We have an audit requirement from a client to be able to monitor for "User obtained SYSTEM privileges".
We are running a Windows Server 2012/2016 environment in Azure and using Azure Log Analytics and Microsoft ATA for security monitoring/reporting.
I've looked all over the place, and I'm starting to think that it's not possible to track this. Can someone confirm if it is possible, and how it could be done??
