Nov 10 2020
07:11 AM
- last edited on
Jan 14 2022
04:27 PM
by
TechCommunityAP
Nov 10 2020
07:11 AM
- last edited on
Jan 14 2022
04:27 PM
by
TechCommunityAP
I work on the MFA Team at our company and we are a small group of people within the larger organization and we need to have granular access to specifically see the MFA events in Azure AD. At my old business I used to be a GA but at the new one we are very particular about who has access to what (which makes sense).
I found this article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting#:~:text=A...
It notes that you need to be a GA in order to access the Sign-Ins report in order to view MFA events. Is this true? Is there another security role that can be assigned to get access to this?
Nov 10 2020 10:31 AM
Not sure if that's necessarily true, roles such as Global Reader/Reports Reader should also be able to access sign-in logs and all the details... but too lazy to test it now 🙂
An alternative approach would be to get them events via the Graph API.
Nov 10 2020 11:14 AM
@VasilMichev That is my feeling as well. But I do already both Global Reader and Reports Reader myself and I am still not able to access this.
The Graph API might be a possibility but I was hoping it would be easier than that.
Nov 10 2020 01:33 PM
Solution@VasilMichev I have this figured out. It appears you need the Security Reader role.
Nov 10 2020 01:33 PM
Solution@VasilMichev I have this figured out. It appears you need the Security Reader role.