You have seen in the previous recipes how to protect your physical and virtual servers with Windows Updates, an antivirus, access control, and so on. However, a key factor needs to be considered to address security concerns when they happen, to track unsolicited access or unauthorized actions on your system, or to simply monitor when and how the Hyper-V administrators are managing it.
The best way to get these results is by setting an audit. By default, all Hyper-V events are logged in Event Viewer and can be used to diagnose a problem or track what has been done by the other Hyper-V admins.
You can also see all Hyper-V roles and authorization rights changes with Audit File System, which is not enabled by default.