Public/Windows365/Get-Windows365UserLogonReport.ps1

function Get-Windows365UserLogonReport {

  <#
  .SYNOPSIS
  Capture Windows 365 user logon activity for their Cloud PCs
  Reference: https://github.com/microsoft/Windows365-PSScripts
 
  .DESCRIPTION
  Capture Windows 365 user logon activity for their Cloud PCs
 
  .EXAMPLE
  Get-Windows365UserLogonReport -LogonDays 30 -CsvFile C:\Report.csv
 
  .NOTES
  General notes
  #>


  param (
    [Parameter(Mandatory)]
    $CsvFile,

    [Parameter(Mandatory)]
    $LogonDays
  )

  # Requirements (Modules)
  $module1 = Get-InstalledModule -Name Microsoft.Graph -ErrorAction SilentlyContinue
  if (-not $module1) {
    Write-Host "Installing module Microsoft.Graph"
    Install-Module Microsoft.Graph -Force
  }

  $module2 = Get-InstalledModule -Name AzureADPreview -ErrorAction SilentlyContinue
  if (-not $module2) {
    Write-Host "Installing module AzureADPreview"
    Install-Module AzureADPreview -AllowClobber -Force
  }

  $unistallModule1 = Get-InstalledModule -Name AzureAD -ErrorAction SilentlyContinue
  if ($unistallModule1) {
    Write-Host -ForegroundColor Red "Found AzureAD module, must uninstall. Cannot cohexist with AzureADPreview."
    Write-Host -ForegroundColor Yellow "Run 'Remove-Module -Name AzureAD -Force' as an administrator"
  }

  # Connect to Microsoft.Graph/AzureADPreview
  AzureADPreview\Connect-AzureAD
  $AAD = Get-AzureADTenantDetail
  Write-Host -ForegroundColor Yellow "Connected to AzureADPreview tenant $($AAD.ObjectId)"
  Connect-MgGraph -Scopes "CloudPC.Read.All"
  Select-MgProfile -Name "beta"
  $Graph = Get-MGContext
  Write-Host -ForegroundColor Yellow "Connected to Microsoft.Graph tenant $($Graph.TenantId)"

  # Script: Capture AzureAD Logins from CloudPCs
  $adjdate = (Get-Date).AddDays( - $($LogonDays))
  $string = "$($adjdate.Year)" + "-" + "$($adjdate.Month)" + "-" + "$($adjdate.Day)"
  $CloudPCs = Get-MgDeviceManagementVirtualEndpointCloudPC
  $WebLogons = Get-AzureADAuditSignInLogs -Filter "appdisplayname eq 'Windows 365 Portal' and createdDateTime gt $string"
  $ClientLogons = Get-AzureADAuditSignInLogs -Filter "appdisplayname eq 'Azure Virtual Desktop Client' and createdDateTime gt $string"

  # Script: Get all users assigned to a cloud pc
  $users = @()
  foreach ($CloudPC in $CloudPCs) {
    $users += $CloudPC.UserPrincipalName
    $UPN = $users
  }

  # Script: Build the output to CSV
  foreach ($user in $users) {
    $output = [PSCustomObject]@{
      "CPCUserPrincipalName" = "$UPN"
      "CPCManagedDeviceName" = ""
      "LastLogon"            = ""
      "TotalLogons"          = ""
      "WebLogons"            = ""
      "ClientLogons"         = ""
      "TotalDays"            = "$LogonDays"
    }

    $countweb = $null
    $countclient = $null
    $LastLogon = $null

    #Finds the name of the cloudPC the user has
    foreach ($CloudPC in $cloudPCs) {
      if ($CloudPC.UserPrincipalName -eq $user) {
        $output.CPCManagedDeviceName = $CloudPC.ManagedDeviceName
      }
    }

    #Counts each web logon
    foreach ($WebLogon in $WebLogons) {
      if (($WebLogon.UserPrincipalName -eq $user) -and ($WebLogon.DeviceDetail.Displayname -like "CPC-*")) {
        $countweb = $countweb + 1
        if ($Weblogon.CreatedDateTime -gt $LastLogon) { $LastLogon = $WebLogon.CreatedDateTime }
      }
    }
    if ($countweb -eq $null) { $countweb = 0 }

    #Counts each local client logon
    foreach ($ClientLogon in $ClientLogons) {
      if ($ClientLogon.UserPrincipalName -eq $user) {
        $countclient = $countclient + 1
        if ($Clientlogon.CreatedDateTime -gt $LastLogon) { $LastLogon = $LastLogon.CreatedDateTime }
      }
    }
    if ($countclient -eq $null) { $countclient = 0 }

    #adds both logon counts for a total
    $total = $countweb + $countclient
    $output.TotalLogons = $total

    #outputs web client logon count
    $output.WebLogons = $countweb

    #outputs local client logon count
    $output.ClientLogons = $countclient

    #outputs the last logon time
    $output.LastLogon = $LastLogon

    #outputs notification if no logon activity has been recorded
    if ($total -eq 0) { Write-Host "User has not logged in." -ForegroundColor Red }

    #sends data to CSV file
    $output | Export-Csv -Path $CsvFile -NoTypeInformation -Append
    Write-Host -ForegroundColor Yellow "File was exported to $CsvFile"
  }
}