As part of the new Passwordless GA announcement, Microsoft created a new activity blade in AzureAD. With the new Authentications methods Activity blade it is possible to track the registration and usage of all the authentication methods inside the organization. With the new feature it is possible to track the movement to modern management/ modern authentication.
What Is Passwordless authentication?
Microsoft announced at Ignite 2021 the new Passwordless authentication GA feature. Since this week the passwordless solution is now generally available for Microsoft/AzureAD customers.
More about the full Passwordless authentication in one of the next blog series with all the new Passwordless futures.
This blog post is all about the new reporting options for Passwordless authentication methods. Currently in public preview is the new Authentication method activity feature. You can now view registration and usage information for all your authentication methods from an activity blade.
Prerequisites
For the new activity feature, some prerequisites are needed for optimal usage and reporting.
First the licensing part. Make sure you have the following licensing:
- Azure AD Premium P1 or Azure AD Premium P2
From role view, the following roles can view the new access usage and insights:
- Reports Reader
- Security Reader
- Security Administrator
- Global Administrator
How to enable the activity dashboard
Enabling the new feature is a piece of cake and it is enabled by default. Note: Make sure it takes some time during public preview to see the new features.
For opening/ access the insights blade. Go to Azure Active Directory > Security > Authentication Methods > Activity. There are two tabs in the report: Registration and Usage
Direct link to the activity dashboard: https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthMethodsOverviewBlade
Let’s take a look
Track the movement
One of the biggest challenges from the adaption view is the track of the current adoption to passwordless. As IT/Security admin it is nice to track the movement to modern passwordless authentications. At the moment more and more registration methods are available;
- Mobile
- App notification
- Software token
- Alt mobile
- Office phone
- Hardware token
- Passwordless-app
- Windows Hello For Business
- FIDO2
- Security questions
With the authentication methods dashboard, it is possible to track the registrations and usage of the different methods. Useful to view the trend line and adoption switch to for example passwordless or simply to check the MFA usage.
For the dashboard go to: Azure Active Directory > Security > Authentication Methods > Activity
Registration tab
The registration tab shows the number of users capable of authentications based on the category. For example you track the multi-factor authentications, passwordless or self-service password reset. Recent registration by authentication method shows how many registrations succeeded and failed in the last 24 hours, 7 days, or month.
With the filter options, it is possible to filter all the information. For example, you can filter for only the users registered by authentication method: FIDO2. When clicking, you see all the details
The following three buttons give more detailed information for the registration and capable features.
Users capable of Azure Multi-Factor Authentication: shows the breakdown of users who are both:
- Registered for a strong authentication method
- Enabled by policy to use that method for MFA
Users capable of passwordless authentication: shows the breakdown of users who are registered to sign in without a password by using FIDO2, Windows Hello for Business, or passwordless Phone sign-in with the Microsoft Authenticator app.
Users capable of self-service password reset: shows the breakdown of users who can reset their passwords. Users can reset their password if they’re both:
- Registered for enough methods to satisfy their organization’s policy for self-service password reset
- Enabled to reset their password
How many users registered by authentication method?
The registration – User registered by authentication method reports shows how many users are registered for each authentication method. When clicking for a specific authentication method you can track the users who registered for the specific auth method.
The details screen gives more information about each authentication method and all the registered users:
Track the usage
The usage report gives an overview of the authentication methods which are used to sign-in and perform a password reset. For the usage details click on the tab; Usage
The dashboard gives 4 reports with the following authentications information:
Sign-ins by authentication requirement: Shows the number of successful sign-ins with the compare single-factor VS multi-factor. ( In the screenshot below you can see that single-factor auth is the most commonly used) Ideal dashboard for tracking the adoption from the user-side with passwordless sign-in.
Sign-ins by authentication method: shows the number of user interactive sign-ins (success and failure) by authentication method used.
Number of password resets and account unlocks: shows the number of successful password changes and password resets by self-service and by admin.
Password resets by authentication method: shows the number of successful and failed authentications during the password reset flow by authentication method.
User view
For specific user registration details you can use the registration details view. With the user registration details table, it is possible to search for users and filter the details. You can track the following details:
- UPN
- Name
- MFA Capable
- Passwordless Capable
- SSPR Capable
- Registered methods for the specific user.
Registration view
For the users there is also registration and reset events page. Registration and reset events shows registration and reset events from the last 24 hours, last seven days, or last 30 days including the method used, status, activity type and time. From the adoption and troubleshooting view both are interesting to view the user-registrations details and registration details.
Sources:
Microsoft: Authentication Methods Activity