AKD authentication fails

I have an app that uses Apple's Endpoint Security system extension to collect a number of events including authentication events.

I've noticed AKD (Apple Keychain Daemon?) generates fail authentication events when I unlock my Mac with either Touch ID or password. I don't think I've ever seen it succeed.

Does anyone know what AKD is trying to authenticate and why it is failing?

Should I mask these out from being shown, or are there cases where AKD authentication will matter?

  • Hardware: MacBook Pro with M1
  • OS: macOS 13.5.2
  • Device is configured stand-alone (not a managed device)

Hi Todd,

did you solve your request? I have the same event here in our SIEM tool and i am new to Apple. I would guess that the event legitimate but i would like to know what authentication failed.

Specs of the endpoint:

MacBook Pro M2 macOs 14.4.1

Kind regards,

Maurice

AKD authentication fails
 
 
Q