Automating Entra ID User Registration Insights with Microsoft Graph API and Power BI – Complete guide

Recently, I worked on an assignment that required extracting statistics related to user registration details in Microsoft Entra ID (Azure Active Directory). Specifically, the goal was to monitor the registration status of Multi-Factor Authentication (MFA), Self-Service Password Reset (SSPR), and Passwordless sign-in methods.

While Microsoft Entra provides a built-in dashboard for authentication method activity (For more details, please refer to Microsoft learn), it serves more as a snapshot than a custom reporting solution unless you export the data and visualize it. If you’re an administrator responsible for monitoring security and compliance, relying solely on a manual process like exporting CSVs and building pivot tables quickly becomes time-consuming and error-prone.

So how can we automate this?

The answer lies in Microsoft Graph API. When paired with Power BI, you can create a live, automated dashboard that pulls user registration details directly, without manual effort.

Use Case: Why Automate User Registration Reporting?

The native Entra dashboard is great for quick reviews, but it falls short when:

• You need regular, scheduled insights (daily/weekly/monthly).

• You want to build advanced reports or filter by custom attributes.

• Your compliance team needs auditable records or exportable insights.

Manual Process: Limitations

1. Log in to the Microsoft Entra Portal.

2. Navigate to Protection > Authentication Methods > Monitoring > User Registration Details.

3. 
   

   

   
   

   

4. 
   

   

5. Download the CSV

6. Open in Excel or import into Power BI

7. Build the same charts every time.

This is manageable for one-off reviews. But for ongoing monitoring, you’ll want something better and granting the access to the Entra Portal with read-access to view this data is not something i would prefer.

⚙️ Automated Solution: Microsoft Graph API + Power BI

Automating Entra ID User Registration Insights – Prerequisites

To integrate Microsoft Graph API with Power BI using app-only (unattended) access, you need the following:

1. Application (Client) ID and Secret Key.

2. Microsoft Graph API permissions.

3. Microsoft Graph endpoint URI.

4. Power BI Pro license (if report to be published to workspace and to be accessible by others).

Step 1: Register an App in Microsoft Entra

1. Go to Microsoft Entra Portal.

2. Register a new application.

3. Note the Application ID (Client ID).

4. Generate a Client Secret and copy the value.

Refer to the official Microsoft guide for step-by-step instructions.

Step 2: Assign Microsoft Graph Permissions

Your app will need the following application permission:

• UserAuthenticationMethod.Read.All

After adding the permission, don’t forget to grant admin consent for the tenant.

Step 3: Identify the Microsoft Graph Endpoint

I use Microsoft Docs to get user registration detail uri from 

From the above MS article, we found the user registration details URI is https://graph.microsoft.com/v1.0/reports/authenticationMethods/userRegistrationDetails

Step 4: Setup Power BI Desktop

1. Install Power BI Desktop and open the application with blank report.

2. Click Home / Get Data / Blank Query

3. 

4. Name it as a token (f you change the name to something else, you will need to use the same data function in the graph query) in the right-hand side properties

   
   

   

5. Open Advanced Editor and paste the following code (update with your Tenant ID, Client ID, and Secret):

   
   

    

() =>
let
    url = https://login.microsoftonline.com/TenantID/oauth2/token,
     body = "scope=openid&grant_type=client_credentials" &
            "&Client_Id=Application ID" &
            "&Client_Secret=SecretValue" &
            "&resource=https://graph.microsoft.com/",
     
     response = Json.Document(Web.Contents(url, [ 
         Headers = [ #"Content-Type" = "application/x-www-form-urlencoded" ],
         Content = Text.ToBinary(body)
     ])),
     
     accessToken = response[access_token]
in
     accessToken

• Click Done, then click Invoke to test
• If successful, you’ll see an access token string returned.

Step 5: Query User Registration Data

1. Click Home / Get Data / Blank Query again.

2. Name it UserRegistrationDetails

3. Paste the following code in Advanced Editor: (In the following, the token is referring to the above function created earlier). In the following query, I have selected all the columns that you could see in the Entra ID portal ,Reference

   
   

let
    Source = Json.Document(Web.Contents(
            "https://graph.microsoft.com/v1.0/reports/authenticationMethods/userRegistrationDetails",   [Headers = [Authorization = "Bearer " & Token()]]
        )
     ),

Expanded = Table.ExpandRecordColumn(
         Table.ExpandListColumn(
             Table.FromRecords({Source}),
             "value"
         ),
         "value",
         {
             "id", "userPrincipalName", "userDisplayName", "userType", "isAdmin",
             "isSsprRegistered", "isSsprEnabled", "isSsprCapable", "isMfaRegistered",
             "isMfaCapable", "isPasswordlessCapable", "methodsRegistered",
             "isSystemPreferredAuthenticationMethodEnabled", "systemPreferredAuthenticationMethods",
             "userPreferredMethodForSecondaryAuthentication", "lastUpdatedDateTime"
         },
         {
            "id", "userPrincipalName", "userDisplayName", "userType", "isAdmin",
             "isSsprRegistered", "isSsprEnabled", "isSsprCapable", "isMfaRegistered",
             "isMfaCapable", "isPasswordlessCapable", "methodsRegistered",
             "isSystemPreferredAuthenticationMethodEnabled", "systemPreferredAuthenticationMethods",
             "userPreferredMethodForSecondaryAuthentication", "lastUpdatedDateTime"
         }
     ),

Final = Table.TransformColumns(
         Expanded,
         {"methodsRegistered", each Text.Combine(List.Transform(_, Text.From), ","), type text}
     )
in
     Final

    Step 6: Configure Credentials

1. When prompted, set authentication type to Anonymous.
   
   

   

2. You will see ‘information required about data privacy’

   
   

   Ignore the privacy level warning and save.

   
   
   

   Click on close and apply at the top left corner

   
   

You’ll now see your data loading into Power BI.

Once the changes are loaded, you will see the following on the right side of the Data

Visualize the Data

With the data model loaded, you can build dashboards for:

• % of users MFA Registered vs Capable.

• % of users with Passwordless enabled.

• Users who are SSPR Capable but not registered.

• Time trends using lastUpdatedDateTime.

• Breakdown of preferred/default authentication methods.

You can now publish the report to the workspace and let the report run at different schedule times (max 8 ) and let the team access the stats easily.

Automating Entra ID User Registration Insights – Final Thoughts

Integrating Microsoft Graph API with Power BI unlocks a powerful reporting solution that’s scalable, secure, and maintainable. This approach helps ensure visibility into user authentication readiness, without manual overhead.

You can replicate the same approach for other Graph APIs—device reports, sign-in logs, or conditional access insights—and build a rich security and identity monitoring solution.