Figure 1: Hybrid Report for Group Activity
Figure 2: Hybrid Report for Password Reset Activity
Figure 3: Hybrid Report for Password Reset Registration Activity
Figure 4: Download of the Hybrid Reports connectorYou can start viewing the reporting data in the familiar Azure AD reports page. For now, you should toggle between the data sources (Azure AD or Identity Manager) using the drop-down list box showed in the images above. Going forward, we plan to eliminate the drop-down box, and merge the data onto a single report. If you want to turn off the uploading of reporting data from Identity Manager, you can do this in the configuration file, located in your Identity Manager installation folder. For example: C:Program FilesMicrosoft Forefront Identity Manager2010ServiceMicrosoft.ResourceManagement.Service.exe.config . Find the configuration setting as follows:
<resourceManagementService hybridReportingRequestLoggingEnabled="true"/>And set its value to "false". Save the file and restart Identity Manager. You are done.
Figure 5: Schematic data flow from Identity Manager to Azure ADThe Identity Manager emits activity data to the Windows Event Log, in a well-defined path: Application and Services LogsIdentity Manager Request Log . The connector performs some processing of the events and uploads to Azure. In Azure, the activity data is stored together with your Azure AD data -- currently for one month only. When needed, the activity events are decrypted, parsed and filtered for the requested reports. The Windows Event Log provides a clean interception point for your customization needs: you can set event forwarding (into a SIEM system, for example), or otherwise copy the reporting data from that location.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.