How to monitor your Microsoft 365 MFA setup using Entra ID workbooks
Multi-factor authentication (MFA) is an essential layer of security for Microsoft 365 environments, protecting user accounts and sensitive data from unauthorized access. However, maintaining a balance between strong security and user convenience can be challenging, especially when frequent authentication prompts disrupt productivity. Monitoring and understanding authentication prompts involves analyzing various factors, including user behaviors, device compliance, and application-specific trends. Using Microsoft Entra ID audit logs to track MFA events can provide raw data but lack the actionable insights needed to identify anomalies or optimize user experiences effectively.
Microsoft Entra ID workbooks simplify this challenge by transforming raw log data into visually intuitive dashboards and reports. The Authentication Prompts Analysis workbook offers a detailed view of how authentication prompts occur across users, devices, and applications, helping IT teams detect inefficiencies, troubleshoot issues, and refine policies for improved security and usability.
In this blog, we’ll examine the key features of the Authentication Prompts Analysis workbook, explore its reports, and provide recommendations for optimizing your Microsoft 365 MFA setup to balance security with user satisfaction.
How to Access the Authentication Prompts Analysis Workbook
To access the Authentication Prompts Analysis workbook in Microsoft Entra ID, follow these steps.
- Log in to Microsoft Entra ID using an account with permissions to access workbooks.
- Navigate to Identity > Monitoring & Health > Workbooks.
- Select the Authentication Prompts Analysis workbook from the available templates.
- You can filter the workbook using the following filters.
- Time: Select a specific time range to analyze prompt activity within a defined period.
- AuthMethod: Filter prompts by the authentication method used, such as passwords, Microsoft Authenticator, or phone-based authentication.
- DeviceState: Differentiate between managed and unmanaged devices to assess authentication behaviors.
- AppDisplayName: Focus on prompts generated by specific applications to identify app-specific trends.
- UserDisplayName: Isolate prompts for particular users to troubleshoot or analyze user-specific issues.
- AuthStatus: View prompts based on their outcome, such as successful authentications, failures, or interrupted attempts.
- OS: Analyze prompts by the operating systems involved, such as Windows, macOS, iOS, or Android.
Once opened, this workbook provides interactive dashboards that break down authentication prompts across various dimensions, such as users, devices, methods, and policies.
Microsoft Entra ID Authentication Prompts Analysis workbook explained
The Authentication Prompts Analysis workbook is structured into sections that help administrators identify trends, troubleshoot issues, and optimize MFA prompts. The reports under this workbook include:
- Authentication prompts summary
- Authentication prompts by authentication method
- Authentication prompts by device
- Authentication prompts by user
- Authentication prompts by application
- Authentication prompts by process detail
- Authentication prompts by policy
1. Authentication prompts summary
This report provides the total number of authentication prompts over the set period and the number of successful and failed prompts.
2. Authentication prompts by authentication method
This section provides an overview of authentication prompts in your environment by providing the distribution of authentication methods used as a pie chart and a graph of the number of different authentication methods over the set period.
Understanding which methods generate the most prompts allows administrators to identify inefficiencies and consider alternatives like passwordless solutions.
3. Authentication prompts by device
Prompts by operating system
This report shows the distribution of authentication prompts from different operating systems. This can highlight platform-specific issues or misconfigurations.
Prompts by Device State
This report shows the distribution of prompts across managed and unmanaged devices.
These insights help refine device-specific conditional access policies.
4. Authentication prompts by user
This section focuses on individual user activity, helping administrators understand how users interact with MFA prompts. It identifies users who encounter frequent authentication prompts.
This is useful for troubleshooting individual user complaints about excessive prompts and detecting suspicious behavior, such as unauthorized access attempts targeting specific users, or providing tailored user education on MFA policies.
You can also focus on user-specific data, identifying individuals who encounter frequent prompts using the Prompts by user with additional meta data report. it includes the sign-in location, device type, and the number of prompts requested by the user,
Administrators can use this data to provide targeted support and identify potential misuse.
5. Authentication prompts by application
This report helps you analyze how MFA prompts are distributed across the applications in your Microsoft 365 environment. It offers a clear understanding of application-specific trends that can inform policy optimizations.
You can also focus on user-specific data, identifying individuals who encounter frequent prompts using the Prompts by application with additional meta data report. It includes the application name, the time of sign-in, the result of the authentication attempt, and the number of tries.
Analyzing this data helps optimize app-specific authentication policies.
