Active Directory

KQL query: Get Active Directory failed logons

April 14, 2024 by Applied KQL

Active Directory failed logons – Copilot Designer

List failed logons logged in Active Directory with additional attributes for investigation and troubleshooting. Comparable to Windows security log event ID 4625.

[Read more…]

KQL query: Get Active Directory sensitive group membership changes

April 13, 2024 by Applied KQL

An artistic interpretation of the query results that would be returned from a KQL query that lists sensitive group membership changes, including who was added or removed to what group, and who made the change. Digital art. Created by Copilot Designer. — Artistic interpretation of a KQL query returning sensitive group membership changes – Copilot Designer.

List sensitive group membership changes, including who was added or removed to what group, and who made the change.

[Read more…]

KQL query: Get Active Directory group membership changes

April 13, 2024 by Applied KQL

A digital art image of an artistic interpretation of a KQL query result which listed Active Directory group membership changes. Generated by Copilot Designer. — Active Directory group membership changes. Generated by Copilot Designer.

Get users and the groups they were added or removed from, including who made the change.

[Read more…]