Jun 04 2019
03:17 PM
- last edited on
May 24 2021
02:36 PM
by
TechCommunityAP
Jun 04 2019
03:17 PM
- last edited on
May 24 2021
02:36 PM
by
TechCommunityAP
Having implemented SSPR, how can the SSPR logs be analyzed to get Alerts / Risks in Azure AD Identity Protection or Azure Security Center based on use a case like large number of SSPRs from the same source or user, eg. 5 in 1 hour, and when such activity is seen, to create an alert and e-mail notification and automatic locking of the account?
Jun 12 2019 12:56 AM
had you seen the content pack? https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-reporting
Jun 15 2019 08:14 AM
Thank you Clive, yes I had seen that.