Home

Analyze Self Service Password Reset Log Events

%3CLINGO-SUB%20id%3D%22lingo-sub-668932%22%20slang%3D%22en-US%22%3EAnalyze%20Self%20Service%20Password%20Reset%20Log%20Events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-668932%22%20slang%3D%22en-US%22%3E%3CP%3EHaving%20implemented%20SSPR%2C%20how%20can%20the%20SSPR%20logs%20be%20analyzed%20to%20get%20Alerts%20%2F%20Risks%20in%20Azure%20AD%20Identity%20Protection%20or%20Azure%20Security%20Center%20based%20on%20use%20a%20case%20like%20large%20number%20of%20SSPRs%20from%20the%20same%20source%20or%20user%2C%20eg.%205%20in%201%20hour%2C%20and%20when%20such%20activity%20is%20seen%2C%20to%20create%20an%20alert%20and%20e-mail%20notification%20and%20automatic%20locking%20of%20the%20account%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-668932%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-686393%22%20slang%3D%22en-US%22%3ERe%3A%20Analyze%20Self%20Service%20Password%20Reset%20Log%20Events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-686393%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31423%22%20target%3D%22_blank%22%3E%40Seif%20Esmailjee%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ehad%20you%20seen%20the%20content%20pack%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-sspr-reporting%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-sspr-reporting%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694342%22%20slang%3D%22en-US%22%3ERe%3A%20Analyze%20Self%20Service%20Password%20Reset%20Log%20Events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694342%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20Clive%2C%20yes%20I%20had%20seen%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Seif Esmailjee
New Contributor

Having implemented SSPR, how can the SSPR logs be analyzed to get Alerts / Risks in Azure AD Identity Protection or Azure Security Center based on use a case like large number of SSPRs from the same source or user, eg. 5 in 1 hour, and when such activity is seen, to create an alert and e-mail notification and automatic locking of the account?

2 Replies

@Clive Watson 

Thank you Clive, yes I had seen that.

Related Conversations