SSPR状态/报告 [英] SSPR Status/Reporting

问题描述

我知道当前最多有30天的时间才能查看用于重置自助式密码的日志记录数据，但是是否有任何能说明用户至少已注册该服务的明显故事或标志?我有一个愿意见的顾客 谁已经实际注册了该服务，但他们没有保持持续的日志记录.我希望看到一些可能暗示用户已注册的属性.有人知道我缺少什么吗?

I know there is currently a limit of 30 days to see logging data for self-service password reset, but are there any tell tale attributes or signs that would suggest a user has at least registered for the service? I have a customer who would love to see who has actually registered for the service, but they have not kept constant logging. I was hoping to see some attributes that would maybe suggest the user has registered. Does anyone know of anything I am missing?

推荐答案

有些事情要为您着想:

Some things to look at for you:

1. 注册了自助服务密码的用户重置"活动状态显示为"失败"， ，则表示该用户将尝试注册，但由于任何原因将无法成功完成注册.失败的原因将在状态类别"中指出. 要注意的地方，这里是该日志不会提供任何甚至没有尝试注册自助密码重置的用户的信息.

1. Self-Service Password Management activity types from the Audit Logs - On these logs if the "User Registered for self-service password reset" Activity Status is coming as "Failure" then it means that the said user would have tried to register but for any reason would not have successfully been able to complete the same. The reason for the failure would be noted in the Status Category. Point to Note here is that this log would not give the information of any user who would not even have tried to register for the Self-Service Password Reset.

2. Powershell cmdlet-您可以尝试运行以下命令:

2. Powershell cmdlet - You can try running the following command:

Get-Msoluser -All | where {

_.StrongAuthenticationUserDetails -ne

_.StrongAuthenticationUserDetails -ne

null} |导出CSV -path< CSV文件的路径>

null} | Export-CSV -path <path to CSV file>

关于"StrongAuthenticationUserDetails"的问题；属性是SSPR和MFA相同.

The thing about the "StrongAuthenticationUserDetails" attribute is that it is the same for SSPR and MFA.

当用户注册时，注册页面会设置以下字段-身份验证电话，身份验证电子邮件，安全性问题和答案.
如果管理员本可以为手机"或备用电子邮件"提供一个值，则即使他们尚未注册该服务，用户也可以立即使用这些值来重置其密码. 参考: 用户注册时会发生什么

When a user registers, the registration page sets the following fields - Authentication Phone, Authentication Email, Security Questions and Answers.
If the Admin would have provided a value for Mobile phone or Alternate email, the users can immediately use those values to reset their passwords, even if they haven't registered for the service. Ref: What happens when a user registers

此属性保存所设置的电话"，电子邮件"或安全性问答"的值.

This attribute holds the value for the Phone, Email or Security Q&A that are set.

假设您对用户同时具有SSPR和MFA要求.即使该用户已成功启用MFA并提供了其详细信息，该用户也会被记录在该属性中.或者即使管理员将定义这些值，而无需用户注册 用于SSPR.

Say you have both SSPR and MFA requirement for your users. Even if a said user has successfully enabled MFA and given their details, the same would be recorded in this attribute. Or even if the Admin would have defined those value, without the users registering for SSPR.

此命令将返回已为其设置了电话/电子邮件/安全性Q& A的用户的值-不管是否注册了SSPR/MFA.

This command would return the value of the users for whom the Phone/ Email/ Security Q&A has been set - regardless of SSPR/MFA being registered for.

因此，您可能会接近所需的内容.但是目前还没有确定的方法可以确定.

So you could possibly get close to what you are looking for. But at the moment there is not set way to find out for sure.

--------------------------------------------------- --------------------------------------------------
如果该答案有帮助，请单击标记为答案"或投票.要提供有关您的论坛体验的其他反馈，请单击 这里

-------------------------------------------------------------------------------------------------
If this answer was helpful, click "Mark as Answer" or Up-Vote. To provide additional feedback on your forum experience, click here

这篇关于SSPR状态/报告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！