Tracking Down AzureAD Device Sign-Ins

I recently needed to track down who had recently used a device bound to AzureAD. We don’t tend to make use of the Primary User field, since our devices tend to be handed out in bulk to large groups of people at once, rather than one-at-a-time. This meant I had to track down who was using which device in a more roundabout method.

To accomplish this, you’ll need to use both Microsoft Graph and Microsoft Endpoint Manager.

Lookup the Device ID

First you’ll need Azure’s device ID for the computer.

Go to

Click Devices on the left then Windows Devices.

Search for the device you are looking for.

Click on it

In the address bar of the browser, the last part of the URL will be the device ID. Select and copy it.

Query Device Sign-In Information

Now that you have the Device ID, you can lookup the login history using Microsoft Graph.

Go to

Make sure to sign into graph, or you’ll only see the sample data.

Query type: GET

Version: beta

URL:[device ID here]

Click Run Query

You’ll only see the first several lines, which probably won’t show the logged on users.

Click the Expand button

Scroll down to where it says usersLoggedOn then select and copy the ID inside of the quotes.

Go back to Endpoint Manager

Click Users on the left.

Paste the user ID into the search field. This should tell you the name of the user who logged into that device. If there were multiple people recently signed in, they’ll all be in the usersLoggedOn array.

4 thoughts on “Tracking Down AzureAD Device Sign-Ins”

  1. Got an error “ResourceNotFound”, both for 1.0 and Beta when searching for a device. Any idea why?

    1. Matz, I can replicate that error if I put in a bad device ID. Can you double check that the device ID is being copied correctly from the address bar without any extra characters?

      1. Can you still get this info if the device is not on Intune?
        Only the Device ID & Object ID Available on Azure AD & can see the same details on Defender 365

        1. The DeviceID from AzureAD (or Entrata I guess we have to call it now) looks the same to me as the one in Intune. You should be able to use that ID. Hope that works for you!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.