Hi all,
I hope you can help with a query I currently have.
I'm looking to see if I can find a way to check whether users of O365 have logged in using MFA or not. Is this parsed by default, or can anyone point me to a way to find this information within logs.
TLDR:
Can FortiSIEM report on O365 users who are authenticating with or without MFA
Hi @Chessbot,
If using any FAC ,most probably imported remote users reside on FAC database and they have token assigned there, you can see them from the logs on FAC when they can authenticate with or without tokens.
Regarding FortiSIEM question you can try to see Raw Event logs from Analytics if something is reported there.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.