ADAudit Plus Release Notes

Build 8500 (Jan 31, 2025)

Features

• Attack Surface Analyzer for servers and endpoints: Identify and remediate security misconfigurations by analyzing GPOs configured on servers and workstations, reducing the attack surface and improving security posture.
• Azure Intune auditing: Track user activities, including new device enrollments, device and application changes, and policy creation across your Azure Intune environment.
• Nutanix Files auditing: Gain visibility into all file activities within Nutanix Files.
• CTERA Edge Filers auditing: Monitor file activities across your CTERA Edge Filers.
• Windows LAPS auditing: Enhance security with auditing support for new Windows LAPS in ADAudit Plus.
• Agent management: Use a single interface to get a centralized view of all installed agents across servers and endpoints with streamlined management options.
• SSL certificate management: Apply SSL certificates for ADAudit Plus easily through the user interface and enhance security.

Enhancements

• Agent self-upgrade: The ADAudit Plus agent can now upgrade automatically without a push request from the ADAudit Plus server, removing the need for admin access or RPC ports.
• Real-time USB monitoring: The USB listener now operates in real-time, strengthening agent-based auditing of USB-related activities.
• Microsoft Entra ID (formerly Azure AD) auditing: The User Logon Report now includes details that indicate whether a logon was interactive, non-interactive, service principal, or managed identity.
• Centralized auditing control: Enable or disable auditing across all workstations and member servers simultaneously.
• Force SAML SSO: Ensure technician users can only access ADAudit Plus via SAML SSO for enhanced security.
• Scheduled Reports customization: Improved customization options for report frequency.
• Alerts module optimization: Performance enhancements for better alert processing.
• File access auditing optimization: Performance enhancements for processing file access audit data on failover file clusters.
• Agent wrapper utility: Ensures continuous monitoring and automatic restarts if the agent gets stuck during event collection.
• GPO Settings Report configuration: Access all configuration settings related to the GPO settings changes reports directly from the ADAudit Plus user interface.

Fixes

• The license expiry email content has been updated for better clarity.
• An issue that caused delays when updating credentials in ADAudit Plus' Domain Settings page has been fixed.
• An issue with displaying AD CS sub-reports has been fixed.
• Users inheriting the Technician role via group or OU membership will now appear on the Technician Settings page.
• An issue causing sign-in errors in Microsoft Entra ID (formerly Azure AD) auditing that occurred during audit log collection in national cloud environments has been fixed.
• A GPO link duplication issue with ADAudit Plus audit policy has been fixed.
• An option to auto-add Member Servers and Workstations that have been manually disabled or deleted from ADAudit Plus has been provided.
• A username filter has been added for the easier configuration of AD CS alerts.
• File shares with successfully configured SACLs are no longer included in the Alert Me email notifications.
• An array bound invalid issue during NetApp event collection has been fixed.
• An issue with auditing Veritas file cluster has been fixed.
• A license validation issue that occurred during print server addition for print job auditing has been fixed.
• An issue preventing non-English file names from displaying correctly in Print job audit reports has been fixed.
• An issue with file cluster node detection in Windows file cluster auditing has been fixed.
• An issue with syncing audit settings from NetApp servers has been fixed.
• Scheduled Reports now include specific error messages for 'File directory does not exist' and 'File Directory is not writable' to simplify troubleshooting.
• In Custom Reports, new time-based filters (before 90 days and 12 months) have been introduced for the User Last Logon report.
• The domain's DNS name will now be displayed instead of the domain's flat name on the ADAudit Plus web console's login page.
• In Microsoft Entra ID (formerly Azure AD) auditing, the Recently Created Users report and its corresponding alert now contain details that indicate whether a user is externally invited.
• A fix has been issued to prevent duplicate report categories in Custom Reports.
• An issue with exporting reports in XLS format has been fixed.
• An issue where the Alert Me email notification was incorrectly triggered when using virtual IP addresses, even when the product was operational, has been fixed.
• An issue with Azure File shares addition that occurred when storage accounts and event hubs are in different resource groups has been fixed.
• The initial event fetch period for Azure Risk Detection reports has now been increased to 30 days.
• The 'Tenant already exists' error message encountered during Azure tenant configuration has been updated with a help document link for easier troubleshooting.
• A connection timeout issue that occurred during Microsoft Entra ID (formerly Azure AD) event collection has been fixed.
• In Custom Reports, an issue with filtering Group Management reports by Member Name has been fixed.
• An login issue that occurred when accessing published scheduled reports via the email link when two-factor authentication is enabled has been fixed.