ManageEngine ADAudit Plus is real-time change auditing and reporting software that can Monitor your Active Directory (AD), Azure AD, Windows file servers, member servers, and workstations, and help you adhere to regulations such as HIPAA, GDPR, SOX, CCPA, GLBA, and more Transform raw and noisy event log data into actionable reports that show you who did what, when, and from where in your Windows ecosystem in just a few clicks Identify anomalous activity and detect potential threats to your enterprise using its user behavior analytics (UBA) capabilitie

Features

Windows Logon Auditing

Continuously audit logon activity. Track everything from logon failures to logon history.

Account Lockout Analysis

Receive alerts about lockouts, and find the root cause of lockouts from an extensive list of Windows components.

Employee Work hours Monitoring

Continuously monitor active and idle time spent by employees at their workstations.

Windows Server Change Notifier

Get information on who did what change, when, and from where in your Windows Server environment.

Privileged User Monitoring

Audit use of privileges to hold admins and other privileged users accountable for their actions.

File Change Monitoring

Track file accesses and permission changes in Windows, NetApp, EMC, and Synology file systems.

Insider Threat Detection

Leverage user behavior analytics to establish activity patterns and spot subtle anomalies that might be an indicator of compromise.

Ransomware Detection

Get instantly notified via email or SMS when there is a sudden spike in file accesses, and automatically shut down infected devices.

Compliance Reporting

Automate the generation and email delivery of over 250 prepackaged reports. Customize reports to suit your specific needs.

Remote Desktop Monitoring

Track remote desktop connections as well as remote logons occurring via RDG servers and RADIUS Network Policy Servers.

Object Change Auditing

Audit changes to users, computers, groups, OUs, GPOs, and other AD objects.

Permission Change Auditing

Track changes to objects' permissions across your Windows Server environment.

GPO Change Auditing

Monitor changes to Group Policy Objects (GPOs) and their settings, such as password policies, audit policies, etc.

Azure AD Auditing

Audit sign-ins and changes in Azure AD, and gain a correlated view of activity across hybrid environments.

File Integrity Monitoring

Track access to the operating system (OS), software program, and other critical local files residing on Windows servers and workstations.

Removable Storage Auditing

Monitor file activity in removable storage devices such as USBs across your Windows Server environment.

Printer Auditing

Keep tabs on the use of printers across your Windows Server environment.

AD FS Auditing

Track all authentication attempts recorded by federation servers.

LAPS Auditing

Monitor who is viewing or modifying local admin credentials in Microsoft's Local Administrator Password Solution.

Scheduled Tasks and Process Auditing

Audit scheduled tasks that have been created, deleted, or modified, and processes that have been started or stopped.

User-based Consolidated Audit trail

Get a consolidated audit trail of activities carried out by any user in your Windows Server environment.

Long-term archive of Log Data

Archive audit log data for as long as you want, and restore it as needed.

SIEM Integration

Maximize the potential of your SIEM tool by forwarding logs to Splunk, ArcSight, and Syslog servers.

Active Directory (AD)

Get full visibility into logon activity, AD and GPO changes, privileged user actions, and more.

Azure AD

Audit sign-ins and changes in Azure AD, and gain a correlated view of activity across hybrid environments.

Windows File Server

Track successful and failed file accesses, ownership changes, permission changes, and more in Windows file servers and failover clusters.

NetApp Filer

Track successful and failed NetApp file accesses, ownership changes, permission changes, and more.

EMC File Server

Track successful and failed file accesses, ownership changes, permission changes, and more in EMC VNX, VNXe, Isilon, Celerra, and Unity.

Synology File Server

Track file accesses and failed attempts to access a file in Synology file systems.

Windows Server

Audit logons and changes to local accounts, security settings, and files in Windows Server. Audit federation servers (AD FS), printers, and more.

Windows Workstation

Monitor logons and changes to local accounts, security settings, and files in Windows workstations.

SOX

Closely monitor logon activity, AD changes, administrative user actions, and file changes to meet SOX requirements.

HIPAA

Track access to files containing protected health information, logon activity, and AD changes to meet HIPAA requirements.

GDPR

Keep tabs on logon activity and file changes to meet GDPR requirements.

PCI DSS

Track access to files containing card holder data, logon activity, and AD changes to meet PCI DSS requirements.

GLBA

ADManager Plus follows a non-invasive help desk delegation model to securely delegate AD administrative rights to help desk and HR.

FISMA

Closely monitor logon activity, AD changes, administrative user actions, and file changes to meet FISMA requirements.

ISO 27001

Audit logon activity, AD changes, and administrative user actions to meet ISO 27001 requirements.