Permissions needed for Exchange Mailbox Contents, Exchange Mailbox Content Summary, or Exchange Calendar data sources
Credentials that are used to collect Exchange mailbox contents, Exchange mailbox content summary, or Exchange calendar data using Exchange Web Services (EWS) must have “Exchange Impersonation” permissions to all the target mailboxes:
The credential used to connect to a domain controller through LDAP must have access to user and group configuration information.
Permissions needed for the Exchange IIS Logs (ActiveSync and OWA) data source
When you configure an Exchange IIS logs data source, you specify two sets of credentials:
The credentials that are used to collect device and user information through LDAP from Active Directory must have the following Active Directory permissions:
Usually, these read permissions are available to members of the Authenticated Users group. Consequently, you only need to be an authenticated user of the domain or of another domain that is trusted by the domain.
The credentials that are used to collect information from the IIS log files on the Exchange Client Access Server (CAS) must have the following permissions:
The Local Administrators rights are required to access to the IIS logs through an administrative volume share, such as C$.
As an alternative to providing Local Administrators rights, you could create a non-administrative share for the IIS log folder. You could then grant read access to the credentials to the IIS log files through the share.
Also, IIS logging must be configured on the Exchange CAS servers. For more information, see Appendix C: Configuring IIS Log Files to capture ActiveSync or OWA events .
Permissions needed for the Exchange Public Folders data source
When you configure an Exchange public folders data source, you can select whether you want to collect on-premises data from legacy public folders (Exchange 2010) or new (Exchange 2013, Exchange 2016, Exchange 2019) public folders.
For all the Exchange versions, the credentials that you specify to collect public folder data using remote PowerShell must:
Permissions needed for the Exchange Online Hybrid User Configuration data source
You would create an Exchange Online hybrid user configuration data source only if you have an Exchange/Office 365 hybrid environment. The credentials that you specify to collect Active Directory user data using LDAP must have the following permissions:
The credentials that you specify for Exchange Online PowerShell to collect user data using remote PowerShell and must have the following permissions: