question

HrishikeshTak-8848 avatar image
1 Vote"
HrishikeshTak-8848 asked ·

Azure AD Domain Services Security Audit Events?

How can I get the security audit events like Account Logon (Audit Kerberos Authentication Service) in Azure AD Domain Services?

I am new to Azure and my requirement is to get Network Information and Account Information from the computers connected to Azure AD Domain Controller (event-4768).

I enable the security audits for Azure Active Directory Domain Services (security-audit-events) which stream security events to targeted resources. I configured the target resource as Azure Log Analytics Workspace but still unable to get the Kerberos Authentication Audit events from the connected computers in the Log Analytics workspace.

I configured the Azure AD domain services and Join a couple of Windows Server virtual machine to a managed domain and then configured security audit policy settings in windows server VM to generate audit events. (advanced-security-audit-policy-settings)

As Azure AD DS is a domain managed by Microsoft so we do not have full control of the domain controller. Please let me know how can I get security audit events from Azure AD DS

Thanks and Regards,

Hrishikesh


azure-ad-domain-services
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mturscak avatar image
1 Vote"
mturscak answered ·

I am not sure if event-4768 is supported as it's not listed as one of the audit events in the documentation for ADDS.


· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

But it is mentioned in audit-event-categories under Account Logon.

Is there any other way to get event-4768?

Thanks and Regards,

Hrishikesh


0 Votes 0 · ·
KAREDD-MSFT avatar image
0 Votes"
KAREDD-MSFT answered ·

Hi, I can confirm that event 4768 is not supported as of now. Our Product group is planning to add more events related to Kerberos and NTLM in the near future.

I would recommend others looking for similar events to vote for the feature request created by @HrishikeshTak-8848 here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/39076378-support-for-kerberos-authentication-security-event

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.