This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
The requirement is to get the top sign in locations for a user for past 90 days to show on the UX. We are planning to use graph api auditLogs/signIns//{id} endpoint of Microsoft graph api to get signin information, https://learn.microsoft.com/en-us/graph/api/signin-get?view=graph-rest-1.0&tabs=http
We need distinct city, state, country combination for a given user. What is the best way to accomplish this? We plan to call the above Api and select only Location for user and iterate over all pages in response to get locations. Since this set will have lot of duplicates we further plan to aggregate and de-dup on the client side.
Since all this processing will happen on the client side, we are worried about performance and SLA breach.
Questions:
An API that connects multiple Microsoft services, enabling data access and automation across platforms
No. You pretty much have to get the sign-in logs and process them client-side, no other way. Microsoft does not keep any sort of login statistics apart from what's available in said logs, no other data source you can use.
$top, $skiptoken, and $filter, and the guidance is to filter primarily by time range to avoid timeouts.To constrain data volume for a 90‑day window, apply a time-based filter and then de-duplicate on the client:
GET https://graph.microsoft.com/v1.0/auditLogs/signIns
?$filter=createdDateTime ge 2024-01-01T00:00:00Z and createdDateTime le 2024-03-31T23:59:59Z
Then, for each signIn record, use the location object (of type signInLocation) and aggregate distinct combinations of city, state, and countryOrRegion client-side.
The signInLocation resource provides exactly the fields needed:
citystatecountryOrRegiongeoCoordinatesThere is no documented way to push this distinct/aggregation logic into the Microsoft Graph sign-ins endpoint itself.
$filter on createdDateTime to restrict to the last 90 days.$top and follow @odata.nextLink to page through results.AADNonInteractiveUserSignInLogs table can be queried for patterns like “users with multiple cities” or “most active IP addresses” using KQL.LocationDetails (city/country) for a given user and time range, then return the top locations. This offloads aggregation from the client to the log analytics backend.For UX scenarios that must show “top sign-in locations” efficiently, routing sign-in logs to Azure Monitor / Log Analytics and querying with KQL is the most scalable way to get pre-aggregated, distinct locations for a user over a time window.
References: