MFA Check Event - When $Port = 443, Event Email Has Values Returned 5199 & 52030?

Goal; send email when a user is on port 443 to check if MFA is setup/Active (current setting for domain is Enabled)

Adding an Event & Send Mail, filtered by My email address as login ID (testing)

Event has this...
The variable $Port as..
Port = $Port 

The email contains values 5199 & 52030
Log for connection shows port 443

It's not important that $Port doesn't work as I expected, is there an undocumented or work-around to display correct port user is connected to, namely when via browser 443

$MFA would be nice...

TIA

 

  • The solution is that when the doc was written it was opposite day...

    $Port Displays the port number of the client
    $ServerPort Displays the port number of the server

    Where server port = client port, so any users on 443 should have TOTP (time based one time password) value in their exported user profile

    Where this is most useful use case would be when MFA is Enabled, as optional, the user can skip. 
    This can be a migration path, enabled allows work to continue, data to flow, and gently push users to adopt MFA. ie One large company vendor user does not have MFA on their phone and needed to wait for their IT to provide a FOB, which nearly 3 weeks later isn't still fully implemented.
    The below, when I login renders this in email the following

    1 active sessions
    17 logins in past 24 hours
    IP = 19.3.60.101
    Port = 64774
    ServerPort = 443





    If I have time, I may share parsing files as a first step to automating an email alert to an admin, but also the client when the port is 443 and TOTP is not Active

    addendum

    This is how the Event is limited to only my login and my inbox isn't hammered by folks logging into the server