Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Getting Microsoft 365 Individual User Usage Report with PowerShell. Associated Blogpost https://blog.darrenjrobinson.com/getting-microsoft-365-individual-user-usage-reports-with-powershell/
Function AuthN {
<#
.SYNOPSIS
Authenticate to Azure AD and receieve Access and Refresh Tokens.
.DESCRIPTION
Authenticate to Azure AD and receieve Access and Refresh Tokens.
.PARAMETER tenantID
(required) Azure AD TenantID.
.PARAMETER credential
(required) ClientID and ClientSecret of the Azure AD registered application with the necessary permissions.
.EXAMPLE
$myCred = Get-Credential
AuthN -credential $myCred -tenantID '74ea519d-9792-4aa9-86d9-abcdefgaaa'
.LINK
http://darrenjrobinson.com/
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[string]$tenantID,
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[System.Management.Automation.PSCredential]$credential
)
if (!(get-command Get-MsalToken)) {
Install-Module -name MSAL.PS -Force -AcceptLicense
}
try {
# Authenticate and Get Tokens
$token = Get-MsalToken -ClientId $credential.UserName -ClientSecret $credential.Password -TenantId $tenantID
return $token
}
catch {
$_
}
}
Function GetM365UserActivity {
<#
.SYNOPSIS
Get M365 User Activity.
.DESCRIPTION
Get M365 User Activity.
.PARAMETER days
(optional - Defaults to 7 Days) Days to report on. Accepted values are 7, 30, 90, and 180
.EXAMPLE
GetM365UserActivity
.EXAMPLE
GetM365UserActivity -days 30
.LINK
http://darrenjrobinson.com/
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $false, ValueFromPipeline = $true)]
[ValidateSet("7", "30", "90", "180")]
[string]$days
)
# Refresh Access Token
$global:myToken = AuthN -credential $myCred -tenantID $myTenantId
try {
if ($days) {
# Get M365 User Activity
$m365Activity = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
-Uri "https://graph.microsoft.com/beta/reports/getM365AppUserDetail(period='D$($days)')/content?$format=application/json" `
-Method Get
}
else {
# Get M365 User Activity
$m365Activity = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
-Uri "https://graph.microsoft.com/beta/reports/getM365AppUserDetail(period='D7')/content?$format=application/json" `
-Method Get
}
return $m365Activity
}
catch {
$_
}
}
# Globals
# Tenant ID
$global:myTenantId = '74ea519d-9792-4aa9-86d9-abcdefgaaa'
# Registered AAD App ID and Secret
$global:myCred = [pscredential]::new("1c29e80e-ec64-43f7-b07a-1324567890", ("UEy9yEnU6vcCLzdZm+123ABC456DEFyjyL2nYQeU=" | ConvertTo-SecureString -AsPlainText -Force))
# Report Days
$reportDays = 90
<#
M365 User Activity
#>
Import-Module ImportExcel
Import-Module MSAL.PS
$m365UserActivityData = GetM365UserActivity -days $reportDays
$m365UserActivityData = $m365UserActivityData.replace("", "")
$m365UserActivityConverted = $m365UserActivityData | convertfrom-csv
"Report Data for $($m365UserActivityConverted.Count) Users retrieved...."
$m365UserActivityConverted | Export-Excel -path "./M365UserUsageReport-$($reportDays)Days.xlsx" -AutoSize -AutoFilter -WorksheetName M365UserUsage -ConditionalText $(
New-ConditionalText 'No' DarkRed LightPink
New-ConditionalText 'Yes' DarkGreen LightGreen
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment