Auditing - Ensure The Self-Service Password Reset Activity Report Is Reviewed At Least Weekly

 







Summary

It is common knowledge, that the Microsoft 365 platforms generally allow users to reset their password in case they forget them. The self-service password reset activity report logs each time a user successfully resets their password this way and should be reviewed at least weekly.

Reason

An attacker can easily compromise an account, and then change the password to something only they can manage and control.                                                                                                                                                   

How to?

To review the report, perform the following steps using Azure Portal:
  1. Go to portal.azure.com.
  2. Click Azure Active Directory.
  3. Now, click on 'Usage & insights' under 'Monitoring'.
  4. Select 'Authentication methods activity' and the 'Usage' tab.
  5. Review the list of users who have reset their passwords in the last seven days by clicking on 'Self-service password resets and account unlocks by methods'.

Monitor:

To verify that the report is being reviewed at least weekly, confirm that the necessary procedures are in place and being followed.























































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Design Planning (Part 3)