![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 17%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,855 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello @Austin Dsouza ,
Yes it is possible. make sure that you have the corresponding settings is enabled. I will explain the way in which you can enable It through Security & Compliance Center PowerShell
Open PowerShell and type the following cmdlets one-by-one
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Get the output of the following cmdlet and check if the 'verbose' logging is enabled in your tenant
Get-AdminAuditLogConfig | fl AdminAuditLogEnabled, LogLevel,UnifiedAuditLogIngestionEnabled
The values are expected to be
AdminAuditLogEnabled : True
LogLevel : Verbose
UnifiedAuditLogIngestionEnabled : True
If not, set the values first
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * -AdminAuditLogParameters * -AdminAuditLogExcludedCmdlets Get-*
This example enables administrator audit logging for every cmdlet and every parameter in the organization, with the exception of Get cmdlets.
- Sign in to the Azure portal using an account with global administrator permissions.
- Search for and select Azure Active Directory, then choose Users from the menu on the left-hand side.
- Under Activity from the menu on the left-hand side, select Sign-ins. 4. A list of sign-in events is shown, including the status. You can select an event to view more details.
The Authentication Details or Conditional Access tab of the event details shows you the status code or which policy triggered the MFA prompt.
Check the codes corresponding to user activity from the table here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting#downloaded-activity-reports-result-codes
Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion
Regards,
Manu