How to Programmatically Retrieve Office 365 User Installation Reports with Computer Names


2 views

Many administrators discover too late that Office 365's admin portal doesn't provide installation reports showing which users have activated Office ProPlus and on which machines. While users can see their own installations under "My Account" > "Apps & devices", this information remains invisible to admins through normal channels.

Microsoft's documentation suggests using these approaches:

1. PowerShell: Get-MsolUser -All | Select UserPrincipalName,Licenses
2. Office Deployment Tool configuration.xml

However, neither method provides the crucial computer name data we need for proper asset tracking.

The most reliable method is leveraging Microsoft Graph API to extract this data programmatically. Here's a Python implementation:

import requests
import json

# Authentication
tenant_id = 'your-tenant-id'
client_id = 'your-client-id'
client_secret = 'your-client-secret'

# Get access token
auth_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
auth_data = {
    'client_id': client_id,
    'scope': 'https://graph.microsoft.com/.default',
    'client_secret': client_secret,
    'grant_type': 'client_credentials'
}
auth_response = requests.post(auth_url, data=auth_data)
access_token = auth_response.json().get('access_token')

# Query devices
graph_url = "https://graph.microsoft.com/v1.0/devices"
headers = {
    'Authorization': f'Bearer {access_token}',
    'Content-Type': 'application/json'
}

response = requests.get(graph_url, headers=headers)
devices = response.json().get('value', [])

# Filter Office installations
office_devices = [
    device for device in devices 
    if 'description' in device and 'Office' in device['description']
]

print(json.dumps(office_devices, indent=2))

You can extract relevant events from Azure AD audit logs:

$startDate = (Get-Date).AddDays(-30)
$endDate = Get-Date

Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations "ActivateOffice" -ResultSize 1000 | 
    Select-Object -Property UserIds, Operations, CreationDate, AuditData |
    Export-Csv -Path "OfficeActivations.csv" -NoTypeInformation

Several commercial solutions fill this reporting gap:

  • Lansweeper's Office 365 integration
  • ManageEngine ADManager Plus
  • SysKit Point

Be aware that installation data may be delayed by up to 24 hours in all reporting methods. For critical compliance scenarios, implement regular synchronization rather than relying on real-time queries.

As an Office 365 administrator, you might need to audit Office ProPlus installations across your organization. Surprisingly, the Office 365 admin portal doesn't provide this capability out-of-the-box. While users can see their own installations, administrators lack visibility into which computers have Office installed and activated by each user.

Here are two technical approaches to gather this information:

1. Using PowerShell with Office 365 Reports

While not perfect, you can combine several PowerShell cmdlets to approximate this data:


# Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName admin@yourdomain.com

# Get all licensed users
$users = Get-Mailbox -ResultSize Unlimited | Where {$_.IsLicensed -eq $true}

# Initialize report array
$report = @()

foreach ($user in $users) {
    # Get activation details (this requires appropriate permissions)
    $activations = Get-UserActivationReport -UserPrincipalName $user.UserPrincipalName
    
    foreach ($activation in $activations) {
        $report += [PSCustomObject]@{
            User = $user.UserPrincipalName
            Computer = $activation.DeviceName
            LastActivation = $activation.LastActivationTime
            Product = $activation.ProductName
        }
    }
}

# Export to CSV
$report | Export-Csv -Path "Office365_Installations_Report.csv" -NoTypeInformation

2. Using Microsoft Graph API

A more robust solution involves using the Microsoft Graph API to query activation data:


// First, get an access token
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={client_id}
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret={client_secret}
&grant_type=client_credentials

// Then query the activations
GET https://graph.microsoft.com/v1.0/users/{user-id}/office365Activations
Authorization: Bearer {access-token}

Several commercial solutions can provide this functionality:

  • Lansweeper (offers Office 365 inventory tracking)
  • ManageEngine ADManager Plus
  • SysKit Point (specialized for Office 365 reporting)

Microsoft's current architecture has some intentional limitations:

  • Privacy considerations prevent full visibility
  • Activation data is stored per-user, not centrally
  • Historical data may not be available

For immediate needs, consider creating a PowerShell script that:

  1. Collects all licensed users
  2. Prompts them to run a simple script that reports their activations
  3. Aggregates the results

Microsoft is gradually improving admin capabilities in this area. Watch for updates to:

  • Microsoft 365 admin center reports
  • Microsoft Graph API endpoints
  • PowerShell module enhancements