New password management reports

4ward365 > Office 365 Management  > New password management reports
Azure ad compromised credentials

New password management reports

Azure AD Reporting: new password management reports

As we mentioned in a recent blog entry there are many new Azure AD activity reports that are now available within 4ward365. This blog will showcase one of the most exciting new reports covering password management and reset activity.

Understanding how passwords are maintained and updated is a vital piece of security monitoring for any organization. Now, let’s dive a bit deeper to explain the details around these new reporting features.

Many companies utilize their password reset policies as a common way of preventing unauthorized access to company data. Monitoring password reset activity helps identify potential security threats and guard against other subsequent attacks. Moreover, analyzing password reset activity allows organizations to better understand if their password reset policy is effective, or if it is confusing and cumbersome to end users.

Password reset activity reports show all password reset attempts that have occurred within your organization.

password management reports

The following list explains each of the report columns in detail:

    • EventTime – the date and time of the attempt.
    • UserName – the user who attempted a password reset operation (based on the User ID field provided when the user comes to reset a password).
    • Role – the role of the user in the directory.
    • Methods Used – what authentication methods the user used for this reset operation.
    • Result – the end result of the password reset operation.
    • Details – the details of why the password reset resulted in the value it did. Also includes any mitigation steps you might take to resolve an unexpected error.

The following table describes the different report values provided for each column:

Column Allowed values and their meanings
Methods Used Alternate Email – user used alternate email or authentication email to authenticate
Office Phone – user used office phone to authenticate
Mobile Phone – user used mobile phone or authentication phone to authenticate
Security Questions – user used security questions to authenticate
Any combination of the above (e.g. Alternate Email + Mobile Phone) – occurs when a 2 gates policy is specified and shows which two methods the user used to authenticate his password reset request.
Result Abandoned – user started password reset but then stopped halfway through without completing.
Blocked – user’s account was prevented to utilize the password reset option because of too many attempts in a 24-hour period.
Cancelled – user started their password reset but then clicked the cancel button to cancel the session part way through.
Contacted Admin – user had a problem during his session that he could not resolve, so they clicked the “Contact your administrator” link instead of finishing the password reset process flow.
Failed – user was not able to reset a password, likely because the user was not configured to use the feature (e.g. no license, missing authentication info, password managed on-premises but writeback is turned off).
Succeeded – password reset was successful.

The password reset registration activity report shows all password reset registrations that have occurred within your organization.

Office 365 password reset registration

The following list explains each of the report columns in detail:

    • Event Time – the date and time of the attempt.
    • User Name – the user who attempted a password reset registration operation.
    • Role – the role of the user in the directory.
    • Registration Activity – what authentication data the user provided during the password reset registration.

The following table describes the different values allowed for each column:

Column Allowed values and their meanings
Data Registered Alternate Email – user used alternate email or authentication email to authenticate
Office Phone– user used office phone to authenticate
Mobile Phone - user used mobile phone or authentication phone to authenticate
Security Questions – user used security questions to authenticate
Any combination of the above (e.g. Alternate Email + Mobile Phone) – occurs when a 2 gates policy is specified and shows which two methods the user chose to authenticate his password reset request.

In the top right corner of the table you can adjust the time interval by picking the default periods: yesterday, 7, 14, 30, 60 or 90 days, or choose a custom range.

time interval for the data items

These reports are also interactive and configurable. By clicking the ‘Columns’ menu option, you can add or remove information from these password reset reports. The columns can be filtered, and you can also export, save, print, or schedule these reports with applied changes and filters.

Furthermore, using V-tenants, or tenant groupings inside 4ward365, allows administrators to control which operators can view these password reset activity reports for their user communities.
The reports can be also added to the ‘Favorite Report’ by clicking on the star icon close the report name so that you can quickly access it under the first ‘Analyze’ tab once you log into the portal.

Curious to view this report within your environment? If you already have 4ward365 deployed you can find this report under the ‘Audit’ tab together with other Azure AD reports. Otherwise, don’t wait and signup for our free 14-day trial to see these features in action. 4ward365 is the most advanced Office 365 management suite available on the market.
The new articles about other Azure AD reports are coming. Stay tuned!
  • Was this Helpful ?
  • yes   no
Lilia Stoyan