SOLVED

Access to the Sign-Ins report to review MFA events

%3CLINGO-SUB%20id%3D%22lingo-sub-1872165%22%20slang%3D%22en-US%22%3EAccess%20to%20the%20Sign-Ins%20report%20to%20review%20MFA%20events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1872165%22%20slang%3D%22en-US%22%3E%3CP%3EI%20work%20on%20the%20MFA%20Team%20at%20our%20company%20and%20we%20are%20a%20small%20group%20of%20people%20within%20the%20larger%20organization%20and%20we%20need%20to%20have%20granular%20access%20to%20specifically%20see%20the%20MFA%20events%20in%20Azure%20AD.%20At%20my%20old%20business%20I%20used%20to%20be%20a%20GA%20but%20at%20the%20new%20one%20we%20are%20very%20particular%20about%20who%20has%20access%20to%20what%20(which%20makes%20sense).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20this%20article%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-reporting%23%3A~%3Atext%3DAdditional%2520MFA%2520reports%2520%2520%2520%2520Report%2520%2Cthe%2520status%2520of%2520MFA%2520Servers%2520assoc%2520...%2520%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-reporting%23%3A~%3Atext%3DAdditional%2520MFA%2520reports%2520%2520%2520%2520Report%2520%2Cthe%2520status%2520of%2520MFA%2520Servers%2520assoc%2520...%2520%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20notes%20that%20you%20need%20to%20be%20a%20GA%20in%20order%20to%20access%20the%20Sign-Ins%20report%20in%20order%20to%20view%20MFA%20events.%20Is%20this%20true%3F%20Is%20there%20another%20security%20role%20that%20can%20be%20assigned%20to%20get%20access%20to%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1872165%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMFA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1873497%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20to%20the%20Sign-Ins%20report%20to%20review%20MFA%20events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1873497%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20sure%20if%20that's%20necessarily%20true%2C%20roles%20such%20as%20Global%20Reader%2FReports%20Reader%20should%20also%20be%20able%20to%20access%20sign-in%20logs%20and%20all%20the%20details...%20but%20too%20lazy%20to%20test%20it%20now%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3EAn%20alternative%20approach%20would%20be%20to%20get%20them%20events%20via%20the%20Graph%20API.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1873724%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20to%20the%20Sign-Ins%20report%20to%20review%20MFA%20events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1873724%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BThat%20is%20my%20feeling%20as%20well.%20But%20I%20do%20already%20both%20Global%20Reader%20and%20Reports%20Reader%20myself%20and%20I%20am%20still%20not%20able%20to%20access%20this.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Graph%20API%20might%20be%20a%20possibility%20but%20I%20was%20hoping%20it%20would%20be%20easier%20than%20that.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I work on the MFA Team at our company and we are a small group of people within the larger organization and we need to have granular access to specifically see the MFA events in Azure AD. At my old business I used to be a GA but at the new one we are very particular about who has access to what (which makes sense). 

 

I found this article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting#:~:text=A...

 

It notes that you need to be a GA in order to access the Sign-Ins report in order to view MFA events. Is this true? Is there another security role that can be assigned to get access to this?

3 Replies

Not sure if that's necessarily true, roles such as Global Reader/Reports Reader should also be able to access sign-in logs and all the details... but too lazy to test it now :)

An alternative approach would be to get them events via the Graph API.

@Vasil Michev That is my feeling as well. But I do already both Global Reader and Reports Reader myself and I am still not able to access this. 

 

The Graph API might be a possibility but I was hoping it would be easier than that. 

Best Response confirmed by Obliquity (Occasional Contributor)
Solution

@Vasil Michev I have this figured out. It appears you need the Security Reader role.