Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Users capable of passwordless authentication show incorrect staff numbers

Copper Contributor

Hi All,

 

I set up Passwordless Authentication, as follows:

 

Endpoint Manager

Devices

Config Profile

Identity Protection

Added devices to Test Group in stages

Applied to devices and staff can now use WHFB to log in on work laptops

 

This works well. However, I wanted to check easily who hadn't had the profile applied. I was going into Azure Sign-in logs and checking staff for login authentication but thought there must be an easier report to use. 

 

Found the Azure Authentication Methods-Activity report and this shows only 4 out of 53 Users are capable of passwordless authentication - I can't understand this, as on the same screen it shows all devices registered as WHFB in the graph below. The screenshot only shows a few examples but the

list goes down all showing not capable.

 

Screenshot_20221116_115121.png

Screenshot_20221116_115243.png

 

For the 4 devices it says are capable of passwordless authentication, I cannot see any difference to those listed as not. Every other device is logging in using Business Hello (bar 1 in the screenshot as haven't added to the WHFB group yet)

 

Just wondered why there is a discrepancy in what is being reported.

 

Thanks,

Darren

1 Reply

@CopeStarr 

Its a Limitations of MFA Registration Details and Reset Event Reports 

Even though MFA Registration Details and Reset Event Reports provide great assistance, there are some notable lags too.  

  • Dashboard does not display the PhoneAppNotification and PhoneAppOTP methods that a user might have configured.  
  • Data in the report is not updated in real-time and may reflect a delay of a few hours. 
  • Reports don’t come up with graphical representation for a better understanding. 
  • Scheduling can’t be done in MFA registration reports.