Nov 10 2020
- last edited on
Jan 14 2022
I work on the MFA Team at our company and we are a small group of people within the larger organization and we need to have granular access to specifically see the MFA events in Azure AD. At my old business I used to be a GA but at the new one we are very particular about who has access to what (which makes sense).
It notes that you need to be a GA in order to access the Sign-Ins report in order to view MFA events. Is this true? Is there another security role that can be assigned to get access to this?
Nov 10 2020 10:31 AM
Not sure if that's necessarily true, roles such as Global Reader/Reports Reader should also be able to access sign-in logs and all the details... but too lazy to test it now :)
An alternative approach would be to get them events via the Graph API.
Nov 10 2020 11:14 AM
@Vasil Michev That is my feeling as well. But I do already both Global Reader and Reports Reader myself and I am still not able to access this.
The Graph API might be a possibility but I was hoping it would be easier than that.
Nov 10 2020 01:33 PMSolution
@Vasil Michev I have this figured out. It appears you need the Security Reader role.