Measure your Azure AD MFA and Self-Service Password Reset Success

Azure AD, Cloud, MFA, Microsoft, Security 1 Minute

You might find it a bit daunting to measure the success of your organisations MFA and Self-Service Password Reset roll-out. You’ve already sent out instructions to your users, you’ve prepared the service desk for incoming questions and you’ve activated the features. What now? How are we doing?

There is actually a, not so well known, great little tool for this built right into the Azure Portal called Password reset – Usage & insights. You’ll find this tool in the Azure Portal by browsing to Azure Active Directory > Password reset > Usage & insights. You can also go directly to the tool by clicking this link.

This tool will display all sorts of interesting information about your users MFA and SSPR activity and registered authentication methods. I like to use this to see which authentication methods users prefer and also as a success measures when moving from one method to another, like from SMS to authentication app.

MFAInsights1

The Users registered, Users enabled, and Users capable tiles show the following registration data for your users:

  • Registered: A user is considered registered if they (or an admin) have registered enough authentication methods to meet your organization’s SSPR or Multi-Factor Authentication policy.
  • Enabled: A user is considered enabled if they are in scope for the SSPR policy. If SSPR is enabled for a group, then the user is considered enabled if they are in that group. If SSPR is enabled for all users, then all users in the tenant (excluding guests) are considered enabled.
  • Capable: A user is considered capable if they are both registered and enabled. This status means that they can perform SSPR at any time if needed.

You can dig deeper by clicking on a tile and get detailed information about each user. You can also export the results to a CSV file to further analyse the data in Excel and Power BI.

If you go to the Usage tab your can see all SSPR resets from the last 30 days. You can also see which authentication methods users chose to go with.

MFAInsights2

Tools like this are very important when we’re boosting organisation security by implementing modern authentication.

You can find more information here.

Please follow me here, on LinkedIn and on Twitter.

@DanielChronlund

Published by Daniel Chronlund

Daniel is an IT consultant at Altitude 365, specialized in Microsoft cloud infrastructure design and implementation. Daniel provides consultative services around Azure IaaS and PaaS services, Microsoft 365, EM+S and Office 365. He helps customers to work smarter, more secure and to get the most value out of the Microsoft cloud.

Published

2 thoughts on “Measure your Azure AD MFA and Self-Service Password Reset Success

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s