Home
%3CLINGO-SUB%20id%3D%22lingo-sub-750623%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750623%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20difference%20between%20registered%20and%20able%20to%20reset%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-745370%22%20slang%3D%22en-US%22%3EAuthentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-745370%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EToday%2C%20I%E2%80%99m%20excited%20to%20announce%20the%20public%20preview%20of%20Authentication%20Methods%20Usage%20%26amp%3B%20Insights!%20The%20reporting%20provided%20by%20this%20feature%20helps%20you%20understand%20the%20adoption%20of%20self-service%20password%20reset%20(SSPR)%20and%20Multi-Factor%20Authentication%20(MFA)%20in%20your%20organization.%20This%20gives%20you%20insights%20into%20how%20many%20users%20are%20registered%20to%20use%20SSPR%20and%20MFA%2C%20how%20often%20SSPR%20is%20used%20to%20reset%20passwords%2C%20as%20well%20as%20which%20methods%20are%20used%20for%20resetting%20passwords.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EKeep%20reading%20to%20learn%20more%20about%20these%20awesome%20reporting%20capabilities!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%20id%3D%22toc-hId-1595059541%22%3EAuthentication%20methods%20registration%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOne%20of%20the%20most%20common%20requests%20we%20hear%20from%20customers%20is%20to%20have%20the%20ability%20to%20understand%20who%20is%20and%20is%20not%20registered%20for%20both%20MFA%20and%20SSPR.%20In%20the%20%3CSTRONG%3ERegistration%20%3C%2FSTRONG%3Esection%20of%20the%20Authentication%20Methods%20Registration%20report%2C%20you%20can%20see%20how%20many%20of%20your%20users%20are%20registered%20for%20MFA%20and%20SSPR.%20You%20can%20also%20see%20how%20many%20users%20are%20enabled%20to%20use%20SSPR%2C%20and%20how%20many%20of%20these%20users%20have%20actually%20registered%20so%20they%20can%20reset%20their%20own%20passwords.%20This%20data%20is%20calculated%20by%20looking%20at%20each%20user%20to%20see%20which%20methods%20they%E2%80%99ve%20registered%20and%20whether%20they%20are%20enabled%20for%20SSPR.%20You%20can%20drill%20down%20and%20see%20the%20status%20of%20each%20user%20by%20clicking%20one%20of%20the%20tiles.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121823iDD62B73688051AA1%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Authentication%20Methods%201.png%22%20title%3D%22Authentication%20Methods%201.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EFigure%201.%20Authentication%20Methods%20Registration%20overview.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%20to%20the%20overall%20registration%20numbers%2C%20you%20can%20also%20see%20the%20success%20and%20failure%20of%20registrations%20per%20authentication%20method.%20This%20allows%20you%20to%20understand%20which%20authentication%20methods%20your%20users%20most%20commonly%20registered%20and%20which%20ones%20are%20easy%20for%20them%20to%20register.%20This%20data%20is%20calculated%20using%20the%20last%2030%20days%20of%20audit%20logs%20from%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsecurityinfodocs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecombined%20security%20info%20registration%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fuser-help%2Factive-directory-passwords-reset-register%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESSPR%20registration%3C%2FA%3E%20experiences.%20You%20can%20drill%20down%20and%20see%20the%20latest%20registration%20audit%20information%20for%20each%20user%20by%20clicking%20the%20chart.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121824i3CFF471D0CBB260D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Authentication%20Methods%202.png%22%20title%3D%22Authentication%20Methods%202.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EFigure%202.%20Authentication%20Methods%20Registration%20details.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%20id%3D%22toc-hId--957097420%22%3ESSPR%20authentication%20methods%20usage%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%20to%20understanding%20which%20users%20are%20registered%2C%20you%20can%20also%20learn%20more%20about%20SSPR%20usage%20in%20your%20organization.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121825i8BFE3EA9C138E394%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Authentication%20Methods%203.png%22%20title%3D%22Authentication%20Methods%203.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EFigure%203.%20SSPR%20Authentication%20Methods%20Usage%20report.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20%3CSTRONG%3EUsage%20%3C%2FSTRONG%3Esection%20of%20the%20report%2C%20you%20can%20see%20which%20authentication%20methods%20your%20users%20are%20using%20when%20they%20reset%20their%20passwords%20and%20how%20successful%20they%20were%20in%20using%20those%20authentication%20methods.%20This%20data%20is%20calculated%20using%20the%20last%2030%20days%20of%20SSPR%20audit%20logs.%20From%20here%2C%20you%20can%20drill%20down%20and%20see%20the%20latest%20SSPR%20audit%20information%20for%20each%20user%20by%20clicking%20the%20chart.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121826i181682F091F5DDE4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Authentication%20Methods%204.png%22%20title%3D%22Authentication%20Methods%204.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EFigure%204.%20SSPR%20Authentication%20Methods%20Usage%20details%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%20id%3D%22toc-hId-785712915%22%3ETry%20it%20out!%3C%2FH3%3E%0A%3CP%3ETo%20check%20out%20Authentication%20Methods%20Usage%20%26amp%3B%20Insights%20for%20your%20tenant%2C%20do%20the%20following%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ESign%20in%20to%20the%20Azure%20portal%20as%20a%20Security%20Reader%2C%20a%20Security%20Administrator%2C%20or%20a%20Reports%20Reader.%3C%2FLI%3E%0A%3CLI%3ENavigate%20to%20%3CSTRONG%3EUsage%20%26amp%3B%20insights%20%3C%2FSTRONG%3E%26gt%3B%20%3CSTRONG%3EAuthentication%20methods%20activity%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3ETo%20learn%20more%20about%20Authentication%20Methods%20Usage%20%26amp%3B%20Insights%20reporting%2C%20check%20out%20our%20documentation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20would%20love%20to%20hear%20your%20feedback!%20Please%20submit%20your%20ideas%20to%20our%20%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F169401-azure-active-directory%3Fcategory_id%3D168426%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efeedback%20forum%3C%2FA%3E%20and%20we%E2%80%99ll%20review%20and%20respond%20to%20them.%20You%20can%20also%20let%20us%20know%20what%20you%20think%20in%20the%20comments%20below.%20As%20always%2C%20we%E2%80%99d%20love%20to%20hear%20any%20feedback%20or%20suggestions%20you%20have.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3ECorporate%20VP%20of%20Program%20Management%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-745370%22%20slang%3D%22en-US%22%3E%3CP%3EToday%2C%20I%E2%80%99m%20excited%20to%20announce%20the%20public%20preview%20of%20Authentication%20Methods%20Usage%20%26amp%3B%20Insights!%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20781px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123060i91DA043B11A50F52%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22authentication%20image.jpg%22%20title%3D%22authentication%20image.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-745370%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20and%20Access%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750735%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750735%22%20slang%3D%22en-US%22%3E%3CP%3EInstructions%20are%20missing%20an%20important%20step%3A%20Go%20to%20%3CSTRONG%3EAzure%20Portal%20%26gt%3B%20%3C%2FSTRONG%3E%3CU%3EOpen%20%3C%2FU%3E%3CSTRONG%3E%3CU%3EAzure%20Active%20Directory%3C%2FU%3E%26gt%3B%26nbsp%3BUsage%20%26amp%3B%20insights%20%3CSPAN%3E%26gt%3B%20%3C%2FSPAN%3EAuthentication%20methods%20activity%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751290%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751290%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20numbers%20are%20a%20bit%20misleading%20as%20it%20counts%20*all*%20users%2C%20including%20ones%20with%20sign-in%20blocked%20(aka%20disabled%20federated%20users).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751517%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751517%22%20slang%3D%22en-US%22%3E%3CP%3EHere%20my%202%20cents%2C%26nbsp%3B%3C%2FP%3E%3CP%3ESeparate%20guest%20users%20from%20the%20company%20ones%3A%20in%20my%20example%20I%20have%20statistics%20that%20says%20you%20have%20700%20users%20without%20MFA%2C%20yes%20ok%2C%20but%20all%20my%20internal%20users%20are%20protected%2C%20most%20of%20the%20times%20this%20is%20the%20real%20important%20info.%20At%20least%20enable%20some%20out%20of%20the%20box%20filters.%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20thing%20is%2C%20how%20can%20I%20understand%20if%20the%20user%20is%20registered%20in%20the%20%22legacy%22%20o365%20mfa%2C%20or%20in%20the%20%22new%22%20myprofile%3F%20This%20could%20be%20an%20interesting%20data%20to%20have%2C%20so%20we%20can%20migrate%20%22old%20configuration%22%20users%20to%20CA%20MFA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20great%20job%2C%20running%20pshell%20and%20excels%20was%20not%20%22lazy%20admin%20friendly%22%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751539%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751539%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20great!%20Insights%20and%20reports%20are%20important%20in%20getting%20everyone%20to%20passwordless.%20Are%20there%20plans%20to%20have%20insights%20into%20the%20number%20of%20users%20who%20are%20using%20or%20have%20opted%20into%20passwordless%20phone%20sign%20in%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751857%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751857%22%20slang%3D%22en-US%22%3EAny%20plans%20to%20improve%20how%20you%20calculate%20the%20size%20of%20the%20organization%20%3F%20For%20example%20excluding%20shared%20mailboxes%20accounts%20would%20greatly%20improve%20the%20accuracy%20of%20the%20numbers.