Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Task 1.4: Configure audit policies in AD environment

Post-deployment configuration resources:

Configure using manual process

Configure using automated process

  1. In the DC01 search box, enter PowerShell, then right-click Windows PowerShell to run as administrator.

  2. In PowerShell, enter the following command to install Defender for Identity.

     Install-Module -Name DefenderForIdentity
    
  3. When prompted about installing from an untrusted repository, enter A to respond with Yes to future prompts.

  4. Enter the following command to generate a report with current configurations:

     New-MDIConfigurationReport -Path "C:\Reports" -Mode Domain -OpenHtmlReport
    
  5. In Microsoft Edge, review the MDI configuration report window for MSMDI.LOCAL.

    MDI-Confir-Report-1.jpg

    Some failures are expected in the report, but they’ll be corrected in the coming steps.

  6. Run the following commands in Powershell to fix the failed MDI configurations:

     Set-MDIConfiguration -Mode Domain -Configuration AdfsAuditing
     Set-MDIConfiguration -Mode Domain -Configuration AdvancedAuditPolicyCAs
     Set-MDIConfiguration -Mode Domain -Configuration AdvancedAuditPolicyDCs
     Set-MDIConfiguration -Mode Domain -Configuration CAAuditing
     Set-MDIConfiguration -Mode Domain -Configuration ConfigurationContainerAuditing
     Set-MDIConfiguration -Mode Domain -Configuration DomainObjectAuditing
     Set-MDIConfiguration -Mode Domain -Configuration NTLMAuditing
     Set-MDIConfiguration -Mode Domain -Configuration ProcessorPerformance
    

    You can safely disregard any warnings relating to Microsoft ADFS or Microsoft Exchange Services.

  7. Enter the following command to generate a new configuration report.

     New-MDIConfigurationReport -Path "C:\Reports" -Mode Domain -OpenHtmlReport
    

    MDI-Confir-Report-2.jpg

    In this MDI configuration report for: MSMDI.LOCAL, the status Passed for all.