error, run the cmdlet below. 
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Microsoft Entra ID
Frequently Asked Questions

Monitor and Secure Microsoft Entra ID Sign-Ins with Detailed Device Insights!

How to find Microsoft 365 user sign-in logs for a specific device?
How to apply Conditional Access policies to restrict sign-ins from a specific device?
How to find stale devices in Microsoft Entra ID based on last sign-in activity?
How to enforce MFA and allow sign-ins only from trusted devices in Entra ID?
How to remove non-compliant devices used for sign-ins in Microsoft Intune?

1. How to find Microsoft 365 user sign-in logs for a specific device?

Imagine the security team discovers sign-ins from a device previously assigned to an offboarded employee. To assess this potential unauthorized access, they need to track all sign-ins from that specific device. Since sign-ins can’t be directly filtered by device in Intune or Entra ID, you can use Microsoft Graph PowerShell to monitor device-based sign-in activity.

Monitor Microsoft 365 user sign-in details from a specific device

  • Use the following cmdlet to connect to Microsoft Graph PowerShell with at least the Report Reader role.
    Connect-MgGraph -Scopes "AuditLog.Read.All", "Directory.Read.All"
  • Execute the PowerShell cmdlet below to list all user sign-in logs for a specific device.
    $deviceName = "<DeviceName>"
Get-MgBetaAuditLogSignIn -Top 1000 | Where-Object { $_.deviceDetail.displayName -eq  $deviceName } | Select-Object userDisplayName, userPrincipalName, createdDateTime, clientAppUsed, ipAddress, 
@{n='DeviceID';   e={$_.deviceDetail.DeviceId}}, 
@{n='Devicename'; e={$_.deviceDetail.Displayname}},
@{n='OS';         e={$_.deviceDetail.operatingSystem}}, 
@{n='Browser';    e={$_.deviceDetail.browser}}, 
@{n='IsManaged';  e={$_.deviceDetail.isManaged}}, 
@{n='IsCompliant';e={$_.deviceDetail.isCompliant}} | Format-Table -AutoSize
sign-in-from-specific-device-using-powershell

Replace the <DeviceName> with the respective device name to get all the logins for the specific device with details, such as UPN, time, device ID, OS, browser, managed status, and compliance status.

Get instant alerts for users’ sign-in logs in a specific device with just a few clicks using AdminDroid!

Easily set up alerts and filter sign-ins by specific devices using AdminDroid’s all users' sign-ins with device details insights. You can monitor device-specific sign-in trends, receive alerts for unusual activity, and generate detailed reports for audits.

get-alert-sign-ins-from-device-using-admindroid

Handy Tip: Utilize the Threshold property when creating the alert policy to get notified when a specific number of sign-ins from devices occurs within a short timeframe.

2. How to apply Conditional Access policies to restrict sign-ins from a specific device?

When a device is lost, hacked, or doesn't follow your organization's security rules, sign-ins from that device can put your data at risk. To prevent this, admins should apply Conditional Access policies that block user sign-ins from those devices. This ensures only trusted devices can access Microsoft 365 resources and keeps your environment secure.

Create a Conditional Access policy to restrict the sign-ins from a specific device

  • Log in to the Microsoft Entra admin center.
  • Navigate to ID Protection»Risk-based Conditional Access» Policies, and click + New policy.
  • Give a unique name to your policy. In the Users section, specify the users to be a part of this policy, or include all users. Under Target resources, select All cloud apps.
  • In the Conditions section, go to Filters for devices and set Configure to Yes. Then, choose Include filtered devices in policy under Devices matching the rule.
  • Use device properties like Device ID, Operating System, or Join Type to define the specific device you want to restrict.
  • Under Grant, select Block access to prevent sign-in from the filtered devices.
  • Initially, set the policy mode to ‘Report-only’ to test without enforcement.
  • After verifying, switch the policy to On, and click Save to enforce the restriction.
restrict-signin-from-specific-device

3. How to find stale devices in Microsoft Entra ID based on last sign-in activity?

As your Microsoft 365 environment grows, more devices get registered, and some may eventually go unused or inactive. Instead of ignoring these unused devices, admins can review sign-ins to identify those with no recent activity. This helps clean up stale records, reduce clutter in reports, and streamline overall device management.

