How can I get the security audit events like Account Logon (Audit Kerberos Authentication Service) in Azure AD Domain Services?
I am new to Azure and my requirement is to get Network Information and Account Information from the computers connected to Azure AD Domain Controller (Doc: 4768(S, F): A Kerberos authentication ticket (TGT) was requested).
I enable the security audits for Azure Active Directory Domain Services (Doc: Enable security audits for Azure Active Directory Domain Services) which stream security events to targeted resources. I configured the target resource as Azure Log Analytics Workspace but still unable to get the Kerberos Authentication Audit events from the connected computers in Log Analytics workspace.
I configured the Azure AD domain services and Join a couple of Windows Server virtual machine to a managed domain and then configured security audit policy settings in windows server VM to generate audit events. (Doc: Advanced security audit policy settings)
As Azure AD DS is a domain managed by Microsoft so we do not have full control of the domain controller. Please let me know how can I get security audit events from Azure AD DS
P.S.: Unable to attach links as account is not verified.
Thanks and Regards,
Hrishikesh