question

nogas avatar image
0 Votes"
nogas asked vipulsparsh-MSFT commented

MFA Fraud Report + Sign In Correlation

Is there a way through Log Analytics to match a MFA fraud report to the sign in that prompted it?

azure-ad-audit-logsazure-ad-sign-in-logs
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@nogas I wanted to follow up and know if the below responses helped in answering your query. If it did, please do not forget to accept the appropriate response as Answer.

1 Vote 1 ·

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@nogas Thanks for reaching out.

All the Fraud MFA reporting comes under Authentication Details under Sign in logs. Sign logs table in Log explorer can help you find more.
I do not have the date set in my tenant.

But I will start from the SignIN logs table to find more :

173571-image.png


You can filter further for Fraud reporting Keywords mentioned here : https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
For example : FAILED_FRAUD_CODE_ENTERED

I can work with you to find the desired results on your dataset if you need further help.




Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.






image.png (160.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.