Forum Discussion

Lutz Mueller-Hipper's avatar
Lutz Mueller-Hipper
Copper Contributor
Feb 08, 2023
Solved

Directory Services Object Auditing is not configured as required - Misconfigured item

Hi,   I get the error "Directory Services Object Auditing is not configured as required on contoso.com. Misconfigured items:". I was following the article linked in the message to configure auditin...
  • Kacper_Burdzy's avatar
    Kacper_Burdzy
    Feb 10, 2023

    Lutz Mueller-Hipper 

     

    Hi, have you tried logging into https://<your_workspace_name>.atp.azure.com
    As I can see, the older portal provides some extended information comparing to https://security.microsoft.com/. There is also information which part of Directory Services Object Auditing is misconfigured. 

    I had the same problem and also could not see any hint at security.microsoft.com

     

thalpius's avatar
thalpius
Brass Contributor
Mar 17, 2023
I've cerated a GUI-based MDI checker which is more clear I think:
https://github.com/thalpius/Microsoft-Defender-for-Identity-Configuration-Checker

Please let me know if you need any more help.
LutzMH's avatar
LutzMH
Copper Contributor
Mar 18, 2023

I my case the "Control access" was not set after I added the object audit settings via ADUC.

1- open ldp.exe, connect and bind to your domain, right mouse-click on the domain > Advanced > Security Descriptor, check SACL and hit OK.

2- look for the SACL ACE you are interested in and double mouse-click

3 - check permissions, set what is missing.

 

thalpius , great tool! Thank you.

  • DLaudel-TechComm's avatar
    DLaudel-TechComm
    Copper Contributor
    Mar 20, 2023

    LutzMH 

     

    That's exactly the solution I needed. My object auditing settings are now passing the tests in the Test-MdiReadiness.ps1 script.

     

    Thank you!