AD Audit Pro Release Notes
v1.0.9 (7/1/2026)
Section titled “v1.0.9 (7/1/2026)”Improvements
Section titled “Improvements”- Deduplicated attribute-change bursts. A single AD modification (e.g. “set password never expires”) fires several correlated 5136 events. The grid now shows one row per logical change; the View dialog still aggregates the full attribute-change table.
- Correlation ID row added to event detail dialogs when the event carries one.
- Consistent Message text. 5136 events now show the same General-tab wording Event Viewer shows, instead of a shortened one-liner.
- Consolidated event detail dialogs. All AD reports,
/ad-events, and/audit-logsnow share a single AD dialog implementation; M365 reports and/audit-logsshare a single M365 dialog. No more small rendering differences between pages. - Full detail everywhere. All Audit Logs now fetches the full record on View click, so the dialog shows the same fields as it does when opened from a report page.
- Missing-record warning. If an event has been purged by retention, clicking View shows a small snackbar warning instead of doing nothing.
- Renamed Users / Renamed Groups reports no longer show identical records for the same rename operation.
- Restart & Shutdown / Errors & Warnings reports show correct page title in header (was showing “AD Audit Pro” placeholder).
v1.0.3
Section titled “v1.0.3”Mailbox reports
Section titled “Mailbox reports”- Mailboxes Created
- Mailboxes Deleted
- Mailboxes Enabled
- Mailboxes Disabled
- Mailboxes Modified
- Permission Changes
- Send As / On Behalf
- Inbox Rules
- Forwarding & Auto-Reply
- Mail Item Deletions
- Mailbox Owner Access
- Transport Rules
- Inbound Connectors
- Outbound Connectors
- Journal Rules
- Accepted Domains
- Remote Domains
- Transport Configuration
v1.0.0
Section titled “v1.0.0”First general-availability release.
Active Directory auditing
Section titled “Active Directory auditing”- Real-time security log watching on configured domain controllers. New events appear in the UI as they occur.
- Captured event categories:
- Users: created, enabled, disabled, deleted, changed, locked, unlocked, renamed
- Computers: created, modified, deleted
- Groups: created, deleted, member added, member removed
- Passwords: user change, admin reset
- Logons: success, failure, logoff, user-initiated logoff
- Directory / GPO: object created, modified, deleted, restored, moved
- OUs: Track changes to organizatinal units, created, deleted, moves.
Microsoft 365 auditing
Section titled “Microsoft 365 auditing”- Multi-tenant. Add and manage multiple Azure AD tenants independently from one install.
- 38+ tracked operations across 9 categories:
- Users: created, deleted, modified, enabled, disabled, hard-deleted, restored, license changed, MFA enabled/disabled
- Groups: created, deleted, modified, restored, members added/removed
- Passwords: user change, admin reset, force-change requirement
- Roles: member add/remove, role create/update/delete, PIM-eligible add/remove, PIM activation
- Applications: app registration created/deleted/modified, service principals, role assignments, consent
- Sign-ins: success and failure with error codes
- SharePoint: file access, preview, download, upload, modify, delete, restore, rename, move, copy, folder ops, sharing settings, anonymous links, site permissions
- Teams: team/channel create/delete/restore, settings, member add/remove/role change, tenant settings, policies
- Exports: CSV, Excel, PDF.
Alerting
Section titled “Alerting”- Real-time rule-based alerts fire as AD or M365 events occur.
- 11 pre-seeded default rules out of the box (user deleted, admin group changes, MFA disabled, account lockout, and more), plus full custom rule creation in the UI.
- Rule conditions: event type, source (AD / M365 / Both), wildcard patterns on actor and target, severity (Critical / Warning / Info).
- Trigger modes: Immediate (every match) or Threshold (fire when N occurrences happen within a time window up to 30 minutes) for built-in dedup and storm prevention.
- Delivery: email to comma-separated recipients and/or in-app inbox.
- In-app alert inbox with filtering by date range, acknowledged status, and free-text search; shows severity, source, rule, target, and actor.
- Acknowledgement flow: ack individual alerts or all at once; tracks who acknowledged and when.
Scheduled reports
Section titled “Scheduled reports”- Frequency: Daily, Weekly (pick day of week), or Monthly (pick day of month), each with a specific hour/minute.
- Date ranges: Last 24 hours, 7 days, 30 days, or 90 days.
- Formats: PDF, Excel, or CSV.
- Delivery: email attachment to per-schedule recipient list.
- Run tracking: last-run timestamp and error message stored per schedule; schedules can be enabled or disabled individually.