Go Up
You are here: DeploymentAzure AD

Configure IT Infrastructure for Auditing and Monitoring

Netwrix Auditor relies on native logs for collecting audit data. Therefore, successful change and access auditing requires a certain configuration of native audit settings in the audited environment and on the computer where Netwrix Auditor Server resides. Configuring your IT infrastructure may also include enabling certain built-in Windows services, etc. Proper audit configuration is required to ensure audit data integrity, otherwise your change reports may contain warnings, errors or incomplete audit data.

The table below lists the native audit settings that must be adjusted to ensure collecting comprehensive and reliable audit data. You can enable Netwrix Auditor to continually enforce the relevant audit policies or configure them manually.

Data source Required configuration

Active Directory (including Group Policy)

Azure AD

For Azure AD auditing, no special settings are required. However, remember to do the following:

  1. Configure data collecting account, as described in Configure Data Collecting Account.
  2. Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Azure AD.


Exchange Online

Remember to do the following:

  1. Check that Data Collection Account meets the requirements specified in Configure Data Collecting Account for Exchange Online. You may need to take the steps described in Assigning 'Audit Logs', 'Mail Recipients' and 'View-Only Configuration' Admin Roles to Office 365 Account
  2. Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Office 365

Windows File Servers

EMC Isilon



Network Devices
Oracle Database


SharePoint Online (including OneDrive for Business)

No configuration required

SQL Server

No configuration required.

NOTE: If you plan to audit an SQL Server for data changes and browse the results using 'Before' and 'After' filter values, make sure that the audited SQL database tables have a primary key (or a unique column). Otherwise, 'Before' and 'After' values will not be reported.


No configuration required

Windows Server (including DNS, DHCP and removable media)

Event Log (including Cisco)


Logon Activity

User Activity

Refer to the following topics for detailed instructions depending on the system you are going to audit:

Go Up