How to locate who enabled an authentication method

jpcapone 1,441 Reputation points
2024-09-13T12:56:29.26+00:00

I went to enable FIDO key functionality in a tenant and I found that it was already enabled. I would like to find out who enabled but I am not sure of the best way to search the audit logs to find out. I am aware that the event could have aged out of the logs due to retention times but I would at least like to make an effort. Any ideas would be appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,826 questions
0 comments No comments
{count} votes

Accepted answer
  1. Navya 11,050 Reputation points Microsoft Vendor
    2024-09-17T02:54:03.1233333+00:00

    Hi @jpcapone

    Thank you for posting this in Microsoft Q&A.

    I understand you would like to view audit logs to determine who enabled the FIDO key in your tenant.

    Please follow the below steps

    1.Sign in to the Microsoft Entra admin center as at least a Reports Reader.

    2.Browse to Identity > Monitoring & health > Audit logs.

    3.Please adjust the filters as shown in the screenshot below..

    User's image 4.You can view the details of users who have enabled FIDO under the 'Initiated by Actor' section.

    User's image

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.