6. Authentication prompts by process detail
This report dives into the specific processes triggering authentication prompts, providing:
- Details of workflows or processes generating multiple prompts.
- Patterns in repeated authentications within particular scenarios.
- Policies triggering frequent re-authentication for unmanaged devices.
- MFA enforcement rules that require repeated verification based on user location.
- Filter your reports just once and save them as custom reports that you can access in just a few clicks.
- Export reports generated in M365 Manager Plus in not just CSV, but also in other presentable formats such as HTML, PDF, and XLSX.
- Delegate granular permissions to technicians without elevating their Microsoft 365 privileges and create custom roles with any combination of reporting, management, and auditing tasks.
- Easily manage users, groups, contacts, mailboxes, teams, and sites in bulk without PowerShell scripting.
- Keep tabs on even the most granular user activities in your Microsoft 365 environment.
- Configure alert profiles in M365 Manager Plus to notify you of specific activities that take place outside of business hours or occur at unusual frequencies.
- Monitor the health and performance of Microsoft 365 features and endpoints around the clock.
This granular level of detail enables administrators to troubleshoot complex authentication issues effectively.
7. Authentication Prompts by Policy
This section maps prompts to specific conditional access and MFA policies. For example:
By correlating prompts with policies, administrators can adjust configurations to minimize unnecessary disruptions.
Recommendations for reducing prompts and improving user experience
Reducing authentication prompts not only enhances user satisfaction but also improves productivity without compromising security. Here are some actionable recommendations displayed in the Authentication Prompts Analysis workbook:
Managed Devices
Enroll devices in management solutions like Microsoft Intune to allow seamless authentication through conditional access policies. You can verify the enrollment of your devices with the % | Count of Managed Devices report displayed in this section.
Windows Hello for Business
Implement Windows Hello for Business for passwordless sign-ins using biometrics or PINs tied to trusted devices.You can verify this with the %WHFB | Count of Windows Devices report displayed in this section.
Mobile Authentications
Optimize mobile workflows by leveraging app-based authentication methods like Microsoft Authenticator for smoother user experiences. You can verify this with the % Auth App Authentications | Count of Android/iOS Devices report displayed in this section.
Mac OS Authentications
Ensure macOS users benefit from native authentication support and implement certificate-based authentication for a seamless experience. You can verify this with the % | Count of Mac Authentications report displayed in this section.
Get a clear overview of your Microsoft 365 environment with M365 Manager Plus
ManageEngine M365 Manager Plus is a comprehensive administration and security solution for Microsoft 365 used for reporting, managing, monitoring, auditing, and creating alerts for critical activities in your Microsoft 365 environments. You can gain a thorough understanding of your environment not just in Microsoft Entra ID, but also Exchange Online, SharePoint Online, OneDrive for Business, and other Microsoft 365 services, with detailed reports and intuitive visualizations, all from a single console.
There are also other benefits to using M365 Manager Plus to manage and monitor your Microsoft 365 environment
Effortlessly schedule and export reports on your Microsoft 365 environment.
Try now for freeStreamline your Microsoft 365 governance and administration with M365 Manager Plus
Get Your Free TrialRelated Resources
-
Entra ID administration
- How to create custom roles in Microsoft Entra ID
- How to setup SSO in Microsoft Entra ID
- How to configure Conditional Access in Microsoft Entra ID
- What is Microsoft Entra ID?
