Share via

get MFA logs

Oscar Daniel 0 Reputation points
2023-06-13T15:27:17.87+00:00

Hi all,

I need to integrate MFA events in Qradar, but I can't find the events in Azure AD or O365

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,086 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 13,835 Reputation points MVP
    2023-06-13T22:47:44.08+00:00

    Logs of authentication-related activities, including MFA events, are kept by Azure AD. These logs can be found in the Azure portal's Azure AD section, specifically in the "Sign-ins" and "Audit logs" subsections. MFA events such as successful and unsuccessful authentication attempts should be recorded.

    It's unknown that whether Microsoft Authenticator generates separate logs that can be integrated into QRadar. Because this app primarily allows users to approve or deny sign-in attempts, related events are likely to be logged in Azure AD as part of the user's sign-in activity.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.