Configuring Audit Policy and Enabling Auditing for ADFS Monitoring

Configure the following audit policy or advanced audit policy in the respective GPO.

  1. Open Group Policy Management Console(GPMC).
  2. Edit the respective GPO.(ADFS on DomainControllers,ADFS on Member Servers)
  3. Configure required Advanced Audit Policies for 2k8 and above servers(recommended). This settings can be found under
    1. Computer Configuration|Windows Settings|Security Settings|Advanced Audit Policy Configuration|System Audit Policies
      1. Audit ADFS Logon: Select Object Access -> Application Generated(Success,Failure).
  4. Configure required audit Polices for 2k3 and below servers
    1. Computer Configuration|Windows Settings|Security Settings|Local Polices|Audit Policy
      1. Audit ADFS Logon: Configure Object Access (Success).

Enabling auditing on the Federation Server.

  1. Open AD FS management console.
  2. ADFS policy
  3. Right click AD FS and choose "Edit Federation Service Properties".
  4. Click on the Events tab.Enable "Success Audits" and "Failure Audits".

Configuring claims

For each of the Relying parties to be audited, add the following claims

  1. Primary SID
  2. UPN
  3. Client IP
  4. Inside Corporate Network
  5. Proxy
Copyright © 2019, ZOHO Corp. All Rights Reserved.
Get download link