Skip to content

AD Audit Pro Release Notes

  • Deduplicated attribute-change bursts. A single AD modification (e.g. “set password never expires”) fires several correlated 5136 events. The grid now shows one row per logical change; the View dialog still aggregates the full attribute-change table.
  • Correlation ID row added to event detail dialogs when the event carries one.
  • Consistent Message text. 5136 events now show the same General-tab wording Event Viewer shows, instead of a shortened one-liner.
  • Consolidated event detail dialogs. All AD reports, /ad-events, and /audit-logs now share a single AD dialog implementation; M365 reports and /audit-logs share a single M365 dialog. No more small rendering differences between pages.
  • Full detail everywhere. All Audit Logs now fetches the full record on View click, so the dialog shows the same fields as it does when opened from a report page.
  • Missing-record warning. If an event has been purged by retention, clicking View shows a small snackbar warning instead of doing nothing.
  • Renamed Users / Renamed Groups reports no longer show identical records for the same rename operation.
  • Restart & Shutdown / Errors & Warnings reports show correct page title in header (was showing “AD Audit Pro” placeholder).
  • Mailboxes Created
  • Mailboxes Deleted
  • Mailboxes Enabled
  • Mailboxes Disabled
  • Mailboxes Modified
  • Permission Changes
  • Send As / On Behalf
  • Inbox Rules
  • Forwarding & Auto-Reply
  • Mail Item Deletions
  • Mailbox Owner Access
  • Transport Rules
  • Inbound Connectors
  • Outbound Connectors
  • Journal Rules
  • Accepted Domains
  • Remote Domains
  • Transport Configuration

First general-availability release.

  • Real-time security log watching on configured domain controllers. New events appear in the UI as they occur.
  • Captured event categories:
    • Users: created, enabled, disabled, deleted, changed, locked, unlocked, renamed
    • Computers: created, modified, deleted
    • Groups: created, deleted, member added, member removed
    • Passwords: user change, admin reset
    • Logons: success, failure, logoff, user-initiated logoff
    • Directory / GPO: object created, modified, deleted, restored, moved
    • OUs: Track changes to organizatinal units, created, deleted, moves.
  • Multi-tenant. Add and manage multiple Azure AD tenants independently from one install.
  • 38+ tracked operations across 9 categories:
    • Users: created, deleted, modified, enabled, disabled, hard-deleted, restored, license changed, MFA enabled/disabled
    • Groups: created, deleted, modified, restored, members added/removed
    • Passwords: user change, admin reset, force-change requirement
    • Roles: member add/remove, role create/update/delete, PIM-eligible add/remove, PIM activation
    • Applications: app registration created/deleted/modified, service principals, role assignments, consent
    • Sign-ins: success and failure with error codes
    • SharePoint: file access, preview, download, upload, modify, delete, restore, rename, move, copy, folder ops, sharing settings, anonymous links, site permissions
    • Teams: team/channel create/delete/restore, settings, member add/remove/role change, tenant settings, policies
  • Exports: CSV, Excel, PDF.
  • Real-time rule-based alerts fire as AD or M365 events occur.
  • 11 pre-seeded default rules out of the box (user deleted, admin group changes, MFA disabled, account lockout, and more), plus full custom rule creation in the UI.
  • Rule conditions: event type, source (AD / M365 / Both), wildcard patterns on actor and target, severity (Critical / Warning / Info).
  • Trigger modes: Immediate (every match) or Threshold (fire when N occurrences happen within a time window up to 30 minutes) for built-in dedup and storm prevention.
  • Delivery: email to comma-separated recipients and/or in-app inbox.
  • In-app alert inbox with filtering by date range, acknowledged status, and free-text search; shows severity, source, rule, target, and actor.
  • Acknowledgement flow: ack individual alerts or all at once; tracks who acknowledged and when.
  • Frequency: Daily, Weekly (pick day of week), or Monthly (pick day of month), each with a specific hour/minute.
  • Date ranges: Last 24 hours, 7 days, 30 days, or 90 days.
  • Formats: PDF, Excel, or CSV.
  • Delivery: email attachment to per-schedule recipient list.
  • Run tracking: last-run timestamp and error message stored per schedule; schedules can be enabled or disabled individually.