User login tracking: A solution for Microsoft licensing compliance on 30,000 computers

Question:

How can I track all user logins on 30,000 computers over 6 months for Microsoft licensing purposes?

I work for a large organization that has a problem with Microsoft licensing. Many users have the wrong type of license for using Office Desktop apps. We applied a device license to all computers where these users were detected, but now we need to remove it from the computers where they no longer log in. The only report we have is from SCCM, but it only shows the last logged on and top console users. We need a report that shows all user logins on each computer in the last 6 months. Can anyone suggest how this can be done?

Answer:

If you work for a large organization that has a problem with Microsoft licensing, you may face a situation where you need to track all user logins on a large number of computers over a long period of time. This can be challenging, especially if the only report you have is from SCCM, which only shows the last logged on and top console users.

In this article, I will explain why you may need to track all user logins, what are the limitations of SCCM, and what are some possible solutions to achieve your goal.

Why track all user logins?

One reason why you may need to track all user logins is to comply with Microsoft licensing policies. Microsoft offers different types of licenses for using Office Desktop apps, such as F3, E5, and M365 Apps for Enterprise. Each license has different features and costs, and you need to make sure that your users have the right type of license for their needs.

However, sometimes users may have the wrong type of license, either by mistake or by design. For example, some users may have an F3 license, which does not include Office Desktop apps, but they still need to use them. In that case, you may have applied a device license, such as M365 Apps for Enterprise, to all computers where these users were detected. This device license allows any user to use Office Desktop apps on that computer, regardless of their own license type.

But what if some of these users no longer need to use Office Desktop apps, or they have been upgraded to a different license type, such as E5, which already includes Office Desktop apps? In that case, you may want to remove the device license from the computers where they no longer log in, and reclaim it for other purposes. This can help you save money and avoid wasting licenses.

To do that, you need to know which computers have been used by which users in the last 6 months. This is where you need to track all user logins, not just the last logged on and top console users.

What are the limitations of SCCM?

SCCM, or System Center Configuration Manager, is a tool that helps you manage your devices, applications, and updates. It can also provide you with some reports on your devices and users, such as the last logged on user and the top console user.

However, SCCM has some limitations when it comes to tracking all user logins. First of all, SCCM does not store the historical data of user logins, only the current data. This means that you cannot use SCCM to query the user logins on a specific date or time range, such as the last 6 months. You can only see the last logged on user and the top console user at the moment of the report.

Secondly, SCCM does not capture all user logins, only the interactive logins. This means that SCCM only records the user logins that involve a graphical user interface, such as logging in with a username and password, or using a smart card. SCCM does not record the user logins that are non-interactive, such as logging in with a service account, or using a remote desktop connection. These non-interactive logins may still use Office Desktop apps, and therefore affect the licensing.

Thirdly, SCCM does not distinguish between different types of user logins, such as local or domain, or different types of user accounts, such as F3 or E5. This means that SCCM cannot tell you which users have which license type, or which users are using which type of login. This can make it difficult to identify the users who need or do not need the device license.

What are some possible solutions?

Since SCCM cannot provide you with the report you need, you may need to look for other solutions to track all user logins on your computers. Here are some possible solutions that you can try:

  • Use PowerShell scripts. PowerShell is a scripting language that allows you to automate tasks and interact with various systems and applications. You can use PowerShell scripts to query the user logins on your computers, either locally or remotely, and export the results to a file or a database. You can also use PowerShell scripts to filter the results by date, user type, login type, or any other criteria you need. You can find some examples of PowerShell scripts for tracking user logins online, such as [this one](https://gallery.technet.microsoft.com/scriptcenter/Get-All-AD-Users-Logon-9e721a89).
  • Use third-party tools. There are some third-party tools that can help you track user logins on your computers, such as [Lansweeper](https://www.lansweeper.com/), [Netwrix Auditor](https://www.netwrix.com/auditor.html), or [ManageEngine ADAudit Plus](https://www.manageengine.com/products/active-directory-audit/). These tools can scan your network and collect the user logins on your computers, either in real-time or on a schedule. They can also provide you with reports, dashboards, alerts, and analytics on your user logins, and help you comply with Microsoft licensing policies. You can compare the features and prices of these tools online, and choose the one that suits your needs and budget.
  • Use Microsoft Graph API. Microsoft Graph is a platform that connects various Microsoft services and applications, such as Office 365, Azure, Windows, and more. You can use Microsoft Graph API to access and manipulate the data and functionality of these services and applications, such as user logins. You can use Microsoft Graph API to query the user logins on your computers, either by using the [Sign-in activity reports](https://docs.microsoft.com/en-us/graph/api/resources/signinactivity?view=graph-rest-1.0) or the [Audit logs](https://docs.microsoft.com/en-us/graph/api/resources/auditlogroot?view=graph-rest-1.0). You can also use Microsoft Graph API to filter, sort, and aggregate the results by date, user type, login type, or any other criteria you need. You can find some examples of Microsoft Graph API for tracking user logins online, such as [this one](https://docs.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http).
  • Conclusion

    Tracking all user logins on 30,000 computers over 6 months for Microsoft licensing purposes can be a challenging task, especially if you only rely on SCCM. SCCM has some limitations that prevent you from getting the report you need, such as lack of historical data, incomplete data, and undifferentiated data.

    However, there are some possible solutions that you can try, such as using PowerShell scripts, third-party tools, or Microsoft Graph API. These solutions can help you query, filter, and analyze the user logins on your computers, and help you identify the users who need or do not need the device license. This can help you comply with Microsoft licensing policies, and save money and resources.

    I

hope this article was helpful and informative. If you have any questions or feedback, please feel free to leave a comment below. Thank you for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us