Note to Self: Search Audit Log with Multi-factor Enabled Account using PowerShell
If like me, you use PowerShell or Scripts of any kind, sometimes you find things don’t work, and then you find those commands that resolve it. Isn’t it true that down the line, when you hit the same issue, you then can’t remember what you did. Well, this post is a reminder for me.
Install and Import the Exchange Online Management PowerShell Module
Install-Module -Name ExchangeOnlineManagement Import-Module ExchangeOnlineManagement
Connect to Exchange Online with MFA Enabled Account
Connect-ExchangeOnline -UserPrincipalName user@domain.com
Perform an Audit Log Search
$start = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy') $end = (Get-Date).ToString('MM/dd/yyyy') $results = @() $results = Search-UnifiedAuditLog ` -StartDate $start ` -EndDate $end ` -Operations UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed ` -ResultSize 5000