Chat now with support
Chat with Support

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Active Directory Built in searches

If you have a Change Auditor installation registered with On Demand Audit, you will have access to the following Active Directory built-in searches:

  • AD all account lockout events in the past 7 days
  • AD all attribute changes in the past 7 days
  • AD all computer events in the past 7 days
  • AD all domain controller events in the past 7 days
  • AD all events in the past 24 hours
  • AD all events in the past 7 days
  • AD all events including ActiveRoles/GPOADmin initiator in the past 7 days
  • AD all forest configuration events in the past 7 days
  • AD all objects deleted in the past 7 days
  • AD all OU events in the past 7 days
  • AD all replication events in the past 7 days
  • AD all schema configuration events in the past 7 days
  • AD all security changes in the last 30 days
  • AD all site events in the past 7 days
  • AD all user events in the past 7 days
  • AD computers added in the past 30 days
  • AD computers disabled in the past 30 days
  • AD computers enabled in the past 30 days
  • AD computers moved in the past 30 days
  • AD computers removed in the past 30 days
  • AD computers renamed in the past 30 days
  • AD critical group membership changes in the past 30 days
  • AD group added in the past 30 days
  • AD group deleted in the past 30 days
  • AD group member added changes in the past 30 days
  • AD group member removed changes in the past 30 days
  • AD group moved in the past 30 days
  • AD group nested member added changes in the past 30 days
  • AD group nested member removed changes in the past 30 days
  • AD group renamed in the past 30 days
  • AD users added in the past 30 days
  • AD users added to group in the past 30 days
  • AD users deleted in the past 30 days
  • AD users disabled in the past 30 days
  • AD users enabled in the past 30 days
  • AD users locked out in the past 30 days
  • AD users moved in the past 30 days
  • AD users removed from group in the past 30 days
  • AD users renamed in the past 30 days
  • AD users unlocked in the past 30 days

See Change Auditor Integration for details on adding on-premises event data to your On Demand Audit deployment.

Active Directory Federation Services built in searches

On Demand Audit provides the following Active Directory Federation Services built-in search:

  • AD FS All claims provider trust events in the past 30 days

  • AD FS All relying party trust events in the past 30 days
  • AD FS All endpoint events in the past 30 days
  • AD FS All authentication method changes in the past 30 days

  • AD FS All server farm events in the past 30 days

  • AD FS Authentication method registered and unregistered events in the past 30 days

Azure Active Directory built in searches

On Demand Audit provides the following Azure Active Directory built-in searches that are based on the most common and complex requests for information:

  • Azure AD application events in the past 7 days
  • Azure AD directory events in the past 7 days
  • Azure AD events in the past 7 days
  • Azure AD failed sign-in events in the past 7 days
  • Azure AD group events in the past 7 days
  • Azure AD group member changes in the past 7 days
  • Azure AD group owner changes in the past 7 days
  • Azure AD risk events in the past 7 days
  • Azure AD role events in the past 7 days
  • Azure AD role member changes in the past 7 days
  • Azure AD self-service password management events in the past 7 days
  • Azure AD sign-in events in the past 7 days
  • Azure AD successful sign-in events in the past 7 days
  • Azure AD tenant level configuration changes in the last 180 days
  • Azure AD user created events in the past 7 days
  • Azure AD user deleted events in the past 7 days
  • Azure AD user events in the past 7 days
  • Important changes for critical Azure AD directory roles in the past 7 days
  • Objects added/removed from Azure AD groups in the past 7 days
  • Objects added/removed from Azure AD roles in the past 7 days
  • Users added/removed as owner of Azure AD groups in the past 7 days

 

Best Practices built in searches

On Demand Audit provides the following Best Practices built-in search:

  • Sharing operations on important file types within past 7 days
  • Teams guest access enabled or disabled in the past 30 days
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating