AKD authentication fails

Privacy & Security General
Todd_at_Ennetix OP
Created Sep ’23
Replies 1
Boosts 0
Views 785
Participants 2

I have an app that uses Apple's Endpoint Security system extension to collect a number of events including authentication events.

I've noticed AKD (Apple Keychain Daemon?) generates fail authentication events when I unlock my Mac with either Touch ID or password. I don't think I've ever seen it succeed.

Does anyone know what AKD is trying to authenticate and why it is failing?

Should I mask these out from being shown, or are there cases where AKD authentication will matter?

  • Hardware: MacBook Pro with M1
  • OS: macOS 13.5.2
  • Device is configured stand-alone (not a managed device)

Replies  1
Boosts  0
Views  785
Participants  2
mucki OP
May ’24

Hi Todd,

did you solve your request? I have the same event here in our SIEM tool and i am new to Apple. I would guess that the event legitimate but i would like to know what authentication failed.

Specs of the endpoint:

MacBook Pro M2 macOs 14.4.1

Kind regards,

Maurice

0
AKD authentication fails
First post date Last post date
 
 
Q