+1, should be A, E. See: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#enable-auditing-for-ad-fs "Register-AzureADConnectHealthSyncAgent" is only necessary if agent registration fails after installing Azure AD Connect.

Answer: D E Explanation To audit AD FS user authentication, you need to install Azure AD Connect Health for AD FS. The agent should be installed on an AD FS server. After the installation, you need to register the agent by running theRegister-AzureADConnectHealthSyncAgentcmdlet. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-instal l https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs

Well explained here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#enable-auditing-for-ad-fs

It is not A, because the key word that makes it wrong is ALL A. From all the AD FS servers, run auditpol.exe

As player1 has said Health agent for ADFS and enable auditing logs with auditpol.exe The Usage Analytics feature needs to gather and analyze data, so the Azure AD Connect Health agent needs the information in the AD FS audit logs. These logs aren't enabled by default https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#enable-auditing-for-ad-fs

AE it is then

Explained in this Microsoft Doc https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#enable-auditing-for-ad-fs

You need to install the audit agent on the ADFS box and enable auditing for it to work.

AE https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging

Register-AzureADConnectHealthADFSAgent will be executed automatically on the AD FS after installing the agent. Afterwards, audipol is needed to activate the logging. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#to-enable-auditing-for-ad-fs-on-windows-server-2012-r2 To enable auditing for AD FS on Windows Server 2012 R2: auditpol.exe /set /subcategory:{0CCE9222-69AE-11D9-BED3-505054503030} /failure:enable /success:enable So Yes, its A and E

i'd say the answers are A and E A. From all the AD FS servers, run auditpol.exe https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#to-enable-auditing-for-ad-fs-on-windows-server-2012-r2 E. On an AD FS server, install Azure AD Connect Health for AD FS.

A & E. You only need to register if the service failed to do so after installing AAD Connect, as this is part of the process

Correct Answers: A,E Set-AdfsProperties -AuditLevel None Auditing is disabled and no events will be logged. Basic (Default) Set-AdfsProperties -AuditLevel Basic No more than 5 events will be logged for a single request Verbose Set-AdfsProperties -AuditLevel Verbose All events will be logged. This will log a significant amount of information per request. auditpol.exe. Open a command prompt with elevated privileges and run the following command to enable auditing auditpol.exe /set /subcategory:"Application Generated" /failure:enable /success:enable Reference https://dirteam.com/sander/2019/08/15/howto-enable-auditing-and-logging-for-ad-fs-servers-and-the-ad-fs-farm/ https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#enable-auditing-for-ad-fs

+1 for A,E as the valid answer

Correct answer is D,E.

Agreed - A and E https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#enable-auditing-for-ad-fs