The Security [1] Foundation Dashboard

Article ID: 514
Category: Dashboard
Applies to: and higher
Updated: 2024-05-20

The Security Foundation dashboard identifies audit insufficiently configured Windows audit settings from all monitored hosts. Properly configured audit settings are the prerequisites of more advanced security initiatives and it is recommended that all tiles in the dashboard show "OK".

Numbers shown in the tiles reflect the number of audit policies that do not match minimum requirements, clicking the tile will run the respective reports and show all insufficiently configured audit settings. Clicking on the blue "info" icon in the header of each tile will explain the required audit settings.

Monitoring audit policies on endpoints is enabled by default through the Policy Changes object in the Complete Compliance package (Security & Compliance). If audit data is not available, make sure that a Security & Compliance package that contains a Policy Changes object with at least Domain, Audit & Kerberos Policy Changes checked.

All tiles utilize reports from the Security [1] Foundation category, which can be found under Reports ->My Reports. These reports can be adjusted if there are valid reasons that the recommended settings would not work. The reports can also be scheduled with jobs, for example to get an email on the condition that a report contains data (implying that there is an audit configuration mismatch).

Security Foundation Dashboard

It is recommended to configure audit settings using Group Policy, screenshots of the individual audit categories are shown below.

Account Logon

Account Logon Auditing

Account Management

Account Management Auditing

Detailed Tracking

Detailed Tracking Auditing

DS Service

Directory Service Auditing


Logon/Logoff Auditing

Object Access

Object Access Auditing

Policy Change

Policy Change Auditing

Privilege Use

Privilege Use Auditing


System Auditing