立即与支持人员聊天
与支持团队交流

Change Auditor 7.2 - Office 365 and Azure Active Directory Event Reference Guide

Introduction

Change Auditor provides in-depth forensics and comprehensive auditing on all key configuration, user and administrator changes in your environments. Information for on-premises and cloud directories can be correlated to provide single pane-of-glass view of your synchronized Active Directory environment and Office 365 organization and making it easy to search events regardless of where they occurred.

To ensure compliance, you can automatically generate intelligent and in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications.

Change Auditor audits Exchange Online, SharePoint Online, and OneDrive for Business activities that correspond to the events in the Office 365 Security & Compliance Center audit log and Azure Active Directory activities that correspond to the events in the Azure Active Directory Audit logs, Sign-in activity report, and Risky sign-ins report.

This guide lists the Office 365 and Azure Active Directory events that can be captured when you have licensed Change Auditor for Exchange, Change Auditor for SharePoint, Change Auditor for Active Directory, and Change Auditor for Logon Activity User. Separate event reference guides are provided that list the core Change Auditor events (when any Change Auditor license is applied) and the events captured when the different auditing modules are licensed.

Events

This section lists the audited events specific to Office 365 Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory and each event’s corresponding severity setting.

Office 365 Exchange Online Administration

 

Office 365 Exchange Online administrative cmdlet executed

Created when an administrator runs a remote PowerShell command on an object in the Exchange Online mailbox. This can occur as a result of a remote PowerShell connection to the mailbox, or indirectly as a result of an action in the web administration portal for the Office 365 Exchange Online organization.

Medium

Office 365 Exchange Online administrative cmdlet executed by external user

Created when an external user (for example, a Microsoft datacenter personnel or a datacenter service account) runs a remote PowerShell command on an object in the Exchange Online mailbox.

Low

Office 365 Exchange Online Mailbox

 

Calendar delegation added to online mailbox by owner

Created when calendar delegation is added to an online mailbox by the owner. (Disabled by default.)

Low

Calendar delegation removed from online mailbox by owner

Created when calendar delegation is removed from an online mailbox by the owner. (Disabled by default.)

Low

Folder moved in online mailbox by non-owner

Created when a folder was moved in an online mailbox by a user other than the owner.

Medium

Folder moved in online mailbox by owner

Created when a folder was moved in an online mailbox by the owner. (Disabled by default.)

Low

Folder moved in online shared mailbox

Created when a folder was moved in an online shared mailbox.

Medium

Folder moved to Deleted Items in online mailbox by owner

Created when a folder was moved to the Deleted Items folder in an online mailbox by the owner. (Disabled by default.)

Low

Folder moved to Deleted Items in online shared mailbox

Created when a folder was moved to the Deleted Items folder in an online shared mailbox.

Medium

Folder moved to Deleted Items in online mailbox by non-owner

Created when a folder was moved to the Deleted Items folder in an online mailbox by a user other than the owner.

Medium

Folder opened in online mailbox by non-owner

Created when a folder is opened in a user’s mailbox by a user other than the owner.

Medium

Folder opened in online mailbox by owner

Created when a folder is opened in a user’s mailbox by its owner.

Low

Folder opened in online shared mailbox

Created when a folder is opened in an online shared mailbox.

Medium

Folder opened in online mailbox by owner

Created when a folder is opened in an online mailbox by owner. (Disabled by default.)

Low

Folder permissions added in online mailbox by owner

Created when folder permissions are added to an online mailbox by owner. (Disabled by default.)

Low

Folder permissions added in online mailbox by non-owner

Created when folder permissions are added to an online mailbox by a user other than the owner.

Medium

Folder permissions added in online shared mailbox

Created when folder permissions are added to an online shared mailbox by a user other than the owner.

Medium

Folder permissions modified in online mailbox by owner

Created when folder permissions are modified in an online mailbox by owner. (Disabled by default.)

Low

Folder permissions modified in online mailbox by non-owner

Created when folder permissions are modified in an online mailbox by a user other than the owner.

Medium

Folder permissions modified in online shared mailbox

Created when folder permissions are modified in an online shared mailbox by a user other than the owner.

Medium

Folder permissions removed in online mailbox by owner

Created when folder permissions are removed from an online mailbox by owner. (Disabled by default.)

Low

Folder permissions removed in online mailbox by non-owner

Created when folder permissions are removed from an online mailbox by a user other than the owner.

Medium

Folder permissions removed in online shared mailbox

Created when folder permissions are removed in an online shared mailbox by a user other than the owner.

Medium

Folder synchronized from online mailbox by owner.

Created when emails are synchronized in an online mailbox by the owner. (Disabled by default.)

Low

Folder synchronized from online mailbox by non-owner.

Created when emails are synchronized in an online mailbox by a user other than the owner.

Medium

Folder synchronized from online shared mailbox

Created when a emails are synchronized from a shared mailbox. (Disabled by default.)

Medium

Inbox rule added to online mailbox by owner

Created when inbox rules are added in an online mailbox by owner. (Disabled by default.)

Low

Inbox rule added to online mailbox by non-owner

Created when inbox rules are added in an online mailbox by a user other than the owner.

