Hi @Zack W ,
Thanks for reaching out.
I understand you are trying to read the Self Service Password Reset reporting in audit logs.
Based on the logs attached, on 2022-08-02 admin force the password and other related activities by user to complete security info registration. There are no activities related to Self-service Password Management on 2022-08-08 and 2022-08-17.
However, there are logs to update StrongAuthenticationPhoneAppDetail for John Doe by fim_password_service@support.onmicrosoft.com on 2022-08-08 and 2022-08-17.
This activity created when a user’s phone application used for multi-factor authentication and password reset verification have been changed by fim_password_service@support.onmicrosoft.com which is an internal account used to indicate activity is done in App context rather than App + User context.
Hope this will help you to understand the logs events based on activity type.
Thanks,
Shweta
-----------------------------------
Please remember to "Accept Answer" if answer helped you.