I recently needed to track down who had recently used a device bound to AzureAD. We don’t tend to make use of the Primary User field, since our devices tend to be handed out in bulk to large groups of people at once, rather than one-at-a-time. This meant I had to track down who was using which device in a more roundabout method.
To accomplish this, you’ll need to use both Microsoft Graph and Microsoft Endpoint Manager.
Lookup the Device ID
First you’ll need Azure’s device ID for the computer.
Go to https://endpoint.microsoft.com
Click Devices on the left then Windows Devices.
Search for the device you are looking for.
Click on it
In the address bar of the browser, the last part of the URL will be the device ID. Select and copy it.
Query Device Sign-In Information
Now that you have the Device ID, you can lookup the login history using Microsoft Graph.
Go to https://developer.microsoft.com/en-us/graph/graph-explorer
Make sure to sign into graph, or you’ll only see the sample data.
Query type: GET
URL: https://graph.microsoft.com/beta/deviceManagement/managedDevices/[device ID here]
Click Run Query
You’ll only see the first several lines, which probably won’t show the logged on users.
Click the Expand button
Scroll down to where it says usersLoggedOn then select and copy the ID inside of the quotes.
Go back to Endpoint Manager
Click Users on the left.
Paste the user ID into the search field. This should tell you the name of the user who logged into that device. If there were multiple people recently signed in, they’ll all be in the usersLoggedOn array.