I dunno. It seems kinda bad that core auth log - which should be a primary source of truth during, say, a security audit - seems to work on a best-effort basis?
replyIt takes a village of exploits to raise a successful and undetected attack.
replyMicrosoft standpoint is probably: If it's undetected was there really an attack?
reply