Jun 04 2019
- last edited on
May 24 2021
Having implemented SSPR, how can the SSPR logs be analyzed to get Alerts / Risks in Azure AD Identity Protection or Azure Security Center based on use a case like large number of SSPRs from the same source or user, eg. 5 in 1 hour, and when such activity is seen, to create an alert and e-mail notification and automatic locking of the account?
Jun 12 2019 12:56 AM
had you seen the content pack? https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-reporting