Active Directory Advanced Audit Policy için önerilen konfigürasyon aşağıdaki gibidir.
| Audit Policy | PC | Server | DC | |||
| Audit Policy Category or Subcategory | Windows Default | Baseline Recommendation | Stronger Recommendation | |||
| Success | Failure | Success | Failure | Success | Failure | |
| Account Logon | ||||||
| Audit Credential Validation | NO | NO | YES | YES | YES | |
| Audit Kerberos Authentication Service | YES | YES | ||||
| Audit Kerberos Service Ticket Operations | YES | YES | ||||
| Audit Other Account Logon Events | YES | YES | ||||
| Account Management | ||||||
| Audit Application Group Management | ||||||
| Audit Computer Account Management | YES | DC | YES | YES | ||
| Audit Distribution Group Management | ||||||
| Audit Other Account Management Events | YES | YES | YES | YES | ||
| Audit Security Group Management | YES | YES | YES | YES | ||
| Audit User Account Management | YES | NO | YES | YES | YES | YES |
| Detailed Tracking | ||||||
| Audit DPAPI Activity | YES | YES | ||||
| Audit Process Creation | YES | NO | YES | YES | ||
| Audit Process Termination | ||||||
| Audit RPC Events | ||||||
| DS Access | ||||||
| Audit Detailed Directory Service Replication | ||||||
| Audit Directory Service Access | DC | DC | DC | DC | ||
| Audit Directory Service Changes | DC | DC | DC | DC | ||
| Audit Directory Service Replication | ||||||
| Logon and Logoff | ||||||
| Audit Account Lockout | YES | NO | YES | NO | ||
| Audit User/Device Claims | ||||||
| Audit IPsec Extended Mode | ||||||
| Audit IPsec Main Mode | IF | IF | ||||
| Audit IPsec Quick Mode | ||||||
| Audit Logoff | YES | NO | YES | NO | YES | NO |
| Audit Logon | YES | NO | YES | YES | YES | YES |
| Audit Network Policy Server | YES | YES | ||||
| Audit Other Logon/Logoff Events | YES | YES | ||||
| Audit Special Logon | YES | NO | YES | NO | YES | YES |
| Object Access | ||||||
| Audit Application Generated | ||||||
| Audit Certification Services | ||||||
| Audit Detailed File Share | ||||||
| Audit File Share | ||||||
| Audit File System | ||||||
| Audit Filtering Platform Connection | ||||||
| Audit Filtering Platform Packet Drop | ||||||
| Audit Handle Manipulation | ||||||
| Audit Kernel Object | ||||||
| Audit Other Object Access Events | ||||||
| Audit Registry | ||||||
| Audit Removable Storage | ||||||
| Audit SAM | ||||||
| Audit Central Access Policy Staging | ||||||
| Policy Change | ||||||
| Audit Audit Policy Change | YES | NO | YES | YES | YES | YES |
| Audit Authentication Policy Change | YES | NO | YES | NO | YES | YES |
| Audit Authorization Policy Change | ||||||
| Audit Filtering Platform Policy Change | ||||||
| Audit MPSSVC Rule-Level Policy Change | YES | |||||
| Audit Other Policy Change Events | ||||||
| Privilege Use | ||||||
| Audit Non-Sensitive Privilege Use | ||||||
| Audit Other Privilege Use Events | ||||||
| Audit Sensitive Privilege Use | YES | YES | YES | YES | ||
| System | ||||||
| Audit IPsec Driver | YES | YES | YES | YES | ||
| Audit Other System Events | YES | YES | ||||
| Audit Security State Change | YES | NO | YES | YES | YES | YES |
| Audit Security System Extension | YES | YES | YES | YES | ||
| Audit System Integrity | YES | YES | YES | YES | YES | YES |
| Global Object Access Auditing | ||||||
| Audit IPsec Driver | ||||||
| Audit Other System Events | ||||||
| Audit Security State Change | ||||||
| Audit Security System Extension | ||||||
| Audit System Integrity | ||||||
Azure Security - Cyber Security 