NOTE: When you delete a template (see Remove-CAAgentTemplate), the web application created in Azure Active Directory remains. You can delete the web application using the Azure management portal. If you do not have the portal, see https://technet.microsoft.com/en-us/library/dn832618.aspx for instructions. |
The following permissions must be assigned to the Azure web application:
An agent object obtained by using the Get-CAAgents command.
| |||
A connection obtained by using the Connect-CAClient command. | |||
Specifies whether the auditing template is enabled or disabled. | |||
Specifies whether OneDrive for Business auditing is enabled or disabled. | |||
Specifies whether SharePoint Online auditing is enabled or disabled. | |||
New-CAO365Template -Connection $connection -AgentInfo $agent -O365ExchangeAdminCredential $o365Creds -WebAppKey $webAppKey -WebAppId $webAppId - Tenant $tenant -AuditAdministration $true –AuditOrganization $true
–HistoricalEventCollectionDays 7
A connection obtained by using the Connect-CAClient command. | |||
A template object obtained by using the Get-CAO365Templates command. | |||
An agent object obtained by using the Get-CAAgents command.
| |||
Specifies whether to audit all Exchange Online mailboxes accessed by non-owners. | |||
Specifies whether Exchange Online auditing is enabled or disabled. | |||
Specifies whether OneDrive for Business auditing is enabled or disabled. | |||
Specifies whether SharePoint Online auditing is enabled or disabled. | |||
Set-CAO365Template -Connection $connection -Template $template
-AuditOrganization $true
Use this command to see all the Office 365 templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
Get-CAO365Templates -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
The Office 365 tenant that is used for auditing. For example, yourTenantName.onmicrosoft.com. |
Remove-CAO365Template -Connection $connection -Tenant $tenant
A connection obtained by using the Connect-CAClient command. | |
The Office 365 tenant that is used for auditing. For example, yourTenantName.onmicrosoft.com. | |
The number of objects to exclude from the list of returned objects, starting from the top. | |
Get-CAO365ExchangeMailboxes -Connection $connection -Tenant $tenant -SearchText "a"
A connection obtained by using the Connect-CAClient command. | |
A template object obtained by using the Get-CAO365Templates command. | |
Mailbox objects obtained by using the Get-CAO365ExchangeMailboxes command. | |
Use this command to remove mailboxes from an existing Office 365 Exchange Online template.
A connection obtained by using the Connect-CAClient command. | |
A template object obtained by using the Get-CAO365Templates command. | |
Mailbox objects obtained by using the Get-CAO365ExchangeMailboxes command. | |
A switch that indicates that all mailboxes will be removed from the template. |
Remove-CAO365ExchangeTemplateMailboxes -Connection $connection -Template $template –All
A connection obtained by using the Connect-CAClient command. | |
A template object obtained by using the Get-CAO365Templates command. | |
The number of objects to exclude from the list of returned objects, starting from the top. | |
Get-CAO365ExchangeTemplateMailboxes -Connection $connection -Template $template
The following commands are available to manage Skype for Business auditing:
Use this command to see the list of event classes available for the Skype for Business subsystem.
A connection obtained by using the Connect-CAClient command. |
Get-CASkypeEventClassInfo –Connection $connection
Use this command to add a Skype for Business template to Change Auditor.
A connection obtained by using the Connect-CAClient command. | |
Skype for Business Central Management Store database credentials. | |
New-CASkypeTemplate -AgentInfo $agentInfo -AuditItems $auditItems -Connection
$connection -DatabaseCMSCredential $dbCredential -TemplateName 'Skype for Business
Template' -UseWindowsAuthentication $True -Disabled $False
Use this command to see all the Skype for Business templates that have been created.
A connection obtained by using the Connect-CAClient command. |
Get-CASkypeTemplates -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
Skype for Business Central Management Store database credentials. | |
Set-CASkypeTemplate -Connection $connection -Template $templateToUpdate ‘Updated Skype for Business Template’ -AgentInfo &agentInfo -AuditItems &$auditItems -DatabaseCMSCredential $dbCredential -UseWindowsAuthentication $True -Disabled $False
A connection obtained by using the Connect-CAClient command. | |
Remove-CASkypeTemplate -Connection $connection -TemplateName 'Skype For Business
Quest On Demand Audit is a Software as a Service (SaaS) application, available through quest-on-demand.com that provides extensive, customizable auditing of critical activities and detailed alerts about vital changes taking place in Microsoft Office 365 and Azure Active Directory.
A connection obtained by using the Connect-CAClient command. |
Example: Create a subscription to send Active Directory event data to On Demand Audit
New-CAODAConfiguration -Connection $connection
Use this command to see the details of the current On Demand Audit configuration.
A connection obtained by using the Connect-CAClient command. | |
Get-CAODAConfiguration -Connection $connection
The command returns the following information.
Batch size. (The maximum number of events that the active batch size can increase to.) | |
The last event response. Provides the response in JSON format from the event receiver. | |
How often how often (in milliseconds) notifications are sent. | |
Use this command to modify an On Demand Audit configuration.
Set-CAODAConfiguration -Connection $connection -AllowedCoordinators @("coordinator1", "coordinator2")
The following commands are available to manage Active Directory protection:
Use this command to create an Active Directory protection template.
A connection obtained by using the Connect-CAClient command. | |
List of ProtectedObjects. See New-CAProtectedObject for details. | |
Accounts allowed or not allowed to change the protected objects. | |
Default is false which means that the user accounts are not denied access. | |
Accounts that can manage the protection template. Default is none. | |
See New-CAScheduledTimeRange for details. |
$forestCredential = New-CAForestCredential -ForestName $forestName -Credential $liveCred
Use this command to create a protected object to include in a protection template.
Scope of coverage for the protected object. Specify the scope using one of the following values: | |||||||||||
Operations to be denied for the selected object:
|
$forestCredential = New-CAForestCredential -ForestName $forestName -Credential $liveCred
Use this command to schedule when to enforce the protection.
Spelled out day of the week to begin the protection. For example, Monday. | |
New-CAScheduledTimeRange -Day Monday -StartTime 7 -EndTime 18
A connection obtained by using the Connect-CAClient command. | |
Get-CAADProtectionTemplates -Connection $connection
$forestCredential = New-CAForestCredential -ForestName $forestName -Credential $liveCred
Get-CAADProtectionTemplates -Connection $connection -Credential $forestCredential
Use this command to remove an Active Directory protection template.
A connection obtained by using the Connect-CAClient command. | |
The PSCAProtectionTemplate object to remove. Obtain the template objects using the Get-CAADProtectionTemplates command and filter to select the object to remove. | |
Remove-CAADProtectionTemplate -Connection $connection -Template $template
Example: Remove an Active Directory Protection template in a foreign forest
$forestCredential = New-CAForestCredential -ForestName $forestName -Credential $liveCred
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center