Hi there,
We are sending all Office 365/Azure logs to our SIEM platform, and we would like to visualise the authentication type (single factor/multifactor) and registered MFA method (phone, email, authenticator app, etc) for each user. I am aware that this information can be seen on Microsoft Entra admin center, but we would like to see it in our SIEM for all users and all tenancies we manage. However, we cannot find where this information is located on the logs we receive from Office 365.
I will appreciate if someone explain where can we find the information in the logs, and if not part of the logs, where else can we find it?
I am also attaching screenshots of the details we like to see in the logs.
Regards
M.