Connect-MgGraph -Scopes AuditLog.Read.All
Select-MgProfile Beta
[array]$AuditData = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/reports/servicePrincipalSignInActivities"
If (!($AuditData)) { Write-Host "Error fetching service principal sign in activity data..." ; break }
$AuditData = $AuditData.Value
$Report = [System.Collections.Generic.List[Object]]::new() 
ForEach ($SP in $AuditData) {
   $SpAppId = $SP['appId']
   $ServicePrincipal = Get-MgServicePrincipal -Filter "Appid eq '$SpAppId'"
   $SPName = $ServicePrincipal.DisplayName
   If ($SPName) {
      $SPCreatedDate =  Get-Date($ServicePrincipal.additionalProperties.createdDateTime) -format g
   } Else {
      $SPCreatedDate = $Null }
   $ReportLine = [PSCustomObject]@{
      AppId                   = $SP['appId']
      'Display name'          = $ServicePrincipal.DisplayName
      Publisher               = $ServicePrincipal.PublisherName
      'Sign in audience'      = $ServicePrincipal.SignInAudience
      'Last sign in'          = $SP['lastSignInActivity'].lastSignInDateTime
      'Last app sign in'      = $SP['applicationAuthenticationClientSignInActivity'].lastSignInDateTime
      'Last delegate sign in' = $SP['delegatedClientSignInActivity'].lastSignInDateTime
     }
   $Report.Add($ReportLine) 
}
# Filter out the records that can't be resolved against service principals in the tenant
$ReportSPs = $Report | Where-Object {$Null -ne $_.'Display name'}
$ReportSPs | Out-GridView

Zdroj: https://office365itpros.com/2023/06/14/app-governance-license/