- What are Microsoft Entra ID administrative units
- How to configure external authentication methods in Microsoft Entra ID
- How to set up self-service group management in Entra ID
- How to takeover unmanaged directory as administrator
- How to change authentication type of subdomain
- What is self-service signup in Entra ID
- Delete a tenant in Microsoft Entra ID
- Manage custom domain names in Microsoft Entra ID
- Multi-tenant organization interaction
-
Entra ID auditing and reporting
-
Entra ID bulk user management
-
Entra ID dynamic groups
-
Entra ID group management
- How to enforce naming policy on Microsoft 365 groups in Entra ID
- How to clean up resources related to all user groups
- How to create basic groups and add members in Entra ID
- Group management cmdlets
- How to add group to another group in Entra ID
- How to delete a group in Entra ID
- How to remove a group from another group in Entra ID
- Check import status
- Edit group settings in Entra ID
- Migrate users with individual licenses to groups
- Restore deleted groups in Microsoft Entra ID
- Set expiration for Microsoft 365 groups in Entra ID
-
Entra ID group membership
- How to utilize Microsoft Entra groups in Entra ID
- How to add group members in Entra ID
- How to add group owners in Microsoft Entra ID
- How to add or remove group member automatically in Entra ID
- How to create group of guest users using native admin center
- How to manage groups and group memberships in Entra ID
- How to remove guests from all user groups in Entra ID
- How to utilize groups and administrator roles in Entra ID
- Add or remove a group from another group in Entra ID
- Bulk group members addition in Entra ID
- Bulk remove group members from Entra ID groups
- How to remove members/owners of a group in Entra ID
-
Entra ID group reports
-
Entra ID license management
- How to automate inactive license management for Entra ID users
- How to change license assignments for user in Entra ID
- How to assign licenses to groups in Entra ID
- How to leverage group-based licensing for optimizing license management in Entra ID
- License assignment troubleshooting
- Assign licenses in Microsoft Entra ID
- Azure AD license membership modification
- Remove licenses in Microsoft Entra ID
- View license plans and details in Microsoft Entra ID
-
Entra ID User management
- How to manage permissions using access reviews in Microsoft Entra ID
- How to restrict guest access permissions in Entra ID
- How to clean up unmanaged Microsoft Entra accounts
- How to assign custom security attributes to users in Entra ID
- How to clean up stale accounts using access reviews
- How to share accounts with Entra ID
- How to update custom security attributes to users in Entra ID
- Add guest users
- Add users to Azure AD
- Assign user roles with Entra ID
- Close user account in an unmanaged Microsoft Entra organization
- How to revoke user access in Microsoft Entra ID using PowerShell
- Microsoft 365 delete users
- Remove custom security attribute assignments from users
-
Entra ID user reports
- How to monitor risky sign-ins in Microsoft Entra ID
- License usage reports in Microsoft Entra ID
- How to get the last logon date of users in Microsoft Entra ID
- How to view Microsoft 365 login attempts using PowerShell and Microsoft Entra ID
- How to report the MFA status for users in Microsoft Entra ID
- How to monitor recently created users in Entra ID
- Track password changes by admins in Microsoft Entra ID
- How to monitor user role changes in Entra ID
- How to track self-service password resets in Microsoft Entra ID
- How to create custom sign-in reports in Entra ID
- How to find deleted users in Entra ID
- How to verify deleted users in Entra ID
- Filter users based on custom security attributes
- Download Microsoft 365 user list
-
Entra ID workbooks
- How to create custom Microsoft Entra ID workbooks
- What are Microsoft Entra ID workbooks
- How to handle privilege escalation in Microsoft Entra ID
- How to monitor risky sign-ins using Microsoft Entra ID workbooks
- How to monitor your Microsoft 365 MFA setup using Entra ID workbooks
- How to audit for app permission threats with Microsoft Entra workbooks
- Conditional Access Gap Analyzer workbook in Microsoft Entra ID
-
Exchange Online administration
- How to change deleted items retention for Exchange Online mailboxes
- How to change the branding of clutter notifications in Exchange Online
- How to configure message delivery restrictions for Exchange Online mailboxes
- How to configure moderated recipients in Exchange Online
- How to create user mailboxes in Exchange Online
- How to enable and disable MAPI for a mailbox in Exchange Online
- How to enable or disable Outlook on the web for a mailbox in Exchange Online
- How to manage mail contacts in Exchange Online
- How to manage permissions for recipients in Exchange Online
- How to manage resource mailbox in Exchange Online
- How to save sent items in a delegators mailbox in Exchange Online
- How to create and edit shared mailboxes in Exchange Online
- How to add or remove email address for a mailbox in Exchange Online
- How to configure email forwarding for a mailbox in Exchange Online
- How to convert a mailbox in Exchange Online
- How to delete or restore user mailboxes in Exchange Online
- How to manage user mailboxes in Exchange Online
-
Exchange Online groups
- Create and manage groups in Exchange admin center in Exchange Online
- How to create and manage distribution list groups in Exchange Online
- How to create and manage dynamic distribution list groups in Exchange Online
- How to create distribution group naming policy in Exchange Online
- How to manage guest access to Microsoft 365 groups in Exchange Online
- How to manage role groups in Exchange Online
- How to override the distribution group naming policy in Exchange Online
- How to view members of a distribution group in Exchange Online
-
Microsoft Teams
-
Public Folders
- Create public folder calendar in Exchange Online
- How to restore deleted public folder in Exchange Online
- How to setup public folders in new organization
- Migrate public folders to Microsoft 365 groups in Exchange Online
- Recover deleted public folder mailbox in Exchange Online
- How to mail-enable and mail-disable public folders in Exchange Online