06-04-2019 03:17 PM
Having implemented SSPR, how can the SSPR logs be analyzed to get Alerts / Risks in Azure AD Identity Protection or Azure Security Center based on use a case like large number of SSPRs from the same source or user, eg. 5 in 1 hour, and when such activity is seen, to create an alert and e-mail notification and automatic locking of the account?
06-12-2019 12:56 AM
had you seen the content pack? https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-reporting
06-15-2019 08:14 AM
Thank you Clive, yes I had seen that.