Last active
February 2, 2023 12:06
-
-
Save darrenjrobinson/166fccc73e9834eccbf522b9940dc4ea to your computer and use it in GitHub Desktop.
Getting Microsoft 365 Individual User Usage Report with PowerShell. Associated Blogpost https://blog.darrenjrobinson.com/getting-microsoft-365-individual-user-usage-reports-with-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function AuthN { | |
| <# | |
| .SYNOPSIS | |
| Authenticate to Azure AD and receieve Access and Refresh Tokens. | |
| .DESCRIPTION | |
| Authenticate to Azure AD and receieve Access and Refresh Tokens. | |
| .PARAMETER tenantID | |
| (required) Azure AD TenantID. | |
| .PARAMETER credential | |
| (required) ClientID and ClientSecret of the Azure AD registered application with the necessary permissions. | |
| .EXAMPLE | |
| $myCred = Get-Credential | |
| AuthN -credential $myCred -tenantID '74ea519d-9792-4aa9-86d9-abcdefgaaa' | |
| .LINK | |
| http://darrenjrobinson.com/ | |
| #> | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true)] | |
| [string]$tenantID, | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true)] | |
| [System.Management.Automation.PSCredential]$credential | |
| ) | |
| if (!(get-command Get-MsalToken)) { | |
| Install-Module -name MSAL.PS -Force -AcceptLicense | |
| } | |
| try { | |
| # Authenticate and Get Tokens | |
| $token = Get-MsalToken -ClientId $credential.UserName -ClientSecret $credential.Password -TenantId $tenantID | |
| return $token | |
| } | |
| catch { | |
| $_ | |
| } | |
| } | |
| Function GetM365UserActivity { | |
| <# | |
| .SYNOPSIS | |
| Get M365 User Activity. | |
| .DESCRIPTION | |
| Get M365 User Activity. | |
| .PARAMETER days | |
| (optional - Defaults to 7 Days) Days to report on. Accepted values are 7, 30, 90, and 180 | |
| .EXAMPLE | |
| GetM365UserActivity | |
| .EXAMPLE | |
| GetM365UserActivity -days 30 | |
| .LINK | |
| http://darrenjrobinson.com/ | |
| #> | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $false, ValueFromPipeline = $true)] | |
| [ValidateSet("7", "30", "90", "180")] | |
| [string]$days | |
| ) | |
| # Refresh Access Token | |
| $global:myToken = AuthN -credential $myCred -tenantID $myTenantId | |
| try { | |
| if ($days) { | |
| # Get M365 User Activity | |
| $m365Activity = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } ` | |
| -Uri "https://graph.microsoft.com/beta/reports/getM365AppUserDetail(period='D$($days)')/content?$format=application/json" ` | |
| -Method Get | |
| } | |
| else { | |
| # Get M365 User Activity | |
| $m365Activity = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } ` | |
| -Uri "https://graph.microsoft.com/beta/reports/getM365AppUserDetail(period='D7')/content?$format=application/json" ` | |
| -Method Get | |
| } | |
| return $m365Activity | |
| } | |
| catch { | |
| $_ | |
| } | |
| } | |
| # Globals | |
| # Tenant ID | |
| $global:myTenantId = '74ea519d-9792-4aa9-86d9-abcdefgaaa' | |
| # Registered AAD App ID and Secret | |
| $global:myCred = [pscredential]::new("1c29e80e-ec64-43f7-b07a-1324567890", ("UEy9yEnU6vcCLzdZm+123ABC456DEFyjyL2nYQeU=" | ConvertTo-SecureString -AsPlainText -Force)) | |
| # Report Days | |
| $reportDays = 90 | |
| <# | |
| M365 User Activity | |
| #> | |
| Import-Module ImportExcel | |
| Import-Module MSAL.PS | |
| $m365UserActivityData = GetM365UserActivity -days $reportDays | |
| $m365UserActivityData = $m365UserActivityData.replace("", "") | |
| $m365UserActivityConverted = $m365UserActivityData | convertfrom-csv | |
| "Report Data for $($m365UserActivityConverted.Count) Users retrieved...." | |
| $m365UserActivityConverted | Export-Excel -path "./M365UserUsageReport-$($reportDays)Days.xlsx" -AutoSize -AutoFilter -WorksheetName M365UserUsage -ConditionalText $( | |
| New-ConditionalText 'No' DarkRed LightPink | |
| New-ConditionalText 'Yes' DarkGreen LightGreen | |
| ) |
Hey Robert. Comment out line 114 of the script and see what happens.
