In order to configure notification you will need to add an event log filter to your Group Policies.
Go to the VSAX WebApp > Server Admin > Endpoint Policies > Endpoint Policy Details > Insert your Policy’s name > System > EventLog.
By default the option to Add Filter is disabled, to activate click on the ‘Send a notification’ box. The Add Filter button will turn from grey to blue.
In the newly opened window provide a title for your new alert and select Security for Event Logs and Audit Successful for Level fields from drop down menu.
Two last remaining steps are to set 4740 in the Event ID files and select the notification priority of your choice.
Enable Logon Auditing
If you don’t see these events in your Event Viewer, you might have to enable Logon Auditing.
Note: Group Policy Editor is not available in Home versions on Windows 7 or the standard version of Windows 8.
Go go to Group Policy Editor go to Start Menu and type: gpedit.msc
In the Group Policy Editor select Windows followed by Security Settings and Local Policies. Then double click on Audit Account Management events.
From there make sure that both boxes are ticked and click ok to save.
Once your account becomes locked out an new entry will be added to the Event Viewer under Security Section