MFA Failure Report

The default MFA Failure Report provides a record of multi-factor authentication (MFA) failure events for all audited users, computers, and sessions. The report includes the user’s name, the computer where the user attempted to log on or use a role, the time of the attempt, and the reason that MFA authentication failed.

You can filter the information included in a MFA Failure Report by specifying the query criteria and saving the report definition.