Medium

Inbox rule added in online shared mailbox

Created when inbox rules are added in an online shared mailbox.

Medium

Inbox rule modified in online mailbox by owner

Created when inbox rules are updated in an online mailbox by owner. (Disabled by default.)

Low

Inbox rule modified in online mailbox by non-owner

Created when inbox rules are updated in an online mailbox by a user other than the owner.

Medium

Inbox rule modified in online shared mailbox

Created when inbox rules are updated in an online shared mailbox.

Medium

Inbox rule removed from online mailbox by owner

Created when inbox rules are removed from an online mailbox by owner. (Disabled by default.)

Low

Inbox rule removed from online mailbox by non owner

Created when inbox rules are removed from an online mailbox by a user other than the owner.

Medium

Inbox rule removed from online shared mailbox

Created when inbox rules are removed from an online shared mailbox.

Medium

Online mailbox auditing has been throttled

Created when Microsoft throttles the mailbox after 1000 mail items have been accessed. Message opened events will not be recorded for 24 hours.

Medium

Message copied in online mailbox by non-owner

Created when a message is copied from one folder to another in a user’s online mailbox by a user other than the owner.

Medium

Message copied in online shared mailbox

Created when a message is copied from one folder to another in an online shared mailbox.

Medium

Message created in online mailbox folder by non-owner

Created when a new message is created in a user’s mailbox by a user other than the owner.

Medium

Message created in online shared mailbox

Created when a new message is created in an online shared mailbox by a user other than the owner.

Medium

Message created in online mailbox by owner

Created when a message was created in a folder in an online mailbox by the mailbox owner. (Disabled by default.)

Low

Message hard-deleted in an online mailbox by non-owner

Created when a message is purged from a user’s Deleted Items list by a user other than the owner.

Medium

Message hard-deleted in online mailbox by owner

Created when a message was hard-deleted from an online mailbox by the mailbox owner. (Disabled by default.)

Low

Message hard-deleted in online shared mailbox

Created when a message is purged from an online shared mailbox.

Medium

Message moved in online mailbox by non-owner

Created when a message is moved from one folder to another in a user’s mailbox by a user other than the owner.

Medium

Message moved in online mailbox by owner

Created when a message was moved in an online mailbox by the mailbox owner. (Disabled by default.)

Low

Message moved in online shared mailbox

Created when a message is moved from one folder to another in an online shared mailbox.

Medium

Message moved to Deleted Items in online mailbox by non-owner

Created when a message is moved to the Deleted Items folder in a user’s online mailbox by a user other than the owner.

Medium

Message moved to Deleted Items in online shared mailbox

Created when a message is moved to the Deleted Items folder in an online shared mailbox.

Medium

Message moved to Deleted Items in online mailbox by owner

Created when a message was moved to the Deleted Items folder in an online mailbox by the mailbox owner. (Disabled by default.)

Low

Message opened in online mailbox by non-owner

Created when a message was opened in a folder in an online mailbox by a user other than the owner.

Medium

Message opened in online mailbox by owner

Created when a message was opened in a folder in an online mailbox by its owner. (Disabled by default.)

Low

Message opened in online shared mailbox

Created when a message was opened in a folder in an online shared mailbox. (Disabled by default.)

Medium

Message sent as another user in online mailbox by owner

Created when a user sends a message as another user from their own online mailbox. (Disabled by default.)

Medium

Message sent as another user in online shared mailbox

Created when a user sends a message as another user from an online shared mailbox.

Medium

Message sent as another user in online mailbox by non-owner

Created when a user other than the owner sends a message as another user from an online mailbox.

Medium

Message sent on behalf of another user in online mailbox by owner

Created when a user sends a message on behalf of another user from their own online mailbox. (Disabled by default.)

Medium

Message sent on behalf of another user in online mailbox by non-owner

Created when a user other than the owner sends a message on behalf of another user from an online mailbox.

Medium

Message sent on behalf of another user in online shared mailbox

Created when a user sends a message as another user from an online shared mailbox.

Medium

Message soft-deleted in online mailbox by non-owner

Created when a message is deleted from an online mailbox using the Outlook shift-delete function by non-owner.

Medium

Message soft-deleted in online mailbox by owner

Created when a message is deleted from a user’s online mailbox using the Outlook shift-delete function. (Disabled by default.)

Low

Message soft-deleted in online shared mailbox

Created when a message is deleted from an online shared mailbox using the Outlook shift-delete function.

Medium

Message updated in online mailbox by non-owner

Created when certain message properties were changed in a user’s mailbox by a user other than the owner.

Medium

Message updated in online mailbox by owner

Created when message updated in online mailbox by owner. (Disabled by default.)

Low

Message updated in online shared mailbox

Created when certain message properties were changed in online shared mailbox.

Medium

Online Mailbox login by owner

Created when a mailbox owner logs in to an online mailbox.

Low

Office 365 Exchange Online Mailbox event

Generic Exchange Online Mailbox event with a dynamically constructed event description (What statement). The event is created when Exchange Online Mailbox activity is detected that does not have a corresponding event defined in Change Auditor.

Low

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级