How can I get the security audit events like Account Logon (Audit Kerberos Authentication Service) in Azure AD Domain Services?
I am new to Azure and my requirement is to get Network Information and Account Information from the computers connected to Azure AD Domain Controller (event-4768).
I enable the security audits for Azure Active Directory Domain Services (security-audit-events) which stream security events to targeted resources. I configured the target resource as Azure Log Analytics Workspace but still unable to get the Kerberos Authentication Audit events from the connected computers in the Log Analytics workspace.
I configured the Azure AD domain services and Join a couple of Windows Server virtual machine to a managed domain and then configured security audit policy settings in windows server VM to generate audit events. (advanced-security-audit-policy-settings)
As Azure AD DS is a domain managed by Microsoft so we do not have full control of the domain controller. Please let me know how can I get security audit events from Azure AD DS
Thanks and Regards,