用于 Azure AD 密码管理的报告选项Reporting options for Azure AD password management

部署后,许多组织想要知道如何使用或者是否已真正使用自助密码重置 (SSPR)。After deployment, many organizations want to know how or if self-service password reset (SSPR) is really being used. Azure Active Directory (Azure AD) 提供的报表功能可帮助使用预生成的报表来回答问题。The reporting feature that Azure Active Directory (Azure AD) provides helps you answer questions by using prebuilt reports. 如果有相应的授权,还可以创建自定义查询。If you're appropriately licensed, you can also create custom queries.

使用 Azure AD 中的审核日志报告 SSPRReporting on SSPR using the audit logs in Azure AD

Azure 门户中提供的报表可解答以下问题:The following questions can be answered by the reports that exist in the Azure portal:

备注

必须是全局管理员,并且必须选择代表组织收集这些数据。You must be a global administrator, and you must opt-in for this data to be gathered on behalf of your organization. 要做出此选择,必须至少访问一次“报告” 选项卡或审核日志。To opt in, you must visit the Reporting tab or the audit logs at least once. 在此之前,不会为组织收集数据。Until then, data is not collected for your organization.

  • 有多少人已注册了密码重置?How many people have registered for password reset?
  • 谁已经注册了密码重置?Who has registered for password reset?
  • 人们都注册哪些数据?What data are people registering?
  • 有多少人在过去 7 天内重置了他们的密码?How many people reset their passwords in the last seven days?
  • 用户或管理员用于重置其密码的最常见方法是什么?What are the most common methods that users or admins use to reset their passwords?
  • 用户或管理员尝试使用密码重置时面临的常见问题是什么?What are common problems users or admins face when attempting to use password reset?
  • 哪些管理员经常重置其自己的密码?What admins are resetting their own passwords frequently?
  • 密码重置时是否有任何可疑的活动?Is there any suspicious activity going on with password reset?

如何在 Azure 门户中查看密码管理报告How to view password management reports in the Azure portal

在 Azure 门户体验中,我们提供一种改进的方式用于查看密码重置和密码重置注册活动。In the Azure portal experience, we have improved the way that you can view password reset and password reset registration activity. 请使用以下步骤,查找密码重置和密码重置注册事件:Use the following the steps to find the password reset and password reset registration events:

  1. 浏览到 Azure 门户Browse to the Azure portal.
  2. 在左侧窗格中,选择“所有服务” 。Select All services in the left pane.
  3. 在服务列表中搜索“Azure Active Directory” 并选中它。Search for Azure Active Directory in the list of services and select it.
  4. 在“管理”部分中选择“用户” 。Select Users from the Manage section.
  5. 从“用户” 边栏选项卡中选择“审核日志” 。Select Audit Logs from the Users blade. 此时会显示目录中所有用户发生的所有审核事件。This shows you all of the audit events that occurred against all the users in your directory. 可以筛选此视图,查看所有与密码相关的事件。You can filter this view to see all the password-related events.
  6. 从窗格顶部的“筛选” 菜单中,选择“服务” 下拉列表,并将其更改为“自助服务密码管理” 服务类型。From the Filter menu at the top of the pane, select the Service drop-down list, and change it to the Self-service Password Management service type.
  7. (可选)通过选择所需的特定“活动” 进一步筛选该列表。Optionally, further filter the list by choosing the specific Activity you're interested in.

Azure 门户中报表列的说明Description of the report columns in the Azure portal

以下列表详细说明了 Azure 门户中的每个报表列:The following list explains each of the report columns in the Azure portal in detail:

  • 用户:尝试了密码重置注册操作的用户。User: The user who attempted a password reset registration operation.
  • 角色:该用户在目录中的角色。Role: The role of the user in the directory.
  • 日期和时间:尝试日期和时间。Date and Time: The date and time of the attempt.
  • 已注册数据:用户在密码重置注册期间提供的身份验证数据。Data Registered: The authentication data that the user provided during password reset registration.

Azure 门户中报表值的说明Description of the report values in the Azure portal

下表说明了可为 Azure 门户的每一列设置的不同值:The following table describes the different values that are you can set for each column in the Azure portal:

Column 允许值及其含义Permitted values and their meanings
已注册数据Data registered 备用电子邮件:用户使用了备用电子邮件或身份验证电子邮件进行身份验证。Alternate email: The user used an alternate email or authentication email to authenticate.

办公电话:用户使用了办公电话进行身份验证。Office phone: The user used an office phone to authenticate.

