Uncover the Last Logged-in User on Intune Devices

In the ever-evolving landscape of device management, system administrators play a pivotal role in ensuring that devices are used efficiently and securely within their organizations. A key part of this role involves monitoring who is accessing which devices and when. Specifically, for those managing devices with Microsoft Intune, identifying the last logged-in user on a device can provide valuable insights into device usage patterns and help in troubleshooting various issues.

last logged-in user
last logged-in user

In this blog, we’ll explore a straightforward approach to effortlessly track device usage by uncovering the last logged-in user on Intune-managed devices. By leveraging the capabilities of Microsoft Intune and a few smart strategies, system administrators can easily maintain oversight of device utilization, enhancing both security and operational efficiency.

Solving the mystery of the last logged-in user (using Microsoft Graph)?

The provided PowerShell script facilitates the retrieval of information regarding the last logged-in user for a list of managed devices. It begins by initiating a transcript to log the script’s output. Subsequently, it connects to Microsoft Graph using specified permissions to access device and user data. The script then reads a list of Intune Device IDs from a text file and iterates through each ID.

For each device, it retrieves relevant device information and then makes a call to the Microsoft Graph API to obtain details about the last user who logged in. Further, it fetches additional information about the user and displays it along with the device’s details. Finally, the transcript logging is stopped. Overall, the script automates the process of querying and retrieving data about the last logged-in user for a set of managed devices using Microsoft Graph API.

The code can be further enhanced for each use case by adding outputs to .csv files or additional checks and outputs.

# Start transcript to log output to a file
Start-Transcript -Path "C:\Users\Public\LastLoggedInUser.txt"

# Display message indicating connection to Microsoft Graph
Write-Host "$(Get-Date) Connecting to Graph"

# Connect to Microsoft Graph with specific permissions
Connect-MgGraph -Scopes "DeviceManagementManagedDevices.Read.All, Device.Read.All, User.Read.All"

# Display message indicating reading device list to obtain last logged in user
# The device list is expected to be in a .txt file with Intune Device IDs
$devices = Get-Content -Path "C:\Users\Public\DevicesIntuneIDs.txt"

# Loop through each Intune Device ID to fetch device and user information
foreach ($deviceIntuneID in $devices){
    # Display message indicating fetching information about the managed device
    Write-Host "$(Get-Date) Getting wanted information about the managed device"

    # Retrieve device information based on Intune Device ID
    $deviceInfo = Get-MgDeviceManagementManagedDevice -ManagedDeviceId $deviceIntuneID | Select-Object Id, AzureAdDeviceId, DeviceName, EmailAddress, UserPrincipalName, UserDisplayName

    # Display message indicating fetching last logged in user information using Graph API
    Write-Host "$(Get-Date) Getting the last logged in user information calling Graph API"

    # Construct URL for calling Graph API to retrieve last logged in user information
    $url = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$($deviceInfo.Id)"
    $lastLoggedInUserInfo = (Invoke-MgGraphRequest -Method Get $url).usersLoggedon

    # Display message indicating fetching further information about the user
    Write-Host "$(Get-Date) Getting further information about the user"

    # Retrieve user details based on user ID obtained from Graph API
    $userDetails = Get-MgUser -All -Filter "Id eq '$($lastLoggedInUserInfo.userId)'"

    # Display last user connected to the device along with relevant details
    Write-Host "Last user connected to the device $($deviceInfo.DeviceName) with Intune Device ID $($deviceInfo.Id) is $($userDetails.DisplayName) with ID $($userDetails.Id) on $($lastLoggedInUserInfo.lastLogOnDateTime)" -ForegroundColor Yellow

# Stop transcript logging

With this script, administrators can efficiently gather crucial information about the last user to log in to their Intune-managed devices. While more complex methods might exist, leveraging the simplicity and effectiveness of this approach makes it an invaluable tool for current needs. Future posts might explore alternative approaches, such as analyzing sign-in logs for device connections, to provide a comprehensive understanding of Intune device usage.

References and documentation:

Check the below posts to find out more interesting relevant topics:

Leave a Reply

Your email address will not be published. Required fields are marked *