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752456%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752456%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20work%2C%20this%20is%20perfect%20timing%20as%20I%20was%20looking%20to%20get%20this%20information%20today!%26nbsp%3B%20Anyway%2C%20I%20got%20one%20of%20our%20MFA%20unregistered%20users%20to%20register%20this%20morning%2C%20and%205%20hours%20later%2C%20it%20still%20says%20in%20the%20report%20that%20they%20are%20unregistered.%26nbsp%3B%20I%20have%20checked%20their%20StrongAuthenticationUserDetails%20and%20StrongAuthenticationMethods%20with%20PS%20and%20they%20are%20there%20and%20correct%2C%20but%20this%20report%20is%20not%20reflecting%20it.%26nbsp%3B%20Is%20there%20a%2024hr%20delay%20or%20something%20like%20that%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752721%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752721%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F33735%22%20target%3D%22_blank%22%3E%40Oleg%20K%3C%2FA%3E%26nbsp%3B-%20you%20can%20have%20the%20methods%20needed%20for%20password%20reset%20registered%20but%20not%20be%20enabled%20for%20password%20reset.%20Once%20you%20are%20both%20registered%20and%20enabled%2C%20you%20are%20able%20to%20reset.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F160879%22%20target%3D%22_blank%22%3E%40Damien%20Solodow%2C%20MCSE%2C%20MCSA%2C%20VCP-DCV%3C%2FA%3E%26nbsp%3B-%20we%20are%20looking%20into%20this.%20Thanks%20for%20letting%20us%20know!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2555%22%20target%3D%22_blank%22%3E%40Paolo%20Heuer%3C%2FA%3E%26nbsp%3B-%20great%20feedback!%20We'll%20look%20into%20this.%20We%20don't%20have%20a%20way%20for%20you%20to%20filter%20based%20on%20which%20registration%20experience%20a%20user%20went%20through.%20However%2C%20you%20can%20use%20audit%20logs%20to%20determine%20that%20info.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F34642%22%20target%3D%22_blank%22%3E%40Matthew%20Levy%3C%2FA%3E%26nbsp%3Byep!%20That%20is%20in%20the%20works.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5146%22%20target%3D%22_blank%22%3E%40Grzegorz%20Wierzbicki%3C%2FA%3E%26nbsp%3B-%20That%20is%20good%20feedback.%20We'll%20look%20into%20this.%20In%20the%20meantime%2C%20you%20could%20likely%20accomplish%20this%20by%20using%20PowerShell.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F99287%22%20target%3D%22_blank%22%3E%40null%20admin.stegri%3C%2FA%3E%26nbsp%3B-%20the%20report%20does%20take%20some%20time%20to%20update%2C%20but%20it%20sounds%20like%20it's%20taking%20longer%20than%20usual.%20Did%20you%20check%20the%20last%20updated%20time%20on%20the%20report%3F%20If%20you're%20still%20running%20into%20issues%2C%20please%20send%20me%20a%20DM.%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752232%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752232%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSNIP%3E%3C%2FSNIP%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-756924%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-756924%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20says%20none%20of%20our%20users%20are%20registered%20for%20MFA%20yet%20we%20have%20pretty%20much%20the%20entire%20company%20registered%20on%20Azure%20MFA%20(slowly%20migrating%20to%20conditional%20access).%3C%2FP%3E%3CP%3EReport%20was%20updated%20this%20morning.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-757154%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-757154%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F72446%22%20target%3D%22_blank%22%3E%40Marc%20Laflamme%3C%2FA%3E%26nbsp%3B-%20thank%20you%20for%20letting%20me%20know.%20Please%20shoot%20me%20a%20DM%20and%20we%20can%20discuss%20further.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-757673%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-757673%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20amazing!%20We%20have%20been%20begging%20for%20this%20visibility%20for%20over%20a%20year.%20This%20will%20allow%20us%20to%20target%20registration%20reminder%20communications%20to%20just%20those%20people%20who%20have%20not%20registered%2C%20reducing%20the%20email%20annoyance%20to%20only%20those%20who%20deserve%20it.%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-765277%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-765277%22%20slang%3D%22en-US%22%3E%3CP%3Eit%20would%20helpful%20if%20it%20reported%20on%20ACTIVE%20USER%20counts%20instead%20of%20ALL%20USER%20objects%20in%20Azure%20AD%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-765614%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-765614%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F250925%22%20target%3D%22_blank%22%3E%40HB2019-%3C%2FA%3E%26nbsp%3Bthis%20is%20good%20feedback%20and%20we%20will%20look%20into%20it.%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-770790%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770790%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20awesome!%20Thank%20you%20so%20much%2C%20I%20can%20finally%20tackle%20onboarding%20to%20SSPR%20with%20the%20insight%20into%20who%20has%20it%20already.%20This%20is%20perfect%2C%20the%20reports%20are%20super%20useful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-779770%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-779770%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20wanted%20to%20chime%20in%20that%20this%20is%20a%20great%20idea%20(thank%20you!)%20and%20hopefully%20will%20be%20(more)%20useful%20when%20we%20can%20do%20some%20filtering%20on%20the%20results%20for%20disabled%20users%2C%20shared%20mailboxes%2C%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-799732%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-799732%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20feature%20has%20been%20a%20great%20addition%2C%20I've%20been%20using%20it%20a%20lot%20to%20monitor%20increasing%20usage%20of%20MFA%2FSSPR.%20I%20agree%20with%20all%20the%20other%20comments%20about%20only%20reporting%20against%20active%20users%2C%20or%20particular%20user%20accounts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20thing%20that%20I've%20noticed%20that%20isn't%20behaving%20right%2C%20or%20doesn't%20appear%20to%20be%2C%20is%20if%20a%20user%20registers%20for%20MFA%20with%20just%20%22App%20Code%22%20as%20their%20authentication%20method%2C%20and%20nothing%20else.%20In%20that%20situation%20it%20lists%20them%20as%20%22Not%20Registered%22%20under%20the%20%22MFA%20Registered%22%20column%2C%20but%20does%20list%20App%20Code%20under%20the%20%22Methods%20Registered%22%20column%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F126601iA55025800C67B04F%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EObviously%20SSPR%20remains%20correctly%20listed%20as%20not%20registered%20as%20they've%20only%20added%20one%20authentication%20method%2C%20and%20we're%20requiring%20two%20for%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-799746%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-799746%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6812%22%20target%3D%22_blank%22%3E%40Ben%20Watt%3C%2FA%3E%26nbsp%3Bwe%20had%20this%20issue%20on%20some%20users%2C%20too.%3C%2FP%3E%3CP%3ETry%20to%20reset%20the%20MFA%20methods%20(via%20the%20user%20panel%20in%20aad)%20and%20ask%20the%20users%20to%20re-register%20via%20aka.ms%2Fmfasetup%3B%20this%20has%20worked%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800294%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800294%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50019%22%20target%3D%22_blank%22%3E%40Paolo%20Heuer%3C%2FA%3E%26nbsp%3B%2C%20thanks%20-%20good%20to%20know%20we're%20not%20alone%20here%2C%20although%20I'm%20reluctant%20to%20reset%20the%20affected%20user's%20methods%20when%20MFA%20is%20otherwise%20working%20fine%20for%20them%2C%20it%20just%20seems%20to%20be%20a%20reporting%20issue.%20Were%20yours%20the%20same%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800399%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800399%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6812%22%20target%3D%22_blank%22%3E%40Ben%20Watt%3C%2FA%3E%26nbsp%3Byes%20mfa%20was%20working%20but%20aka.ms%2Fmfasetup%20was%20in%20a%20loop%20state.%20Support%20engeneer%20said%20it%20was%20a%20backend%20problem%20(very%20old%20mfa%20registration)%20and%20a%20reset%20would%20fix%20it.%20And%20so%20it%20did.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-801649%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-801649%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20folks!%20Thank%20you%20for%20reporting%20this%20issue.%20We%20are%20investigating%20now!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-806131%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-806131%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20GREAT%20that%20we%20finally%20got%20proper%20insights%20into%20this%20without%20the%20need%20for%20PowerShell.%20I%20would%20also%20like%20to%20see%20better%20calculations%20of%20the%20users%20to%20not%20calculate%20guests%2Fnon-active%2Fdisabled%20users%2Fshared.%20I'm%20sure%20you%20can%20come%20to%20think%20of%20some%20smart%20way%20to%20calculate%20only%20active%20real%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-806139%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-806139%22%20slang%3D%22en-US%22%3E%3CP%3EI'd%20love%20to%20see%20a%20report%20showing%20a%20piechart%20of%20which%20methods%20the%20user's%20have%20as%20their%20%3CSTRONG%3Eprimary%3C%2FSTRONG%3Eauthentication%20method.%20We%20recommend%20our%20users%20to%20use%20App%20Notification%20but%20would%20like%20to%20see%20more%20of%20how%20many%20actually%20use%20it%20as%20their%20primary%20authentication%20method.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-813187%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20Methods%E2%80%93Usage%20%26amp%3B%20Insights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-813187%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3Bthat's%20great%20feedback!%20We'll%20look%20into%20it.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

Today, I’m excited to announce the public preview of Authentication Methods Usage & Insights! The reporting provided by this feature helps you understand the adoption of self-service password reset (SSPR) and Multi-Factor Authentication (MFA) in your organization. This gives you insights into how many users are registered to use SSPR and MFA, how often SSPR is used to reset passwords, as well as which methods are used for resetting passwords.

 

 

Keep reading to learn more about these awesome reporting capabilities!

 

Authentication methods registration

 

One of the most common requests we hear from customers is to have the ability to understand who is and is not registered for both MFA and SSPR. In the Registration section of the Authentication Methods Registration report, you can see how many of your users are registered for MFA and SSPR. You can also see how many users are enabled to use SSPR, and how many of these users have actually registered so they can reset their own passwords. This data is calculated by looking at each user to see which methods they’ve registered and whether they are enabled for SSPR. You can drill down and see the status of each user by clicking one of the tiles.

 

 

Authentication Methods 1.png

Figure 1. Authentication Methods Registration overview.

 

 

In addition to the overall registration numbers, you can also see the success and failure of registrations per authentication method. This allows you to understand which authentication methods your users most commonly registered and which ones are easy for them to register. This data is calculated using the last 30 days of audit logs from the combined security info registration and SSPR registration experiences. You can drill down and see the latest registration audit information for each user by clicking the chart.

 

 

Authentication Methods 2.png

Figure 2. Authentication Methods Registration details.

 

SSPR authentication methods usage

 

In addition to understanding which users are registered, you can also learn more about SSPR usage in your organization.

 

 

Authentication Methods 3.png

Figure 3. SSPR Authentication Methods Usage report.

 

 

In the Usage section of the report, you can see which authentication methods your users are using when they reset their passwords and how successful they were in using those authentication methods. This data is calculated using the last 30 days of SSPR audit logs. From here, you can drill down and see the latest SSPR audit information for each user by clicking the chart.

 

 

Authentication Methods 4.png

Figure 4. SSPR Authentication Methods Usage details

 

Try it out!

To check out Authentication Methods Usage & Insights for your tenant, do the following:

  1. Sign in to the Azure portal as a Security Reader, a Security Administrator, or a Reports Reader.
  2. Navigate to Usage & insights > Authentication methods activity.

To learn more about Authentication Methods Usage & Insights reporting, check out our documentation.

 

We would love to hear your feedback! Please submit your ideas to our feedback forum and we’ll review and respond to them. You can also let us know what you think in the comments below. As always, we’d love to hear any feedback or suggestions you have.

 

Best regards,

 

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

24 Comments
Super Contributor

What is the difference between registered and able to reset?

Frequent Contributor

Instructions are missing an important step: Go to Azure Portal > Open Azure Active Directory > Usage & insights > Authentication methods activity.

The numbers are a bit misleading as it counts *all* users, including ones with sign-in blocked (aka disabled federated users).

New Contributor

Here my 2 cents, 

Separate guest users from the company ones: in my example I have statistics that says you have 700 users without MFA, yes ok, but all my internal users are protected, most of the times this is the real important info. At least enable some out of the box filters. 

Another thing is, how can I understand if the user is registered in the "legacy" o365 mfa, or in the "new" myprofile? This could be an interesting data to have, so we can migrate "old configuration" users to CA MFA.

 

Anyway, great job, running pshell and excels was not "lazy admin friendly" 

Senior Member

This is great! Insights and reports are important in getting everyone to passwordless. Are there plans to have insights into the number of users who are using or have opted into passwordless phone sign in??

 

Occasional Contributor
Any plans to improve how you calculate the size of the organization ? For example excluding shared mailboxes accounts would greatly improve the accuracy of the numbers.
Regular Visitor

<snip>

 

Regular Visitor

Great work, this is perfect timing as I was looking to get this information today!  Anyway, I got one of our MFA unregistered users to register this morning, and 5 hours later, it still says in the report that they are unregistered.  I have checked their StrongAuthenticationUserDetails and StrongAuthenticationMethods with PS and they are there and correct, but this report is not reflecting it.  Is there a 24hr delay or something like that?

Microsoft

@Oleg K - you can have the methods needed for password reset registered but not be enabled for password reset. Once you are both registered and enabled, you are able to reset.

 

@Damien Solodow, MCSE, MCSA, VCP-DCV - we are looking into this. Thanks for letting us know!

 

@Paolo Heuer - great feedback! We'll look into this. We don't have a way for you to filter based on which registration experience a user went through. However, you can use audit logs to determine that info.

 

@Matthew Levy yep! That is in the works. :)

 

@Grzegorz Wierzbicki - That is good feedback. We'll look into this. In the meantime, you could likely accomplish this by using PowerShell. 

 

@null admin.stegri - the report does take some time to update, but it sounds like it's taking longer than usual. Did you check the last updated time on the report? If you're still running into issues, please send me a DM. Thanks!

New Contributor

It says none of our users are registered for MFA yet we have pretty much the entire company registered on Azure MFA (slowly migrating to conditional access).

Report was updated this morning.

Microsoft

@Marc Laflamme - thank you for letting me know. Please shoot me a DM and we can discuss further.

Regular Visitor

This is amazing! We have been begging for this visibility for over a year. This will allow us to target registration reminder communications to just those people who have not registered, reducing the email annoyance to only those who deserve it. ;)

Occasional Contributor

it would helpful if it reported on ACTIVE USER counts instead of ALL USER objects in Azure AD 

Microsoft

@HB2019- this is good feedback and we will look into it. Thank you!

Regular Visitor

This is awesome! Thank you so much, I can finally tackle onboarding to SSPR with the insight into who has it already. This is perfect, the reports are super useful.

Senior Member

Just wanted to chime in that this is a great idea (thank you!) and hopefully will be (more) useful when we can do some filtering on the results for disabled users, shared mailboxes, etc.

Senior Member

This feature has been a great addition, I've been using it a lot to monitor increasing usage of MFA/SSPR. I agree with all the other comments about only reporting against active users, or particular user accounts.

 

The only thing that I've noticed that isn't behaving right, or doesn't appear to be, is if a user registers for MFA with just "App Code" as their authentication method, and nothing else. In that situation it lists them as "Not Registered" under the "MFA Registered" column, but does list App Code under the "Methods Registered" column:

clipboard_image_0.png

Obviously SSPR remains correctly listed as not registered as they've only added one authentication method, and we're requiring two for that.

New Contributor

@Ben Watt we had this issue on some users, too.

Try to reset the MFA methods (via the user panel in aad) and ask the users to re-register via aka.ms/mfasetup; this has worked for us.

Senior Member

@Paolo Heuer , thanks - good to know we're not alone here, although I'm reluctant to reset the affected user's methods when MFA is otherwise working fine for them, it just seems to be a reporting issue. Were yours the same?

New Contributor

@Ben Watt yes mfa was working but aka.ms/mfasetup was in a loop state. Support engeneer said it was a backend problem (very old mfa registration) and a reset would fix it. And so it did. 

Microsoft

Hey folks! Thank you for reporting this issue. We are investigating now!

Frequent Contributor

This is GREAT that we finally got proper insights into this without the need for PowerShell. I would also like to see better calculations of the users to not calculate guests/non-active/disabled users/shared. I'm sure you can come to think of some smart way to calculate only active real users.

Frequent Contributor

I'd love to see a report showing a piechart of which methods the user's have as their primary authentication method. We recommend our users to use App Notification but would like to see more of how many actually use it as their primary authentication method.

Microsoft

@Jonas Back that's great feedback! We'll look into it. :)