Auditing in ADFS 2016

By default, AD FS in Windows Server 2016 has a basic level of auditing enabled. With basic auditing, administrators will only be able to see up to five events for a single request. But we canĀ  raise the auditing level using the PowerShell cmdlet Set-AdfsProperties -AuditLevel.

The following table identifies the available auditing levels.

Audit Level PowerShell syntax Description
None Set-AdfsProperties – AuditLevel None Auditing is disabled and no events will be logged.
Basic (Default) Set-AdfsProperties – AuditLevel Basic No more than 5 events will be logged for a single request
Verbose Set-AdfsProperties – AuditLevel Verbose All events will be logged. This will log a significant amount of information per request.

If you need to check the current auditing level, you can use the PowerShell cmdlet Get-dfsProperties.