Recently, I came across a post on LinkedIn which demonstrated that Passkey authentication is way faster than traditional Password+MFA notification login. It made me curious: how much time does it exactly take to do MFA? TL;DR– This report uses the SignInLogs table which needs to be configured in Diagnostic settings– Unfortunately I did not manage […]
https://f12.hu/2025/01/04/how-much-time-your-users-are-wasting-with-traditional-mfa/
Housekeeping with Defender for Identity – finding unassinged AD subnets using the IdentityLogonEvents table
https://f12.hu/2024/10/25/find-clients-authenticating-from-unassigned-ad-subnets-using-defeder-for-identity/
Evaluating report-only Conditional Access impact is very straightforward when Entra ID logs are streamed to Log Analytics. Those who can’t have this feature enabled can still use the AADSignInEvents beta table in Defender to find some extra insights.
https://f12.hu/2024/01/17/hunting-for-report-only-microsoft-managed-conditional-access-impacts/
Recently, John Savill* uploaded a video on this very cool feature and I thought to give it a try when I realized I have no Log Analytics integration enabled, so no Workbooks for me 🙁[*big fan of John’s videos, pure gold] This is not fair to those who only use Microsoft 365 products or who […]
https://f12.hu/2023/09/03/conditional-access-gap-analyzer-without-log-analytics-integration/