If AD FS Audits are not enabled follow these instructions: Grant the ADFS service account the "Generate security audits" ...

If AD FS Audits are not enabled follow these instructions:
Grant the ADFS service account the "Generate security audits" right on the ADFS server.
Open the local security policy on the server gpedit.msc.
Navigate to "Computer Configuration\Windows Settings\Local Policies\User Rights Assignment" 
Add the ADFS Service Account to have the "Generate security audits" right.
Run the following command from the command prompt:
auditpol.exe /set /subcategory:"Application Generated" /failure:enable /success:enable 
Update Federation Service Properties to include Success and Failure Audits.
In the ADFS console, choose "Edit Federation Service Properties".
From "Federation Service Properties" dialogue box choose the Events tab and select "Success Audits" and "Failure Audits".
After following these steps, AD FS Audit Events should be visible from the Event Viewer. To verify:
Go to Event Viewer/ Windows Logs /Security.
Select Filter Current Logs and select AD FS Auditing from the Event sources drop down. For an active AD FS server with AD FS auditing enabled, events should be visible for the above filtering.
If you have followed these instructions before, but still seeing this alert, it is possible that a Group Policy Object is disabling AD FS auditing. The root cause can be one of the following:
AD FS service account is being removed from having the right to Generate Security Audits.
A custom script in Group Policy Object is disabling success and failure audits based on "Application Generated".
AD FS configuration is not enabled to generate Success/Failure audits.