您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure Active Directory 报告延迟Azure Active Directory reporting latencies

延迟是 Azure Active Directory (Azure AD) 报告数据在 Azure 门户中显示所需的时间。Latency is the amount of time it takes for Azure Active Directory (Azure AD) reporting data to show up in the Azure portal. 本文列出了不同类型报告的预期延迟。This article lists the expected latency for the different types of reports.

活动报表Activity reports

有两种类型的活动报告:There are two types of activity reports:

  • 登录 –提供有关托管应用程序和用户登录活动的使用情况的信息Sign-ins – Provides information about the usage of managed applications and user sign-in activities
  • 审核日志 - 提供有关用户和组、托管应用程序和目录活动的系统活动信息Audit logs - Provides system activity information about users and groups, managed applications and directory activities

下表列出了活动报表的延迟信息。The following table lists the latency information for activity reports.

备注

延迟 (95%) 是指报告 95% 的日志所用的时间,延迟 (99%) 是指报告 99% 的日志所用的时间。Latency (95th percentile) refers to the time by which 95% of the logs will be reported, and Latency (99th percentile) refers to the time by which 99% of the logs will be reported.

报表Report 延迟 (95%)Latency (95th percentile) 延迟 (99%)Latency (99th percentile)
审核日志Audit logs 2 分钟2 mins 5 分钟5 mins
登录Sign-ins 2 分钟2 mins 5 分钟5 mins

获得高级许可证后多久可看见活动数据?How soon can I see activities data after getting a premium license?

如果已经拥有免费许可证的活动数据,则可在升级时立即看到这些数据。If you already have activities data with your free license, then you can see it immediately on upgrade. 升级到高级许可证后,如果没有任何数据,则需要在一到两天后,数据才会显示在报告中。If you don’t have any data, then it will take one or two days for the data to show up in the reports after you upgrade to a premium license.

安全报表Security reports

有两种类型的安全报表:There are two types of security reports:

  • 风险登录 - 风险登录是指可能由非用户帐户合法拥有者进行的登录尝试。Risky sign-ins - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who is not the legitimate owner of a user account.
  • 已标记为存在风险的用户 - 风险用户是指可能已泄露的用户帐户。Users flagged for risk - A risky user is an indicator for a user account that might have been compromised.

下表列出了安全报表的延迟信息。The following table lists the latency information for security reports.

报告Report 最小值Minimum 平均值Average 最大值Maximum
有风险的用户Users at risk 5 分钟5 minutes 15 分钟15 minutes 2 小时2 hours
有风险的登录Risky sign-ins 5 分钟5 minutes 15 分钟15 minutes 2 小时2 hours

风险检测Risk detections

Azure AD 使用自适应机器学习算法和试探法来检测与用户帐户相关的可疑操作。Azure AD uses adaptive machine learning algorithms and heuristics to detect suspicious actions that are related to your user accounts. 每个检测到的可疑操作都存储在称为 风险检测的记录中。Each detected suspicious action is stored in a record called a risk detection.

下表列出了风险检测的滞后时间信息。The following table lists the latency information for risk detections.

报告Report 最小值Minimum 平均值Average 最大值Maximum
从匿名 IP 地址登录Sign-ins from anonymous IP addresses 5 分钟5 minutes 15 分钟15 Minutes 2 小时2 hours
从不熟悉的位置登录Sign-ins from unfamiliar locations 5 分钟5 minutes 15 分钟15 Minutes 2 小时2 hours
具有已泄漏凭据的用户Users with leaked credentials 2 小时2 hours 4 小时4 hours 8 小时8 hours
不可能前往异常位置Impossible travel to atypical locations 5 分钟5 minutes 1 小时1 hour 8 小时8 hours
从受感染的设备登录Sign-ins from infected devices 2 小时2 hours 4 小时4 hours 8 小时8 hours
从具有可疑活动的 IP 地址登录Sign-ins from IP addresses with suspicious activity 2 小时2 hours 4 小时4 hours 8 小时8 hours

后续步骤Next steps