Hi all,
I hope you can help with a query I currently have.
I'm looking to see if I can find a way to check whether users of O365 have logged in using MFA or not. Is this parsed by default, or can anyone point me to a way to find this information within logs.
TLDR:
Can FortiSIEM report on O365 users who are authenticating with or without MFA
Hi @Chessbot,
If using any FAC ,most probably imported remote users reside on FAC database and they have token assigned there, you can see them from the logs on FAC when they can authenticate with or without tokens.
Regarding FortiSIEM question you can try to see Raw Event logs from Analytics if something is reported there.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.