Get-SignInErrorForAzureUser.ps1

<#
To easily find out why a sign-in failed for a specific user, 
you can use the Where-Object cmdlet to filter the sign-in logs 
by the user's display name, and then output information 
about the failed sign-in attempt.

№ Here's an example of how you might use the Where-Object cmdlet to find out 
why a sign-in failed for a specific user:
#>

# Set the start and end times for the sign-in logs
$startTime = Get-Date -Date "1/1/2022" -Hour 0 -Minute 0 -Second 0
$endTime = Get-Date -Date "12/31/2022" -Hour 23 -Minute 59 -Second 59

# Retrieve the sign-in logs for the specified time range
$signInLogs = Get-AzureADAuditSignInLogs -StartTime $startTime -EndTime $endTime

# Filter the sign-in logs by the user's display name
$userLogs = $signInLogs | Where-Object { $_.UserDisplayName -eq "John Doe" }

# Loop through the user's sign-in logs and output information about failed sign-in attempts
foreach ($log in $userLogs) {
    if ($log.Result -ne "Success") {
        Write-Output "User: $($log.UserDisplayName)"
        Write-Output "Application: $($log.ClientAppUsed)"
        Write-Output "IP Address: $($log.IpAddress)"
        Write-Output "Error Code: $($log.ErrorCode)"
        Write-Output "Error Message: $($log.ErrorMessage)"
        Write-Output "--------------------------------------------"
    }
}

<#
In this script, we retrieve the sign-in logs for the specified time range 
and then filter the logs by the user's display name using the Where-Object cmdlet. 
We then loop through the user's sign-in logs and output information about any 
failed sign-in attempts, including the error code and error message. 

This can help you easily identify the cause of the failed sign-in attempts for the specified user.
#>