Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains 10,000 users.
The company has a Microsoft 365 subscription.
You enable Azure Multi-Factor Authentication (MFA) for all the users in contoso.com.
You run the following query.
search "SigninLogs" | where ResultDescription == "User did not pass the MFA challenge."
The query returns blank results.
You need to ensure that the query returns the expected results.
What should you do?
A . From the Azure Active Directory admin center, configure the diagnostics settings to archive logs to an Azure Storage account.
B . From the Security & Compliance admin center, turn on auditing.
C . From the Security & Compliance admin center, enable Office 365 Analytics.
D . From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log Analytics workplace.
Answer: D
Explanation:
You can now send audit logs to Azure Log Analytics. This gives you much easier reporting on audit events and the ability to perform queries such as the one in this question.
References: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics
Leave a Reply