Forum Discussion
Solved
Approve login - Relation information
Hi All To explain my questions a little bit: - Sometimes Outlook needs a new Token a login-window appears - but I cannot see if this is from Outlook or from a source that I should not approve. ...
- Hi BilalelHadd
May be it's overcautious,
- I cannot see which Application triggers the login.
How do I know if it is Outlook, Teams or any malware?
- I cannot see the relation of the login and the approve. The only relation is the time.
Checking the login after 10 minutes .. What about checking before approve?
cu Flori
Hi Florian,
Quite simple, if you didn't sign in, don't accept the challenge.
You can manage the sign-in logs to view the MFA requestor within the Azure Portal - > Azure Active Directory > Select the user > Sign-in logs. There is a delay of approx—10 min. There you can filter by Device, Source IP, Application, etc. You can also monitor if an MFA challenge was accepted or rejected.
I hope this helps!
Quite simple, if you didn't sign in, don't accept the challenge.
You can manage the sign-in logs to view the MFA requestor within the Azure Portal - > Azure Active Directory > Select the user > Sign-in logs. There is a delay of approx—10 min. There you can filter by Device, Source IP, Application, etc. You can also monitor if an MFA challenge was accepted or rejected.
I hope this helps!
Hi BilalelHadd
May be it's overcautious,
- I cannot see which Application triggers the login.
How do I know if it is Outlook, Teams or any malware?
- I cannot see the relation of the login and the approve. The only relation is the time.
Checking the login after 10 minutes .. What about checking before approve?
cu Flori
May be it's overcautious,
- I cannot see which Application triggers the login.
How do I know if it is Outlook, Teams or any malware?
- I cannot see the relation of the login and the approve. The only relation is the time.
Checking the login after 10 minutes .. What about checking before approve?
cu Flori
- I have some good news for you, Microsoft just listened to your request 😉 See the following blog post of Jan Bakker on how to enable the new functionally. Keep in mind that this is not officially supported yet. So don't enable the feature in production.
https://janbakker.tech/enable-location-information-and-code-match-for-azure-mfa/ I agree that when the MFA challenge appears, you can indeed not see which application asks for approval. Because the application only can be checked within the sign-in logs. It also states which application (Teams, Outlook, SharePoint, etc.) See attached screenshot for an example. It also says that if the MFA was completed or rejected, you need to click on authentication details.
It would be a great feature to see which location and application you're trying to sign in to. I will deliver this feedback to Microsoft.
