You might be able to use this query if you're collecting your logs in Azure to a log analytics workspace.
Hope it helps.
I am working on some metrics reporting and the items I am looking for I cannot seem to get. What I am looking for is a PowerShell script that will run a list of employees going back through January 1st, only if their MFA had been revoked. I can run a script that will tell me if it is currently revoked, but when they re-authenticate obviously they won't be counted in the list anymore. So I need some scripting help please and thank you. Or.. if their is a way to run that report in Azure or O365, could anyone point me in the right direction I have not been successful. Please and thank you!