Hybrid Reporting in MIM 2016 gives us a way to store Identity Events long term without using the System Center Data Warehouse model we’ve had since FIM 2010 R2 days.
But I have several customers that are not interested in the Azure AD Reporting integration. They rather push all Identity related events into some SIEM solution like Splunk.
For these customers it’s enough to just enable the Hybrid Reporting functionality on the MIM 2016 side to get MIM to send all request history to the Event Log. How to do this is not very well documented by Microsoft so here is a script for you to do it.
If you have questions or comments on the script please do so directly on the Gist.