I am not sure if event-4768 is supported as it's not listed as one of the audit events in the documentation for ADDS.
Azure AD Domain Services Security Audit Events?
How can I get the security audit events like Account Logon (Audit Kerberos Authentication Service) in Azure AD Domain Services?
I am new to Azure and my requirement is to get Network Information and Account Information from the computers connected to Azure AD Domain Controller (event-4768).
I enable the security audits for Azure Active Directory Domain Services (security-audit-events) which stream security events to targeted resources. I configured the target resource as Azure Log Analytics Workspace but still unable to get the Kerberos Authentication Audit events from the connected computers in the Log Analytics workspace.
I configured the Azure AD domain services and Join a couple of Windows Server virtual machine to a managed domain and then configured security audit policy settings in windows server VM to generate audit events. (advanced-security-audit-policy-settings)
As Azure AD DS is a domain managed by Microsoft so we do not have full control of the domain controller. Please let me know how can I get security audit events from Azure AD DS
Thanks and Regards,
Hrishikesh
2 answers
Sort by: Most helpful
-
Marilee Turscak-MSFT 37,046 Reputation points Microsoft Employee
2019-11-16T00:34:45.617+00:00 -
Manoj Reddy 406 Reputation points Microsoft Employee
2019-11-20T12:25:17.153+00:00 Hi, I can confirm that event 4768 is not supported as of now. Our Product group is planning to add more events related to Kerberos and NTLM in the near future.
I would recommend others looking for similar events to vote for the feature request created by @Hrishikesh Tak here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/39076378-support-for-kerberos-authentication-security-event