Azure AD Sign-in logs do not show event for user logging in to Microsoft Azure app on iOS device when authenticating with the Microsoft Authenticator app

David Bird 1 Reputation point
2020-05-28T14:19:48.957+00:00

As the title says, we noticed today that logging in to the Microsoft Azure mobile app on an iPhone does NOT generate an event in the Azure AD Sign-in logs when the user is authenticating using the Microsoft Authenticator app. When authenticating, the user is redirected to the Microsoft Authenticator app where they select their username, then they are redirected back to the Microsoft Azure app without being prompted for a password or MFA code.

An event is only generated in the Azure AD Sign-in logs if we log in to the Microsoft Azure mobile app or https://portal.azure.com in Safari on an iPhone and authenticate by typing in our username and password and then provide the MFA one-time code.

Why is no event generated in the Sign-in logs in the first scenario when the user is authenticating with the Microsoft Authenticator app?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,614 questions
No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Jai Verma 451 Reputation points
    2020-05-28T15:09:39.7+00:00

    Is Passwordless sign in enabled in your environment? Azure AD Sign in logs only capture interactive sign ins

    No comments

  2. David Bird 1 Reputation point
    2020-05-28T15:19:31.26+00:00

    @Jai Verma Thanks for the quick reply. I'm not familiar with passwordless sign-in with Azure. We use the Microsoft Authenticator app for MFA to in our Conditional Access policies to restrict access to some of our other applications like Power BI. Is it possible to see the logs for passwordless sign-ins?

    No comments

  3. Manu Philip 14,036 Reputation points Microsoft MVP
    2020-05-28T15:37:18.743+00:00

    Hello @David Bird ,

    It can take up to 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search. Please clarify if this is the case

    Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

    Regards,

    Manu

    No comments

  4. David Bird 1 Reputation point
    2020-05-28T15:49:52.323+00:00

    @Manu Philip Where can I find the audit logs you are referencing?

    I just checked our Azure tenant and have confirmed the "Microsoft Authenticator passwordless sign-in" method is not enabled (Azure Active Directory > Security > Authentication Methods).