The Security Foundation dashboard identifies audit insufficiently configured Windows audit settings from all monitored hosts. Properly configured audit settings are the prerequisites of more advanced security initiatives and it is recommended that all tiles in the dashboard show "OK".
Numbers shown in the tiles reflect the number of audit policies that do not match minimum requirements, clicking the tile will run the respective reports and show all insufficiently configured audit settings. Clicking on the blue "info" icon in the header of each tile will explain the required audit settings.
Prerequisites
Monitoring audit policies on endpoints is enabled by default through the Policy Changes object in the Complete Compliance package (Security & Compliance). If audit data is not available, make sure that a Security & Compliance package that contains a Policy Changes object with at least Domain, Audit & Kerberos Policy Changes checked.
Reports
All tiles utilize reports from the Security [1] Foundation category, which can be found under Reports ->My Reports. These reports can be adjusted if there are valid reasons that the recommended settings would not work. The reports can also be scheduled with jobs, for example to get an email on the condition that a report contains data (implying that there is an audit configuration mismatch).
It is recommended to configure audit settings using Group Policy, screenshots of the individual audit categories are shown below.
Account Logon
Account Management
Detailed Tracking
DS Service
Logon/Logoff
Object Access
Policy Change
Privilege Use
System