Add support for Service Principal sign-in for Get-MgReportApplicationSign

[janegilring]

Currently (module version 1.9.6), when using Get-MgReportApplicationSign - it does not return information about Service Principal sign-ins. You have to specifically request them, by adding the “signInEventTypes/any(t:t eq ‘servicePrincipal’)” filter statement, as described in further detail here.

Would it be possible to either add the “signInEventTypes/any(t:t eq ‘servicePrincipal’)” filter statement by default when running Get-MgReportApplicationSign, or alternatively by a parameter (for example, -IncludeServicePrincipalSignIns)?

Or maybe it would make more sense to create a separate cmdlet? (for example, Get-MgReportServicePrincipalSignIn)

[janegilring]

It seems it is possible to retrieve the information using a filter on Get-MgAuditLogSignIn:

Get-MgAuditLogSignIn -Filter "signInEventTypes/any(t:t eq 'servicePrincipal') and AppId eq '$($Application.AppId)'"

Although, this was not very easy to discover. Maybe some pointers regarding service principal could be added to the cmdlet help and/or https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.reports/get-mgreportazureadapplicationsign?view=graph-powershell-beta ?

[ddyett]

@maisarissi to you for any doc updates that should be done here.

[weyCC81]

If you are query more then 3000 Elements i always get "Get-MgAuditLogSignIn : A task was canceled."

[weyCC81]

Update: "signInEventTypes" Filters does just work with Get-MgBetaAuditLogSignIn not Get-MgAuditLogSignIn yet