Inspect the value of $m365UserActivityData after running and see if there is any anomalous characters at the beginning of the output. You may need to then update line 144 adding it back in, but replacing changing the anomalous characters to remove in order to allow ingestion to Excel.
Darren,
Thanks for the quick reply. I commented out the recommended line, that took
care of the ist error message, but left the second one. Here is theline
that was commented out.
Error applying conditional formatting to worksheet Cannot bind argument to
parameter 'Address' because it is null.
At C:\Program
Files\WindowsPowerShell\Modules\ImportExcel\7.2.2\Public\Export-Excel.ps1:643
char:20
+ ... catch {throw "Error applying conditional formatting to worksheet
...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Error applying ...use it
is null.:String) [], RuntimeException
+ FullyQualifiedErrorId : Error applying conditional formatting to
worksheet Cannot bind argument to parameter 'Address' because it is
null
…On Wed, Sep 8, 2021 at 9:06 PM Darren Robinson ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Hey Robert. Comment out line 114 of the script and see what happens.
Inspect the value of $m365UserActivityData after running and see if there
is any anomalous characters at the beginning of the output. You may need to
then update line 144 adding it back in, but replacing changing the
anomalous characters to remove in order to allow ingestion to Excel.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/166fccc73e9834eccbf522b9940dc4ea#gistcomment-3887059>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7UFORG6NQXMEVSDKETJB3UBACCRANCNFSM5DVUVJNA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
Darren,
For some reason it didn't paste. Here is the line of code that I commented
out.
#$m365UserActivityData = $m365UserActivityData.replace("", "")
Again thanks for your help!
Robert
…On Thu, Sep 9, 2021 at 9:54 AM Rob Ayers ***@***.***> wrote:
Darren,
Thanks for the quick reply. I commented out the recommended line, that
took care of the ist error message, but left the second one. Here is
theline that was commented out.
Error applying conditional formatting to worksheet Cannot bind argument to
parameter 'Address' because it is null.
At C:\Program
Files\WindowsPowerShell\Modules\ImportExcel\7.2.2\Public\Export-Excel.ps1:643
char:20
+ ... catch {throw "Error applying conditional formatting to
worksheet ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Error applying ...use it
is null.:String) [], RuntimeException
+ FullyQualifiedErrorId : Error applying conditional formatting to
worksheet Cannot bind argument to parameter 'Address' because it is
null
On Wed, Sep 8, 2021 at 9:06 PM Darren Robinson ***@***.***>
wrote:
> ***@***.**** commented on this gist.
> ------------------------------
>
> Hey Robert. Comment out line 114 of the script and see what happens.
> Inspect the value of $m365UserActivityData after running and see if there
> is any anomalous characters at the beginning of the output. You may need to
> then update line 144 adding it back in, but replacing changing the
> anomalous characters to remove in order to allow ingestion to Excel.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <https://gist.github.com/166fccc73e9834eccbf522b9940dc4ea#gistcomment-3887059>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AA7UFORG6NQXMEVSDKETJB3UBACCRANCNFSM5DVUVJNA>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
>
Darren,
I tested the variable after the execution error and got the following.
PS C:\users\robert\desktop\powershell scripts> $m365UserActivityData
Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.
At line:68 char:29
+ ... 5Activity = Invoke-RestMethod -Headers @{Authorization = "Bearer $($m
...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation:
(System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId :
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Robert
…On Wed, Sep 8, 2021 at 9:06 PM Darren Robinson ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Hey Robert. Comment out line 114 of the script and see what happens.
Inspect the value of $m365UserActivityData after running and see if there
is any anomalous characters at the beginning of the output. You may need to
then update line 144 adding it back in, but replacing changing the
anomalous characters to remove in order to allow ingestion to Excel.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/166fccc73e9834eccbf522b9940dc4ea#gistcomment-3887059>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7UFORG6NQXMEVSDKETJB3UBACCRANCNFSM5DVUVJNA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
Robert, (401) Unauthorized means that either the credentials that you updated in line 101 are incorrect or don't match your tenant that you updated on line 99 for the AAD Application you registered them with as per the blog post https://blog.darrenjrobinson.com/getting-microsoft-365-individual-user-usage-reports-with-powershell/
Fixed that error so the 401 error is now gone. This is what's left.
Error applying conditional formatting to worksheet Cannot bind argument to
parameter 'Address' because it is null.
