Every action performed against the Microsoft SSO service is logged in the data store associated with the service. Each action is logged with a member of the ServiceAction enumeration. This enumeration identifies the operation that was attempted. The log also captures relevant information such as the identity of the user who performed the action and the application that was accessed. You can find the audit log defined under the SSO database in the SSO_Audit table. Figure 6-3 shows a sample log.