Hi @Oleksandr ,
It should just be the related event log. You can check in the DC agent service's Admin event log.
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-monitor
You can also check the password validation summary using Get-AzureADPasswordProtectionSummaryReport
Sample output:
Get-AzureADPasswordProtectionSummaryReport -DomainController bplrootdc2
DomainController : bplrootdc2
PasswordChangesValidated : 6677
PasswordSetsValidated : 9
PasswordChangesRejected : 10868
PasswordSetsRejected : 34
PasswordChangeAuditOnlyFailures : 213
PasswordSetAuditOnlyFailures : 3
PasswordChangeErrors : 0
PasswordSetErrors : 1
You can also check the trace logs and operation logs as described in the article.