At C:\Program
Files\WindowsPowerShell\Modules\ImportExcel\7.2.2\Public\Export-Excel.ps1:643
char:20
+ ... catch {throw "Error applying conditional formatting to worksheet
...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Error applying ...use it
is null.:String) [], RuntimeException
+ FullyQualifiedErrorId : Error applying conditional formatting to
worksheet Cannot bind argument to parameter 'Ad
dress' because it is null.
Thanks
Robert
…On Thu, Sep 9, 2021 at 7:05 PM Darren Robinson ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Robert, *(401) Unauthorized* means that either the credentials that you
updated in line 101 are incorrect or don't match your tenant that you
updated on line 99 for the AAD Application you registered them with as per
the blog post
https://blog.darrenjrobinson.com/getting-microsoft-365-individual-user-usage-reports-with-powershell/
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/166fccc73e9834eccbf522b9940dc4ea#gistcomment-3888152>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7UFOS7WBQ5LG37VITMDJDUBE4VNANCNFSM5DVUVJNA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
What is in the $m365UserActivityData and $m365UserActivityConverted objects before being passed to Export-Excel ??
Both are returning empty and no errors.
…On Thu, Sep 9, 2021, 10:13 PM Darren Robinson ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
What is in the $m365UserActivityData and $m365UserActivityConverted
objects before being passed to Export-Excel ??
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/166fccc73e9834eccbf522b9940dc4ea#gistcomment-3888241>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7UFOUZMR2XCOODENQ2463UBFSUJANCNFSM5DVUVJNA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
That explains why the .replace line was failing. Also why the export to excel is failing. You have not returned any data.
Assuming their has been user activity in the associated tenant, try increasing the number of days to report on.
Also make sure you have the right permission to read the data. Your AAD Registered App requires Application Permissions for the Reports.Read.All scope.
Re-entered tenant ID, app I'd and secret and all worked as advertised
thank you for all of your help. I found many of your scripts quite useful
and have been on your site for hours. Once again thanks.
Robert
…On Thu, Sep 9, 2021, 11:07 PM Darren Robinson ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
That explains why the .replace line was failing. Also why the export to
excel is failing. You have not returned any data.
Assuming their has been user activity in the associated tenant, try
increasing the number of days to report on.
Also make sure you have the right permission to read the data. Your AAD
Registered App requires *Application Permissions* for the
*Reports.Read.All* scope.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/166fccc73e9834eccbf522b9940dc4ea#gistcomment-3888284>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7UFOQKWJ5OEGSYO5Q77W3UBFY75ANCNFSM5DVUVJNA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
Hey Darren,
Thank you for all your work on this script and for sharing it with the world.
Unfortunately, I have not been able to get it working. I get the following error:
PS D:\Users\xxx\Desktop> D:\Users\ryan_\Desktop\getM365AppUserDetail.ps1
Report Data for 0 Users retrieved....
Error applying conditional formatting to worksheet Cannot bind argument to parameter 'Address' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\ImportExcel\7.8.3\Public\Export-Excel.ps1:651 char:21
- ... catch { throw "Error applying conditional formatting to worksheet ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : OperationStopped: (Error applying ...use it is null.:String) [], RuntimeException
- FullyQualifiedErrorId : Error applying conditional formatting to worksheet Cannot bind argument to parameter 'Address' because it is null.
PS D:\Users\xxx\Desktop> $m365UserActivityData
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At D:\Users\ryan_\Desktop\getM365AppUserDetail.ps1:67 char:29
-
... 5Activity = Invoke-RestMethod -Headers @{Authorization = "Bearer $($m ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
- FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Note that I comment out the following line, as per your earlier suggestion.
#$m365UserActivityData = $m365UserActivityData.replace("", "")
Any ideas would be much appreciated.
Thank you :)
I had the same issue as you. After searching a lot, I made some modifications to the file, and it worked. I cannot remember what I did (other than editing lines 80 & 86), but I have uploaded the working .ps1 to my git (its my first time doing this).
You can access it at this link: https://gist.github.com/smccnn1/9102bc8040a8486af2406d69033c3ca5#file-getm365appuserdetail-ps1
I hope it works for you!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Darren,
Your script is throwing an error in the excel export operations. can you help?
Method invocation failed because [System.Management.Automation.ErrorRecord] does not contain a method named 'replace'.
At C:\users\james\desktop\powershell scripts\getM365AppUserDetail.ps1:103 char:1
Report Data for 0 Users retrieved....
Error applying conditional formatting to worksheet Cannot bind argument to parameter 'Address' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\ImportExcel\7.2.2\Public\Export-Excel.ps1:643 char:20
Thank you for your assistance and the great PowerShell script!
Robert