question

LiamBest-7873 avatar image
0 Votes"
LiamBest-7873 asked ShwetaMathur answered

Retrieve Azure MFA usage from Graph API

Hi there,

I am looking to retrieve the usage logs of Azure MFA - I would like to be able to retrieve all approvals/denials/failures of login requests that prompted for MFA.

Is there an API endpoint I can use for this?

I have tried using the auditLogs/signIns endpoint, with a filter on the conditionalAccessStatus field, but this does not seem to retrieve what I need.

This KB seems to suggest it is possible, but I am unable to figure out what report to use.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

EDIT:

It appears I need to use the Beta API with a filter of authenticationRequirement eq 'multiFactorAuthentication' - this seems to show the results we need, but also includes lots of login requests where the authenticationMethod is Previously satisfied.

If I can filter out these results, that will do what I need! Any suggestions are much appreciated.

azure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

michev avatar image
0 Votes"
michev answered

There's a built-in report you can access here, and does exactly that: https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/AuthMethodsActivity/menuId/AuthMethodsActivity
Unfortunately, the API behind it is not supported, so if you are aiming to do this programmatically, your best bet is indeed the /signins endpoint, and whatever filters are supported therein. You might have to rely on client-side filtering for the "Previously satisfied" part (as authenticationDetails doesn't seem to support $filter).

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShwetaMathur avatar image
0 Votes"
ShwetaMathur answered

@LiamBest-7873,

Thanks for reaching out.

I understand you are looking to retrieve sign in logs based on Multi-Factor Authentication events.

As Michev mentioned, Unfortunately, there is no graph API endpoint supported to retrieved Authentication Details to retrieve Multifactor Authentication sign in requests.

I would suggest you post this idea at the Azure Feedback Portal, which is monitored by the product team for feature enhancements.

Thanks,
Shweta

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.