MFA Fraud Report + Sign In Correlation

redacted 21 Reputation points

Is there a way through Log Analytics to match a MFA fraud report to the sign in that prompted it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,396 questions
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee

    @redacted Thanks for reaching out.

    All the Fraud MFA reporting comes under Authentication Details under Sign in logs. Sign logs table in Log explorer can help you find more.
    I do not have the date set in my tenant.

    But I will start from the SignIN logs table to find more :


    You can filter further for Fraud reporting Keywords mentioned here :

    I can work with you to find the desired results on your dataset if you need further help.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful