NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, see the Change Auditor User Guide for more information about how to gain access. |
The following information is displayed for each template:
2 |
Click Auditing. |
3 |
Select Office 365 (under Applications). |
4 |
Click Add to open the auditing wizard. |
5 |
Under Authentication Configuration, select to Create a new web application or Use existing web application. |
a |
Enter the Azure Active Directory Name. |
b |
Select Generate self-signed certificate or Select certificate to choose a previously created certificate from your personal store. By default, invalid certificates are filtered out from the list of available certificates. |
a |
Enter the Azure directory, application ID, and application key, and select a previously created certificate. For required settings and permissions, see Using an existing web application and Microsoft documentation for details on integrating applications with Azure Active Directory, creating a web application, and adding a certificate to a web application. |
7 |
Click Select agent to view available agents and whether they are assigned to an Office 365 auditing template. The Office 365 cell contains ‘None’ if an agent is not assigned to a template, or ‘Auditing’ if it is assigned to a template. From this list, select the agent to capture the events and click OK. |
All changes made by administrators to the Office 365 Exchange Online organization. | |||||
Set tenant mailbox auditing settings
|
| ||||
To optionally add owner auditing on specific mailboxes, enable the Include Owner Activity option. The "Owner Activity" audited on a configured mailbox include folder, message, and login events.
| |||||
9 |
Click Next to optionally specify the generic events to exclude from auditing based on their operations. The operations are visible in the "Activity Name/Operation" column of the Office 365 built-in searches. Generic events are dynamically created when associated activity is detected that does not have a corresponding event defined in Change Auditor. See Working with generic Office 365 and Azure Active Directory events for more information. |
10 |
Click Finish. |
NOTE: The Azure Active Directory sign-in page opens automatically once you have selected all your template settings and clicked Finish.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
|
2 |
Click Auditing. |
3 |
Select Office 365 (under Applications). |
4 |
Select the template and click Edit to open the auditing wizard. |
5 |
Under Authentication Configuration, select to Create a new web application or Use existing web application. |
a |
Enter the Azure Active Directory Name. |
b |
Select Generate self-signed certificate or Select certificate to choose a previously created certificate from your personal store. By default, invalid certificates are filtered out from the list of available certificates. |
7 |
If you are auditing Exchange Online, click Next to update the events to audit. |
All changes made by administrators to the Exchange Online organization. | |||||
Set tenant mailbox auditing settings
|
| ||||
To optionally add owner auditing on specific mailboxes, enable the Include Owner Activity option. The "Owner Activity" audited on a configured mailbox include folder, message, and login events.
| |||||
8 |
Click Close. |
9 |
Click Next to optionally specify the generic events to exclude from auditing based on their operations. The operations are visible in the "Activity Name/Operation" column of the Office 365 built-in searches. Generic events are dynamically created when associated activity is detected that does not have a corresponding event defined in Change Auditor. |
10 |
Click Finish to apply the updates. When the agent’s configuration is updated, it may take some time (approximately 1 second per mailbox) for it to be applied and the auditing to start after a template is created or modified. |
NOTE: The Azure Active Directory sign-in page opens automatically once you have selected all your template settings and clicked Finish.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
|
To ensure that you will be able to audit mailbox activity:
• |
Upload the certificate for the web application through the Azure Admin Center web portal using App Registration | All Applications | (web application) | Certificates & secrets | Certificate | Upload certificate. The format for the certificate (public key) must be binary x.509 (.cer). |
1 |
In the Azure Admin Center web portal, select Roles and Administrators. |
2 |
Locate and open the Exchange administrator role. |
4 |
6 |
7 |
Change the Assignment Type to Active, ensure the Permanently assigned option is selected and enter a Justification (required). |
8 |
Click Assign to save the changes and verify that the web application name appears in the Members list for the Exchange Administrator role. |
Once the following permissions are assigned to the Azure web application, click Grant admin consent for and confirm with Yes.
See Microsoft documentation on assigning API permissions to applications for more details. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center