Note to Self: Search Audit Log with Multi-factor Enabled Account using PowerShell

If like me, you use PowerShell or Scripts of any kind, sometimes you find things don’t work, and then you find those commands that resolve it. Isn’t it true that down the line, when you hit the same issue, you then can’t remember what you did. Well, this post is a reminder for me.

Install and Import the Exchange Online Management PowerShell Module

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

Connect to Exchange Online with MFA Enabled Account

Connect-ExchangeOnline -UserPrincipalName user@domain.com

Perform an Audit Log Search

$start = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy')
$end = (Get-Date).ToString('MM/dd/yyyy')

$results = @()
$results = Search-UnifiedAuditLog `
      -StartDate $start `
      -EndDate $end `
      -Operations UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed `
      -ResultSize 5000

Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. He is also a Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...