FIDO key audit logs for single account

Conor Deegan | CloudAssist 21 Reputation points
2022-06-15T19:51:23.727+00:00

How can we identify via logs in Azure AD the sign-in method for an account in a case that 1 user account (global admin) is being accessed by multiple security keys?

We need some way of viewing the audit logs for that account and I cannot see any option in Azure to get to the individual user level and have an audit of all logins. The sign-in logs do not list FIDO keys. Is this only possible in graph and if so how?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,857 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,681 Reputation points
    2022-06-16T19:15:00.87+00:00

    Hello @Conor Deegan | CloudAssist ,

    Thanks for reaching out.

    Azure AD sign-in logs show the method used for a specific sign-in including FIDO keys example: something like this one showing WHFB also the AAD Portal does show the methods available to a user which can find from this link so wondering what do you see in "Authentication Details" for respective users from sign-in logs?

    212126-image.png

    212176-image.png

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.