MFA Fraud Report + Sign In Correlation

redacted 21 Reputation points
2022-02-11T01:44:46.047+00:00

Is there a way through Log Analytics to match a MFA fraud report to the sign in that prompted it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,396 questions
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2022-02-11T11:03:09.743+00:00

    @redacted Thanks for reaching out.

    All the Fraud MFA reporting comes under Authentication Details under Sign in logs. Sign logs table in Log explorer can help you find more.
    I do not have the date set in my tenant.

    But I will start from the SignIN logs table to find more :

    173571-image.png

    You can filter further for Fraud reporting Keywords mentioned here : https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
    For example : FAILED_FRAUD_CODE_ENTERED

    I can work with you to find the desired results on your dataset if you need further help.

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful