Azure AD’s self-service capabilities facilitate mobility and provide a better user experience by enabling users to change their passwords without calling anyone for support or creating tickets. However, with this capability in place, admins have to be diligent about tracking password resets so they can spot any suspicious actions that could be indicative of identity theft.
The Azure AD password reset capabilities is convenient for users and reduces helpdesk costs. But because it enables any user to perform an Azure password reset from any device at any location and at any time, this capability can create security gaps in your Azure AD environment.
Azure AD security best practices recommend staying on top of all password changes in order to minimize the risk of anyone using another user’s credentials to make unauthorized changes or access sensitive data. To get insight into password reset and registration activity across your Azure AD, you can use Microsoft Azure audit logging data. However, to find the exact information you need, you’ll have to spend valuable time filtering the data. Plus, you’ll have to plan ahead about where you’ll keep your audit logs for the long term, because you can store them in Azure AD for only 90 days.
Do you want to harden the security of your Azure AD environment against the risk of identity theft and other unauthorized activity? Netwrix Auditor for Azure AD delivers 360-degree visibility into Azure AD sign-in attempts (successful and failed); Azure AD password resets; changes to configurations, groups, roles, applications and devices; and much more. Netwrix Auditor goes beyond traditional audit logging by delivering the security intelligence you need to keep tabs on what’s happening in your cloud-hosted AD. With this solution at your fingertips, you can: