Skip to content

Get-MgBetaReportServicePrincipalSignInActivity fails #3536

New issue
New issue
Open
Open
Get-MgBetaReportServicePrincipalSignInActivity fails#3536
Labels
status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience
@dmaloney-exelixis

Description

@dmaloney-exelixis
dmaloney-exelixis
opened on Feb 20, 2026

Describe the bug

trying to pull ServicePrincipal Signin Data.

Get-MgBetaReportServicePrincipalSignInActivity

Authenticated as GA and Security Admin. Cannot get powershell query to return results. RAW API query is successful in Graph Explorer

Get-MgBetaReportServicePrincipalSignInActivity_List: User is not in the allowed roles

Status: 403 (Forbidden)
ErrorCode: Authentication_RequestFromUnsupportedUserRole
Date: 2026-02-20T00:29:35

Expected behavior

return proper JSON data for SP Signin activity

"@odata.context": "https://graph.microsoft.com/beta/$metadata#reports/servicePrincipalSignInActivities",
"@odata.nextLink": "https://graph.microsoft.com/beta/reports/servicePrincipalSignInActivities?$skiptoken=3f1d26a74d2c66ee0ffa2bd59ec9229ed6aace91038bc5e1509a55de05c5b150",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET reports/servicePrincipalSignInActivities?$select=appId,applicationAuthenticationClientSignInActivity",
"value": [
    {
        "id": "MDAwMDAwMDItMDAwMC0wMDAwLWMwMDAtMDAwMDAwMDAwMDAw",
        "appId": "00000002-0000-0000-c000-000000000000",
        "lastSignInActivity": {
            "lastSignInDateTime": "2026-02-19T17:02:22.8258112Z",
            "lastSignInRequestId": "db867493-60ee-4371-898a-8f6597750b00"
        },
        "delegatedClientSignInActivity": {
            "lastSignInDateTime": null,
            "lastSignInRequestId": null
        },
        "delegatedResourceSignInActivity": {
            "lastSignInDateTime": "2026-02-19T17:02:22.8258112Z",
            "lastSignInRequestId": "db867493-60ee-4371-898a-8f6597750b00"
        },
        "applicationAuthenticationClientSignInActivity": {
            "lastSignInDateTime": null,
            "lastSignInRequestId": null
        },
        "applicationAuthenticationResourceSignInActivity": {
            "lastSignInDateTime": "2026-01-21T23:53:34.3439822Z",
            "lastSignInRequestId": "54742ab6-89bd-4ff6-be5c-c42f673c1a00"
        }
    },
    {
        "id": "MzhhYTNiODctYTA2ZC00ODE3LWIyNzUtN2EzMTY5ODhkOTNi",
        "appId": "38aa3b87-a06d-4817-b275-7a316988d93b",
        "lastSignInActivity": {
            "lastSignInDateTime": "2026-02-19T17:02:22.8258112Z",
            "lastSignInRequestId": "db867493-60ee-4371-898a-8f6597750b00"

How to reproduce

Connect-MgGraph -Scopes "AuditLog.Read.all","Directory.Read.All"
Get-MgBetaReportServicePrincipalSignInActivity

SDK Version

No response

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions