Filter on/Export MFA Fraud Reports

Madi 1 Reputation point
2020-08-13T14:07:23.487+00:00

Hello,

I see a similar, past question about this here, but was wondering if anything has changed since 2018. I have email notifications setup now, but am wanting to view past MFA fraud reports.

Is there a way to filter Azure AD sign-ins that have the Authentication Details - Result Detail - "MFA denied; Phone App Reported Fraud" or export a list of sign-ins that have the report fraud included? I would like to end up with a list of only MFA prompts that have been reported as fraud, rather than going through each sign-in and clicking over to the Authentication Details.

If there isn't a native way to filter/export this information, does anyone have any workaround recommendations?
I have tried exporting a user's sign-in logs from Azure AD as a CSV and that does not contain the Report Fraud information.

Here is the information I've found on MFA fraud alerts.

Thank you!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,371 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,596 Reputation points Microsoft Employee
    2020-08-18T22:04:14.483+00:00

    @Madi
    Looking through Azure AD PowerShell cmdlets for reporting, I did find a section on getting sign-in logs through PS. However, it does look you'll have to use the Azure Active Directory reporting API.

    Since the feature you're looking for isn't available yet, you can definitely provide feedback/request for this feature to be implemented.

    Please let me know if you have any other questions.
    Thank you for your time and patience.

    MSOnline Modules

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.