Track inactive devices using the Entra admin center

  • Log in to the Microsoft Entra admin center.
  • Navigate to Entra ID» Devices» All Devices.
  • Now you can see the last sign-in time of devices under the Activity column.
  • Based on the last sign-in activity, you can identify unused devices that haven’t signed in during the last 30 days.
stale-devices-based-on-last-sign-in-entra

In the Entra admin center, you must manually check the activity column each time to find inactive devices. PowerShell offers a simpler way to detect stale devices.

Check all Entra ID inactive devices using PowerShell

  • Connect to the Microsoft Graph PowerShell module with required permissions using the cmdlet below.
    Connect-MgGraph -Scopes "Device.Read.All"
  • Execute the script below to find all unused devices with details, such as device name, device ID, OS, and last sign-in time.
    $devices = Get-MgDevice -All
$devices | Where-Object { $_.ApproximateLastSignInDateTime -lt (Get-Date).AddDays(-30) } | Select-Object DisplayName, DeviceId, OperatingSystem, ApproximateLastSignInDateTime
stale-devices-by-last-activity-using-powershell

4. How to enforce MFA and allow sign-ins only from trusted devices in Entra ID?

When users attempt to sign in from personal laptops or unmanaged devices, these sign-ins are often considered risky and may be blocked. Instead of completely blocking access, admins can configure conditional access policies to require multi-factor authentication (MFA). This approach ensures that only trusted devices can seamlessly access Microsoft 365 resources, while untrusted devices are challenged with additional verification.

Restrict users' sign-ins from the unmanaged devices using CA policies

  • Log in to the Microsoft Entra admin center.
  • Navigate to ID Protection» Conditional Access» Policies, and click + New policy.
  • Give a unique name to your policy. In the Users section, specify the users to be a part of this policy, or include all users. Under Target resources, select All cloud apps.
  • In the Conditions section, first set the sign-in risk by selecting all three risk levels: High, Medium, and Low.
  • Then, go to Filter for devices and set Configure to Yes.
  • Now choose Include filtered devices in policy under Devices matching the rule.
  • Choose device properties like IsCompliant not equal to true and Trust Type not equal to Entra Registered, Entra Hybrid Joined, Entra Joined as conditions and click Done.
  • Under Grant, select Grant access to sign in from the filtered devices based on the conditions with required MFA.
  • Initially, set the policy mode to ‘Report-only’ to test without enforcement.
  • After verifying, switch the policy to On, and click Save to enforce the restriction.
restrict-access-from-risky-devices-by-device-filters
restrict-access-from-risky-devices-by-mfa

5. How to remove non-compliant devices used for sign-ins in Microsoft Intune?

Over time, some devices used for Microsoft 365 sign-ins may fall out of compliance due to missing security updates, MDM issues, or changes in configuration. Non-compliant devices may continue to access Microsoft services unless they're removed or blocked. To maintain a secure environment, it’s important for admins to regularly review and remove such devices to ensure only healthy, trusted endpoints are allowed for sign-ins.

Remove non-compliant devices used for sign-ins using the Intune admin center

  • Log in to the Microsoft Intune admin center.
  • Navigate to Devices» All Devices.
  • Apply a filter by setting Compliance = Noncompliant to display all non-compliant devices.
  • Select the device from the filtered list that you want to remove.
  • Click ‘Delete’ to remove the device from your organization.
remove-non-compliant-devices-in-intune

Note: You can also remove/block non-compliant devices from the Microsoft Entra admin center.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Microsoft Entra ID
How to Find All Users Sign-Ins with Device Details in Microsoft 365
Microsoft Entra ID Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo