Configure AD FS servers for auditing - Configure claims

For each relying party that needs to be audited, the following six claim rules need to be added:

1. Primary SID
2. UPN
3. Client IP
4. Inside Corporate Network
5. Proxy
6. Forwarded Client IP

To check which claim rules have already been added:

1. Log in to the AD FS server with Domain Admin credentials.
2. Open the AD FS management console > Trust Relationships > Relying Party Trusts.
3. Right-click on the relying party > Edit Claim Rules (or Edit Claim Issuance Policy in case of Windows 2016), and check if all six of the above claim rules have been added.

To add any missing claim rules:

1. Log in to the AD FS server with Domain Admin credentials. Open the AD FS management console > Trust Relationships > Relying Party Trusts.
2. Right-click on the relying party > Edit Claim Rules (or Edit Claim Issuance Policy in case of Windows 2016).
3. Click Add Rule. From the Claim rule template drop down, select Pass Through or Filter an Incoming Rule and click Next.
4. In the Claim rule name field, enter a suitable name.
5. Under Incoming claim type, select the claim rule type which you need to add, and select Pass through all claim values.
6. Click Finish.