Forum Discussion
Password changes of users not tracked by MDI / not in table
I was trying to create a KQL query for password changes/resets of users they did not initiate themselves.
But after searching the table IdentityDirectoryEvents - i only see device password changes.
I checked the "Audit Sessions" for the OU the users reside - it is set to audit success for "change password". Also the test-mdiprereq show green.
It is a real "threat" that should be able to hunt - i am not sure what i miss here
Is Techcommunity dead for "community"? Is it just for blogs?
What are the alternatives? Discord and Bluesky/Twitter?
