Back

Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm Check out our Identity Cloud Solutionsservi...

2 min read
Published on Mar 5, 2013
Configuring ADFS Servers for Auditing User Logon Events

Below is the information needed for auditing success and failure logon events in an ADFS Server Farm (Check out our Identity Cloud Solutions for additional consulting help)

Configure ADFS Event Logging

You can configure event logging on federation servers, federation server proxies, and Web servers. ADFS events are logged in the Application event log and the Security event log.

Configure ADFS Event Logging - 1

Configure ADFS Event Logging - 2

Configure ADFS Event Logging - 3Important

You must turn on audit object access at each of the federation servers, for ADFS-related audits to appear in the Security log. This will allow the Federation Service to log either success or failure errors. For more information about how to turn on audit object access, see Audit object access (https://go.microsoft.com/fwlink/?LinkId=62686).

Default Events for Claims-aware Applications on a Web Server

You will notice the following event if the ADFS Web server is able to retrieve ADFS trust information successfully from the Federation Service.

Event Type

Event Source

Event Category

Event ID:621

Date:11/10/2005

Time:4:09:26 PM

User

/A

Computer

Description:

The ADFS Web Agent for claims-aware applications successfully retrieved trust information from the Federation Service.

GUID: d977fee6-175b-4532-bc24-5ac54d137d57

Version: 17

Federation Service Uniform Resource Locator (URL): https://adfsresource.treyresearch.net/adfs/fs/federationserverservice.asmx

Federation Service Uniform Resource Identifier (URI): urn:federation

Federation Service Endpoint URL: https://adfsresource.treyresearch.net/adfs/ls/

Federation Service Domain Account: TREYRESEARCH0ADFSRESOURCE$

You will also see the following event below in the Security log.

Event Type

Audit

Event Source

ASP.NET Module Auditor

Event Category

Access

Event ID:560

Date:11/10/2005

Time:4:10:11 PM

User

AUTHORITYNETWORK SERVICE

Computer

Description:

The client presented a valid inbound token as evidence.

Token ID: _ad5a3694-860d-4063-95a3-3b0163fad3ca

Identity: [email protected]

Read more https://technet.microsoft.com/en-us/library/cc738766(v=WS.10).aspx Please check us out for your Managed Service or Cloud Consulting needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

AvePoint Backup for Microsoft 365 & Azure | Data Protection Guide

Integrating AvePoint Backup for Microsoft 365 and Azure for Comprehensive Data Protection

Learn how to integrate AvePoint Backup for Microsoft 365 and Azure to strengthen data protection, streamline recovery, and meet compliance requirements.

Oct 10, 2025
5 min read
Best Third-Party Backup Solutions for Microsoft 365

Top Third-Party Backup Solutions for Microsoft 365

Explore the top third-party backup solutions for Microsoft 365. Compare tools that enhance data protection, restore capabilities, and compliance readiness.

Oct 10, 2025
5 min read
Key Features and Benefits of Azure Backup

Overview of Azure Backup: Features and Benefits

Explore the core features and advantages of Azure Backup, including built-in security, scalability, and compliance for cloud-based data protection.

Oct 6, 2025
6 min read
NIST 800-53 vs. NIST 800-171: Key Differences and Why They Matter

NIST 800-53 vs. NIST 800-171: What’s the Difference?

Understand the key differences and importance of NIST 800-53 and NIST 800-171, how they apply to agencies and contractors, and which framework your organization needs for compliance.

Oct 6, 2025
5 min read
Tenant-to-Tenant Migration for CMMC Compliance

How to Perform a Tenant-to-Tenant Migration for CMMC Compliance

Planning a tenant-to-tenant migration for CMMC compliance? Learn best practices, tool options, and common pitfalls when moving data between tenants under CMMC.

Oct 6, 2025
7 min read
Critical Data Backup in Azure | Identify & Protect What Matters

Identifying Critical Data and Applications for Backup in Azure

Learn how to identify and prioritize your critical data and applications for backup in Azure to reduce risk, ensure business continuity, and meet compliance requirements.

Oct 3, 2025
5 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don’t want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122