如何:使用 Azure Active Directory 报告对登录错误进行故障排除How to: Troubleshoot sign-in errors using Azure Active Directory reports

使用 Azure Active Directory (Azure AD) 中的登录报告可找到有关管理组织中应用程序访问权限问题的答案,包括:The sign-ins report in Azure Active Directory (Azure AD) enables you to find answers to questions around managing access to the applications in your organization, including:

  • 什么是用户的登录模式?What is the sign-in pattern of a user?
  • 多少用户超过一周都有登录行为?How many users have users signed in over a week?
  • 这些登录的状态怎样?What’s the status of these sign-ins?

此外,登录报告还可帮助解决组织内用户登录失败的问题。In addition, the sign-ins report can also help you troubleshoot sign-in failures for users in your organization. 本指南介绍如何在登录报告中查找登录失败,并用它来了解失败的根本原因。In this guide, you learn how to isolate a sign-in failure in the sign-ins report, and use it to understand the root cause of the failure.

先决条件Prerequisites

需要:You need:

  • 一个使用高级 (P1/P2) 许可证的 Azure AD 租户。An Azure AD tenant with a premium (P1/P2) license. 请参阅 Azure Active Directory Premium 入门来升级 Azure Active Directory 版本。See Getting started with Azure Active Directory Premium to upgrade your Azure Active Directory edition.
  • 一位属于该租户的全局管理员、安全管理员、安全读取者或报表读取者角色的用户 。A user, who is in the global administrator, security administrator, security reader, or report reader role for the tenant. 此外,任何用户都可以访问自己的登录活动。In addition, any user can access their own sign-ins.

使用登录报告对登录错误进行故障排除Troubleshoot sign-in errors using the sign-ins report

  1. 导航到 Azure 门户,选择目录。Navigate to the Azure portal and select your directory.

  2. 在“监视”部分,选择 Azure Active Directory,然后选择“登录”。 Select Azure Active Directory and select Sign-ins from the Monitoring section.

  3. 使用提供的筛选条件,通过用户名或对象标识符、应用程序名或日期缩小登录失败的范围。Use the provided filters to narrow down the failure, either by the username or object identifier, application name or date. 此外,可在“状态”下拉框中选择“失败”,仅显示失败的登录 。In addition, select Failure from the Status drop-down to display only the failed sign-ins.

    筛选结果

  4. 确定要调查的失败登录。Identify the failed sign-in you want to investigate. 选择它可打开其他详细信息窗口,其中包含有关失败登录的详细信息。Select it to open up the additional details window with more information about the failed sign-in. 记下“登录错误代码”和“失败原因” 。Note down the Sign-in error code and Failure reason.

    选择记录

  5. 还可在详细信息窗口中的“疑难解答和支持”选项卡中找到此信息。You can also find this information in the Troubleshooting and support tab in the details window.

    故障排除和支持

  6. 失败原因是对错误的描述。The failure reason describes the error. 例如,在上面的方案中,失败原因是“无效的用户名或密码,或者无效的本地用户名或密码”。For example, in the above scenario, the failure reason is Invalid username or password or Invalid on-premises username or password. 解决方法是使用正确的用户名和密码再次登录。The fix is to simply sign-in again with the correct username and password.

  7. 在此示例中,可在登录错误代码参考中搜索错误代码 50126 获取其他信息,包括补救方法。You can get additional information, including ideas for remediation, by searching for the error code, 50126 in this example, in the sign-ins error codes reference.

  8. 如果所有其他方法都失败,或者采取建议的操作步骤后仍然存在问题,请按照“疑难解答和支持”选项卡中的步骤打开支持票证If all else fails, or the issue persists despite taking the recommended course of action, open a support ticket following the steps in the Troubleshooting and support tab.

后续步骤Next steps