移动电话:用户使用了移动电话或身份验证电话进行身份验证。Mobile phone: The user used a mobile phone or authentication phone to authenticate.

安全性问题:用户使用了安全性问题进行身份验证。Security questions: The user used security questions to authenticate.

上述方法的任一组合(例如,备用电子邮件 + 移动电话):指定两项策略时发生,并显示用户使用哪两种方法对其密码重置请求进行身份验证。Any combination of the previous methods, for example, alternate email + mobile phone: Occurs when a two-gate policy is specified and shows which two methods the user used to authentication their password reset request.

自助密码管理活动类型Self-Service Password Management activity types

“自助密码管理”审核事件类别中显示了以下活动类型:The following activity types appear in the Self-Service Password Management audit event category:

活动类型:被自助密码重置功能阻止Activity type: Blocked from self-service password reset

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示用户在 24 小时内尝试重置密码、使用特定的门限或验证某个电话号码总共超过 5 次。Activity description: Indicates that a user tried to reset a password, use a specific gate, or validate a phone number more than five total times in 24 hours.
  • 活动参与者:被限制执行其他重置操作的用户。Activity actor: The user who was throttled from performing additional reset operations. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动目标:被限制执行其他重置操作的用户。Activity target: The user who was throttled from performing additional reset operations. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动状态Activity status:
    • 成功:表示某个用户在未来的 24 小时内被限制执行其他任何重置操作、尝试使用其他任何身份验证方法,或验证其他任何电话号码。Success: Indicates that a user was throttled from performing any additional resets, attempting any additional authentication methods, or validating any additional phone numbers for the next 24 hours.
  • 活动状态失败原因:不适用。Activity status failure reason: Not applicable.

活动类型:更改密码(自助服务)Activity type: Change password (self-service)

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示用户执行了自愿性或强制性(由于密码过期)密码更改。Activity description: Indicates that a user performed a voluntary, or forced (due to expiry) password change.
  • 活动参与者:更改了其密码的用户。Activity actor: The user who changed their password. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动目标:更改了其密码的用户。Activity target: The user who changed their password. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动状态Activity statuses:
    • 成功:表示用户已成功更改其密码。Success: Indicates that a user successfully changed their password.
    • 失败:表示用户未能更改其密码。Failure: Indicates that a user failed to change their password. 选择相应的行可查看“活动状态原因”类别,详细了解发生失败的原因。You can select the row to see the Activity status reason category to learn more about why the failure occurred.
  • 活动状态失败原因Activity status failure reason:
    • FuzzyPolicyViolationInvalidPassword:由于 Microsoft 的“受禁密码检测”功能发现用户选择的某个密码过于常见或者太弱,因此已自动阻止该密码。FuzzyPolicyViolationInvalidPassword: The user selected a password that was automatically banned because the Microsoft Banned Password Detection capabilities found it to be too common or especially weak.

活动类型:重置密码(由管理员)Activity type: Reset password (by admin)

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示管理员通过 Azure 门户代表用户执行了密码重置。Activity description: Indicates that an administrator performed a password reset on behalf of a user from the Azure portal.
  • 活动参与者:代表其他最终用户或管理员执行了密码重置的管理员。Activity actor: The administrator who performed the password reset on behalf of another end user or administrator. 必须是密码管理员、用户管理员或支持管理员。Must be a password administrator, user administrator, or helpdesk administrator.
  • 活动目标:其密码被重置的用户。Activity target: The user whose password was reset. 此用户可能是最终用户,也可能是其他管理员。The user can be an end user or a different administrator.
  • 活动状态Activity statuses:
    • 成功:表示管理员已成功重置用户的密码。Success: Indicates that an admin successfully reset a user's password.
    • 失败:表示管理员未能更改用户的密码。Failure: Indicates that an admin failed to change a user's password. 选择相应的行可查看“活动状态原因”类别,详细了解发生失败的原因。You can select the row to see the Activity status reason category to learn more about why the failure occurred.

