Home » IT - Microsoft » Working with Identity Manager Hybrid Reporting

Working with Identity Manager Hybrid Reporting

Escribe tu dirección de correo electrónico para suscribirte a este blog, y recibir notificaciones de nuevos mensajes por correo.

Join 5 other followers

March 2016
« Feb   May »



All messages posted to this blog are provided "AS IS" with no warranties, and confer no rights. The content of this site are personal opinions and might not represent the Microsoft Corporation view. Regarding any sample code that we provide: This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment. THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. This blog serves 2 purposes. Firstly, I want to share information with other IT pros about the technologies we work with and how to solve problems we often face. Secondly, I use my blog as a notebook. There's so much to learn and remember in our jobs that it's impossible to keep up. By blogging, I have a notebook that I can access from anywhere. Anything you do to your IT infrastructure, applications, services, computer or anything else is 100% down to your own responsibility and liability. Mcselles bears no responsibility or liability for anything you do. Please independently confirm anything you read on this blog before doing whatever you decide to do.

Available hybrid reports

The first three Microsoft Identity Manager reports available in Azure AD are Password reset activity, Password reset registration and Self-service groups activity.

  • Password reset activity displays each instance when a user performed password reset using the SSPR and provides the gates or Methods used for authentication.

  • Password reset registration displays each time a user registers for the SSPR and the Methods used to authenticate, for example a mobile phone number or questions and answers. Note that for Password reset registration, no differentiation is made between SMS gate and MFA gate – both are considered Mobile Phone.

  • Self-service groups activity displays each attempt made by someone to add themselves to or delete themselves from a group and group creation.



The reports currently present data for up to one month back.

If you want to uninstall hybrid reports, uninstall the MIMreportingAgent.msi agent.


  1. Install Microsoft Identity Manager 2016 including the MIM service.

  2. Make sure you have an Azure AD Premium tenant with a licensed administrator in your directory.

  3. Make sure you have outgoing Internet connectivity from the Microsoft Identity Manager server to Azure.

Installing Microsoft Identity Manager Reporting in Azure AD

After the reporting agent is installed, the data from Microsoft Identity Manager activity is exported from Microsoft Identity Manager to windows event log. The Microsoft Identity Manager reporting agent processes the events, and uploads to Azure. In Azure, the events are parsed, decrypted, and filtered for the required reports.

  1. Install Microsoft Identity Manager 2016.

  2. Download the Microsoft Identity Manager reporting agents:

    1. Log into the Azure AD management portal and click on the Active Directory icon.

    2. Double click on the directory for which you are a Global Administrator and you have an Azure AD Premium subscription.

    3. Click Configuration and download the reporting agent.

  3. Install the Microsoft Identity Manager reporting agent:

    1. Create a directory on the computer.

    2. Extract the files MIMHybridReportingAgent.msi and tenant.cert into the directory.

    3. Run the agent installer.

    4. Make sure that the Microsoft Identity Manager reporting agent service is running

    5. Restart the Microsoft Identity Manager Service.

  4. Validate that Microsoft Identity Manager Reporting is working in Azure.

    You can create report data by using the Microsoft Identity Manager Self Service Password Reset Portal to reset a user’s password. Make sure that the password reset completed successfully and then check that the data is displayed in the Azure AD management portal.

Viewing hybrid reports in the Azure management portal

  1. Log into Azure with your global admin account for the tenant.

  2. Click the Active Directory icon.

  3. Select the tenant directory from the list of available directories for your subscription.

  4. Click Reports and then Password Reset Activity.

  5. Make sure you select Identity Manager in the source drop down menu.


It can take some time for Microsoft Identity Manager data to appear in Azure AD.

Stop sending Microsoft Identity Manager events to Azure

If you want to stop uploading reporting data from Microsoft Identity Manager to Azure Active Directory, you should uninstall the hybrid reporting agent. Using the Windows Add or Remove Programs tool, uninstall Microsoft Identity Manager Hybrid Reporting.

Windows Events Used for Microsoft Identity Manager Reporting in Azure AD

Events generated by Microsoft Identity Manager are logged in the Windows Event Log, and are visible in the Event Viewer under: Application and Services logs-> Identity Manager Request Log. Each Microsoft Identity Manager request is exported as an event in the Windows Event Log in JSON structure. This can be exported to your SIEM.

Event type


Event details



FIM event data that includes all the request data.



FIM event 4121 extension, in the case there is too much data for a single event. The header in this event is in the following form: "Request: <GUID> , message <xxx> out of <xxx>

Source: https://technet.microsoft.com/en-us/library/mt134416.aspx


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Microsoft on the Issues

News and perspectives on legal, public policy and citizenship topics

Mike Crowley's Whiteboard

“There are no limits to what you can accomplish when you are supposed to be doing something else."


There Be Dragons

Ken Cenerelli

My life in software development

VMware, Windows, Virtualization (Servers & Desktops)

VMware, Windows, Virtualization (Servers & Desktops)

Just a random "Microsoft Server / Client Tech" info..

"Feeding Your Training and Technology Obsessions"


WordPress.com is the best place for your personal blog or business site.


Documentación técnica, notas y apuntes sobre Administración de Sistemas, Servidores, Redes y más

Microsoft Taste

Mary's Blog

%d bloggers like this: