Back

Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm Check out our Identity Cloud Solutionsservi...

2 min read
Published on Mar 5, 2013
Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm (Check out our Identity Cloud Solutions for additional consulting help)

Configure ADFS Event Logging

You can configure event logging on federation servers, federation server proxies, and Web servers. ADFS events are logged in the Application event log and the Security event log.

Configure ADFS Event Logging - 1

Configure ADFS Event Logging - 2

Configure ADFS Event Logging - 3Important

You must turn on audit object access at each of the federation servers, for ADFS-related audits to appear in the Security log. This will allow the Federation Service to log either success or failure errors. For more information about how to turn on audit object access, see Audit object access (https://go.microsoft.com/fwlink/?LinkId=62686).

Default Events for Claims-aware Applications on a Web Server

You will notice the following event if the ADFS Web server is able to retrieve ADFS trust information successfully from the Federation Service.

Event Type:Information

Event Source:ADFS

Event Category:None

Event ID:621

Date:11/10/2005

Time:4:09:26 PM

User:N/A

Computer:ADFSWEB

Description:

The ADFS Web Agent for claims-aware applications successfully retrieved trust information from the Federation Service.

GUID: d977fee6-175b-4532-bc24-5ac54d137d57

Version: 17

Federation Service Uniform Resource Locator (URL): https://adfsresource.treyresearch.net/adfs/fs/federationserverservice.asmx

Federation Service Uniform Resource Identifier (URI): urn:federation:treyresearch

Federation Service Endpoint URL: https://adfsresource.treyresearch.net/adfs/ls/

Federation Service Domain Account: TREYRESEARCH0ADFSRESOURCE$

You will also see the following event below in the Security log.

Event Type:Success Audit

Event Source:ADFS ASP.NET Module Auditor

Event Category:Object Access

Event ID:560

Date:11/10/2005

Time:4:10:11 PM

User:NT AUTHORITYNETWORK SERVICE

Computer:ADFSWEB

Description:

The client presented a valid inbound token as evidence.

Token ID: _ad5a3694-860d-4063-95a3-3b0163fad3ca

Identity: [email protected]

Read more https://technet.microsoft.com/en-us/library/cc738766(v=WS.10).aspx Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Ensure Microsoft 365 Backup Data Integrity

Ensuring Data Integrity During Backups in Microsoft 365

Discover strategies to maintain data integrity during Microsoft 365 backups. Pevent corruption, ensure reliability, and meet compliance standards.

Nov 7, 2025
4 min read
Microsoft 365 Tenant Migration for ITAR Organizations

Microsoft 365 Tenant Migration for ITAR-Regulated Organizations

Ensure compliance with ITAR during Microsoft 365 tenant migrations. Learn how to protect export-controlled data and choose the right cloud environment.

Nov 7, 2025
7 min read
NIST SP 800-171 vs 800-172: Key Differences Explained

Key Differences Between NIST SP 800-171 and NIST SP 800-172

Explore the key differences between NIST SP 800-171 and NIST SP 800-172, including how 800-172 enhances security for protecting Controlled Unclassified Information (CUI) against advanced threats.

Nov 4, 2025
6 min read
Tenant Migrations for DFARS-Covered Entities

Handling Sensitive Data in Tenant Migrations for DFARS-Covered Entities

Learn how to securely manage sensitive data during tenant migrations for DFARS-covered entities. Understand CUI protections, cloud tools, and compliance strategies.

Oct 31, 2025
7 min read
Compliant Tenant Migration for DoD Subcontractors

Compliant Tenant-to-Tenant Migration for DoD Subcontractors

Learn how to execute a secure and compliant Microsoft 365 tenant-to-tenant migration for DoD subcontractors while protecting CUI and meeting DFARS and NIST 800-171.

Oct 27, 2025
8 min read
NIST SP 800-171 Considerations in Microsoft 365 Tenant Migrations

NIST SP 800-171 Considerations in Microsoft 365 Tenant Migrations

Ensure compliance with NIST 800-171 when migrating Microsoft 365 tenants. Learn how to secure CUI, meet control requirements, and reduce migration risks.

Oct 27, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don’t want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122