User Profile
f0cus_13
Copper Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Windows Server 2012 R4 Event Code 4776 blank source workstation
Hello, I am using an Active Directory server with Windows Server 2012 R2 Datacenter. In the Event Viewer of the AD Server, I want to track down logons (succeeded/failed) of users into servers monitored by this AD server. At the moment, I only see events with code 4776 related to logons, but they lacks information about Source Workstation. This is an example: " EventCode=4776 EventType=0 ComputerName=computer.name SourceName=Microsoft Windows security auditing. Type=Information RecordNumber=6697575380 Keywords=Audit Success TaskCategory=Credential Validation OpCode=Info Message=The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: logon-account Source Workstation: source-workstation Error Code: 0x0 " To monitor logons on those servers from the Active Controller, what policies should I configure?AAD Conditional Access policies vs Control Access RBAC
Hi community. Could someone explain me the difference between Conditional Access and Control Access RBAC policies? If I understood, with conditional access I configure how a user (internal/external) could login in Azure environment and/or Apps, for example by enabling the MFA or geographical location, and so on. Instead, with conditional access (RBAC) policies I could specify what users/groups (internals/externals) can do: for example I can enable read only privileges for a group for Azure vNet access, or admin privileges for Azure Sentinel. Is it correct? Thank you allSolved6.9KViews1like1Comment
Groups
Recent Blog Articles
No content to show