Go Up
You are here: DeploymentAzure AD

Configure IT Infrastructure for Auditing and Monitoring

Netwrix Auditor relies on native logs for collecting audit data. Therefore, successful change and access auditing requires a certain configuration of native audit settings in the audited environment and on the computer where Netwrix Auditor Server resides. Configuring your IT infrastructure may also include enabling certain built-in Windows services, etc. Proper audit configuration is required to ensure audit data integrity, otherwise your change reports may contain warnings, errors or incomplete audit data.

The table below lists the native audit settings that must be adjusted to ensure collecting comprehensive and reliable audit data. You can enable Netwrix Auditor to continually enforce the relevant audit policies or configure them manually.

Data source Required configuration

Active Directory (including Group Policy)

Azure AD

For Azure AD auditing, no special settings are required. However, remember to do the following:

  1. Configure data collecting account, as described in Configure Data Collecting Account.
  2. Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Azure AD.

Exchange

Exchange Online

Remember to do the following:

  1. Check that Data Collection Account meets the requirements specified in Configure Data Collecting Account for Exchange Online. You may need to take the steps described in Assign Audit Logs, Mail Recipients and View-Only Configuration Admin Roles to Office 365 Account
  2. Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Office 365

Windows File Servers

EMC Isilon

EMC VNX/VNXe

NetApp

Oracle Database

SharePoint

SharePoint Online (including OneDrive for Business)

No configuration required

SQL Server

No configuration required.

NOTE: If you plan to browse the audit data using advanced Apply Additional Filters, in particular, to display 'Before' and 'After' values, make sure that the audited SQL database tables have a primary key (or a unique column). Otherwise, 'Before' and 'After' values will not be reported.

VMware

No configuration required

Windows Server (including DNS, DHCP and removable media)

Event Log (including Cisco)

IIS

Logon Activity

User Activity

Refer to the following topics for detailed instructions depending on the system you are going to audit:

Go Up