Forum Discussion
Auditing of AD FS events
I've tried to install the newest MDI sensor on one of my AD FS servers but under the installation if reports that auditing is not configured correctly - see attached image.
It's possible to click Next and proceed with the installation.
I've verified that the auditing is in place and configured according to the guide. I can even see the audit events in the security log.
What am I missing here?
Just for your information, then the service wont start after the installation - I'll start another discussion about that issue 🙂
Hi,
Just got another similar case, that was resolved by running the setup elevated.
Can you try that and let me know if the warning is gone ?
12 Replies
- EliOfek
Microsoft
Hi,
Just got another similar case, that was resolved by running the setup elevated.
Can you try that and let me know if the warning is gone ?
EliOfek FYI running setup elevated solved the issue for us too.
Would be nice to either see docs updated or the install file changed.
- EliOfek
The docs actually says that already:
https://docs.microsoft.com/en-us/defender-for-identity/install-step4
"Run Azure ATP sensor setup.exe with elevated privileges (Run as administrator) and follow the setup wizard."
As for changing the exe to auto prompt a UAC dialog, there is currently a technical limitation preventing us from doing so due to the installer infra we use that intentionally block it, but we are working on it to work like that. it will take some time though, as it is going to be incorporated with some other features that will make the deployment a breeze. stay tuned on this topic....
EliOfek running the installation elevated solved the issue. Then it doesn't raise an alert about issue regarding auditing on the ADFS server. Thanks.
bjarneabraham It was a success on one of the AD FS servers but not on the others 😞
I've checked the audit level and requirements and they are exact the same.
Any good ideas? 🙂
- EliOfek
bjarneabraham
Can you run on this machine from powershell this command and share the full output?(Get-AdfsProperties).LogLevel
