Analyze Self Service Password Reset Log Events

Copper Contributor

Having implemented SSPR, how can the SSPR logs be analyzed to get Alerts / Risks in Azure AD Identity Protection or Azure Security Center based on use a case like large number of SSPRs from the same source or user, eg. 5 in 1 hour, and when such activity is seen, to create an alert and e-mail notification and automatic locking of the account?

2 Replies