Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Azure Active Directory built in searches

On Demand Audit provides the following Azure Active Directory built-in searches that are based on the most common and complex requests for information:

  • Azure AD application events in the past 7 days
  • Azure AD directory events in the past 7 days
  • Azure AD events in the past 7 days
  • Azure AD failed sign-in events in the past 7 days
  • Azure AD group events in the past 7 days
  • Azure AD group member changes in the past 7 days
  • Azure AD group owner changes in the past 7 days
  • Azure AD risk events in the past 7 days
  • Azure AD role events in the past 7 days
  • Azure AD role member changes in the past 7 days
  • Azure AD self-service password management events in the past 7 days
  • Azure AD sign-in events in the past 7 days
  • Azure AD successful sign-in events in the past 7 days
  • Azure AD tenant level configuration changes in the last 180 days
  • Azure AD user created events in the past 7 days
  • Azure AD user deleted events in the past 7 days
  • Azure AD user events in the past 7 days
  • Important changes for critical Azure AD directory roles in the past 7 days
  • Objects added/removed from Azure AD groups in the past 7 days
  • Objects added/removed from Azure AD roles in the past 7 days
  • Users added/removed as owner of Azure AD groups in the past 7 days

 

Best Practices built in searches

On Demand Audit provides the following Best Practices built-in search:

  • Sharing operations on important file types within past 7 days
  • Teams guest access enabled or disabled in the past 30 days

Group Policy built in searches

On Demand Audit provides the following Group Policy built-in searches:

  • Group Policy all events in the past 7 days
  • Group Policy all restricted group changes in the past 30 days
  • Group Policy all security changes in the past 30 days

Logon Activity built in searches

On Demand Audit provides the following logon activity built-in searches:

  • Logon Activity all authentication activity in the past 7 days
  • Logon Activity all excessive Kerberos ticket lifetime events in the past 30 days
  • Logon Activity all failed logon activity in the past 7 days
  • Logon Activity all interactive logon activity in the past 24 hours
  • Logon Activity all Kerberos authentication activity in the past 24 hours
  • Logon Activity all logon activity in the past 24 hours
  • Logon Activity all logon session activity in the past 24 hours
  • Logon Activity all NTLM version 1 logons in the past 7 days (Note: The associated event class is disabled by default in Change Auditor.)
  • Logon Activity all remote logon activity in the past 24 hours
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating