Hello,
I am in the process of introducing Windows Hello for Business to my organisation, and I need to access audit log information for user sign-ins, specifically to see which authentication method was used.
Azure portal sign in logs does not allow me to filter on "authentication methods", so I need to know how to pull the information fromn Powershell using AzureAD, Graph or other module.
So far I have been using the "Search-UnifiedAuditLog" cmdlet, but I cannot figure out how to query the output of "AuditData" property that is returned.
Specifically I need to query the {"UserAuthenticationMethod","Value":"<>"} value of the AuditData output, and report back on all users that have authenticated with method value "262144" - which I am led to beleive is the Windows Hello for Business method?
Thanks in advance