Share via

Event audit problems Microsoft LAPS

Anonymous
2023-07-31T10:17:18+00:00

We have configured the new version of Microsoft LAPS and after confirming that it is working correctly, we see that it does not register in the logs when a password change is made by users who are within the authorized security group. We need to record such changes so that we can audit when needed. The logs that we review are those that can be found in the following route of the event viewer: Applications and Services Logs/Microsoft/Windows/LAPS/Operational We have searched for documentation in Microsoft and we have found in the URL: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-management-event-log Which indicates the following: The Windows LAPS event log channel contains events related to the local machine acting as the client. The Windows LAPS event log channel on an Active Directory domain controller only contains events related to local DSRM account management (if enabled) and never contains events related to domain joined client behaviors. We understand that it does not record events with the changes, if they are made in the computers joined to the domain. On the other hand, we have found another URL: https://learn.microsoft.com/en-us/answers/questions/1193798/laps-ps-module-not-available Where it indicates a command in powershell to activate the audit of laps: Set-LapsADAuditing We would need you to confirm if this audit can be activated and how to activate it correctly in LAPS to record password changes made by authorized users.

Microsoft 365 and Office | Subscription, account, billing | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-07-31T11:40:34+00:00

    Hi Mabelle Montoya,

    Good day.

    Thank you for connecting with us in Microsoft community.

    As per your description, seems like your concern environment is connected with Windows server and Azure Active directory Domain which is mainly focusing by different forum channel, and that forum resources is Microsoft Q&A forum community, in order of your scenario, you may need to contact and place your scenario our specific community channel so that our related community members can provide possible information from their side, because we are mainly focusing pure Office 365 exchange online related scenario on this forum channel community.

    Here is URL link to place your situation: Microsoft Q&A forum community

    I would really appreciate your kind cooperation and precious time.

    Sincerely,

    Darpan

    Was this answer helpful?

    0 comments