Report on MFA Prompts

Copper Contributor

I need to provide evidence to management on the number of MFA prompts users are receiving to determine suitability of our configuration. I know I can select an individual logon event where conditional access is classed as successful to determine what authentication method is used but is there a way to generate a report say on all MFA authentications passed by App Notification, Phone Call or SMS and ignore those passing due to existing token or hybrid joined device.

5 Replies

You can either export the Azure AD Sign-in logs and pivot the data or plug it into Sentinel or some other system. The new Insights dashboard could also help: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Insights

@VasilMichevI know the dashboard says it is in preview, but I'm seeing weird results, and I don't know if this is because of our configuration, or errors in the report.   I had always assumed our configuration was not supported for this report.  We're using MFA server (not Azure MFA server), but we see a small number of users appearing in the report and I can see no pattern behind this.

Not sure if MFA server is supported, sorry.

Thanks@VasilMichev the Usage & Insights includes the data I need but I have to generate reports per application. I also seem to be limited to 5200 results when downloading each applications sign-in report regardless of timescale selected. This is a pain for applications that have a large number of sign-ins.

Thanks @VasilMichev.  Kind of guessed that was the case.  Just bizarre that it reports some data  - I expected to see no data at all.