Task 1.4: Configure audit policies in AD environment
Post-deployment configuration resources:
Configure using manual process
Configure using automated process
-
In the DC01 search box, enter PowerShell, then right-click Windows PowerShell to run as administrator.
-
In PowerShell, enter the following command to install Defender for Identity.
Install-Module -Name DefenderForIdentity
-
When prompted about installing from an untrusted repository, enter A to respond with Yes to future prompts.
-
Enter the following command to generate a report with current configurations:
New-MDIConfigurationReport -Path "C:\Reports" -Mode Domain -OpenHtmlReport
-
In Microsoft Edge, review the MDI configuration report window for MSMDI.LOCAL.
Some failures are expected in the report, but they’ll be corrected in the coming steps.
-
Run the following commands in Powershell to fix the failed MDI configurations:
Set-MDIConfiguration -Mode Domain -Configuration AdfsAuditing Set-MDIConfiguration -Mode Domain -Configuration AdvancedAuditPolicyCAs Set-MDIConfiguration -Mode Domain -Configuration AdvancedAuditPolicyDCs Set-MDIConfiguration -Mode Domain -Configuration CAAuditing Set-MDIConfiguration -Mode Domain -Configuration ConfigurationContainerAuditing Set-MDIConfiguration -Mode Domain -Configuration DomainObjectAuditing Set-MDIConfiguration -Mode Domain -Configuration NTLMAuditing Set-MDIConfiguration -Mode Domain -Configuration ProcessorPerformance
You can safely disregard any warnings relating to Microsoft ADFS or Microsoft Exchange Services.
-
Enter the following command to generate a new configuration report.
New-MDIConfigurationReport -Path "C:\Reports" -Mode Domain -OpenHtmlReport
In this MDI configuration report for: MSMDI.LOCAL, the status Passed for all.