Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Get all users subscribed to the self-service password reset service

Brass Contributor

Hi,

 

Is there a way to get the list of users already subscribed for the SSPR or the ones  that are still not joined to the service?

 

Regards.

9 Replies

Thanks Dean,

 

I'm looking for more historical data, not for the last 30 days that AAD reporting provides, but it seems the we are the ones that should have stared collecting the historical data at our side, since I have not found any other solution.

"

Reporting API data retrieval limitations

Currently, the Azure AD Reports and Events API retrieves up to 75,000 individual events of the SsprActivityEvent and SsprRegistrationActivityEvent types, spanning the last 30 days.+

If you need to retrieve or store data beyond this window, we suggest persisting it in an external database and using the API to query the deltas that result. Our recommendation is to begin retrieving this data when you start using SSPR in your organization, persist it externally, and then continue to track the deltas from this point forward.

"

 

Regards.

best response confirmed by Carlos Gomez (Brass Contributor)
Solution
You are correct, I recently ran into this same issue with one of my clients.

This is just another example of needing to fully understand the capabilities and limitations of the tools while trying to keep up with the changes.

I would not be surprised to see these limits increased in the future.

If you really need that data, there are 3rd party products, just saying :)

Hi Vasil,

 

Could you share the names of the ones you know, just for reference.

 

Thanks.

Have you found a way to do this yet or the names of the tools? I have the same issure with a client with more than 100 000 users.

Hi

 

I would also like to know if you found a solution for this. I have a O365 tenant with 1.5mil+ users and need to list those who have not registered for SSPR.

 

Thanks in advance

J

You can try below powershell script to get the SSPR registered users:

 

Get-Msoluser -All | where {$_.StrongAuthenticationUserDetails -ne $null} | Export-CSV -path <path to CSV file>

That indeed shows which users that have registered for MFA. But is this the same as SSPR? In any way, in the new Converged registration for SSPR and MFA, this might all be the same.

1 best response

Accepted Solutions
best response confirmed by Carlos Gomez (Brass Contributor)
Solution
You are correct, I recently ran into this same issue with one of my clients.

This is just another example of needing to fully understand the capabilities and limitations of the tools while trying to keep up with the changes.

I would not be surprised to see these limits increased in the future.

View solution in original post