活动类型:重置密码(自助服务)Activity type: Reset password (self-service)

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示用户已成功通过 Azure AD 密码重置门户重置其密码。Activity description: Indicates that a user successfully reset their password from the Azure AD password reset portal.
  • 活动参与者:重置了其密码的用户。Activity actor: The user who reset their password. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动目标:重置了其密码的用户。Activity target: The user who reset their password. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动状态Activity statuses:
    • 成功:表示用户已成功重置其自己的密码。Success: Indicates that a user successfully reset their own password.
    • 失败:表示用户未能重置其自己的密码。Failure: Indicates that a user failed to reset their own password. 选择相应的行可查看“活动状态原因”类别,详细了解发生失败的原因。You can select the row to see the Activity status reason category to learn more about why the failure occurred.
  • 活动状态失败原因Activity status failure reason:
    • FuzzyPolicyViolationInvalidPassword:由于 Microsoft 的“受禁密码检测”功能发现管理员选择的某个密码过于常见或者太弱,因此已自动阻止该密码。FuzzyPolicyViolationInvalidPassword: The admin selected a password that was automatically banned because the Microsoft Banned Password Detection capabilities found it to be too common or especially weak.

活动类型:自助密码重置流活动进度Activity type: Self serve password reset flow activity progress

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示密码重置过程中用户执行的每个特定步骤(例如,传递特定的密码重置身份验证门限)。Activity description: Indicates each specific step a user proceeds through (such as passing a specific password reset authentication gate) as part of the password reset process.
  • 活动参与者:执行了密码重置流的一部分步骤的用户。Activity actor: The user who performed part of the password reset flow. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动目标:执行了密码重置流的一部分步骤的用户。Activity target: The user who performed part of the password reset flow. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动状态Activity statuses:
    • 成功:表示用户已成功完成密码重置流的特定步骤。Success: Indicates that a user successfully completed a specific step of the password reset flow.
    • 失败:表示未能执行密码重置流的特定步骤。Failure: Indicates that a specific step of the password reset flow failed. 选择相应的行可查看“活动状态原因”类别,详细了解发生失败的原因。You can select the row to see the Activity status reason category to learn more about why the failure occurred.
  • 活动状态原因:请查看下表,了解 所有允许的重置活动状态原因Activity status reasons: See the following table for all the permissible reset activity status reasons.

活动类型:解锁用户帐户(自助服务)Activity type: Unlock a user account (self-service)

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示用户在未通过 Azure AD 密码重置门户重置其密码的情况下,使用无需重置的 Active Directory 帐户解锁功能成功解锁了其 Active Directory 帐户。Activity description: Indicates that a user successfully unlocked their Active Directory account without resetting their password from the Azure AD password reset portal by using the Active Directory feature of account unlock without reset.
  • 活动参与者:在未重置其密码的情况下解锁了其帐户的用户。Activity actor: The user who unlocked their account without resetting their password. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动目标:在未重置其密码的情况下解锁了其帐户的用户。Activity target: The user who unlocked their account without resetting their password. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 允许的活动状态Allowed activity statuses:
    • 成功:表示用户已成功解锁其自己的帐户。Success: Indicates that a user successfully unlocked their own account.
    • 失败:表示用户未能解锁其自己的帐户。Failure: Indicates that a user failed to unlock their account. 选择相应的行可查看“活动状态原因”类别,详细了解发生失败的原因。You can select the row to see the Activity status reason category to learn more about why the failure occurred.

活动类型:用户已注册自助密码重置Activity type: User registered for self-service password reset

以下列表详细说明了此活动:The following list explains this activity in detail:

  • 活动说明:表示用户已注册全部所需的信息,可以根据当前指定的租户密码重置策略重置其密码。Activity description: Indicates that a user has registered all the required information to be able to reset their password in accordance with the currently specified tenant password reset policy.
  • 活动参与者:注册了密码重置的用户。Activity actor: The user who registered for password reset. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 活动目标:注册了密码重置的用户。Activity target: The user who registered for password reset. 此用户可能是最终用户,也可能是管理员。The user can be an end user or an administrator.
  • 允许的活动状态Allowed activity statuses:
    • 成功:表示用户已根据当前策略成功注册了密码重置。Success: Indicates that a user successfully registered for password reset in accordance with the current policy.

    • 失败:表示用户未能注册密码重置。Failure: Indicates that a user failed to register for password reset. 选择相应的行可查看“活动状态原因”类别,详细了解发生失败的原因。You can select the row to see the Activity status reason category to learn more about why the failure occurred.

      备注

      “失败”并不意味着用户无法重置其自己的密码。Failure doesn't mean a user is unable to reset their own password. 而是意味着他们未完成注册过程。It means that they didn't finish the registration process. 如果用户的帐户中未验证的数据是正确的(例如,未验证的电话号码),则即使他们未验证此电话号码,也仍可以使用该电话号码来重置其密码。If there is unverified data on their account that's correct, such as a phone number that's not validated, even though they have not verified this phone number, they can still use it to reset their password.

后续步骤Next steps