I have enabled the right policies in AD now, and I'm starting to see these events hit the LEM:
Event Name: UserModifyAttribute
EventInfo: Password Change "domain\username" Success
Event Name: UserModifyAttribute
EventInfo: Password Change "domain\username" Failed
What I would like to do is alert on these. Is there a rule already set up that would fire an email? If so, I have been unable to locate it.
Under Rule Categories & Tags > Change Management > User Changes
I do not see anything that falls into the "User changed password" category
Is this where I would need to first build an email template, then build a rule?
My endgame here is similar to where web sites will fire an email alert to a user when a password is changed.
You know, like "A password change has been detected. If this was you please ignore this email. If you did not make this change please contact us."
I would like to verify with my users that they are indeed the ones initiating the change