J
Jeffrey Hyson (Thycotic)
The documentation page for Event Id 4724 explicitly statesA Failure event does NOT generate if user gets “Access Denied” while doing the password reset procedure.https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4724Where is the "Access Denied" audit record stored? If there is a bad actor attempting to reset a password where is the auditing for this password reset attempt?
Continue reading...
Continue reading...