SlideShare una empresa de Scribd logo

How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online

Quest
Quest

Focusing on auditing mailbox activity such as administration operations and non-owner mailbox access, Randy took customers through the native capabilities through PowerShell and the Office 365 portal. Bryan Patton then shows how Change Auditor for Exchange made it easy for customers to be able to audit mailbox activity whether on premise Exchange or Exchange Online, and how having a 3rd party solution fills the gaps of native capabilities. Watch the webcast here: http://bit.ly/2hkbKPb.

Software
1 de 19
Descargar para leer sin conexión
Sponsored by HowtoAuditPrivilegedOperations and MailboxAccessinOffice 365 ExchangeOnline © 2016 Monterey Technology Group Inc.
Thanks to  Made possible by
Preview of key points  Types of activity to audit in Exchange Online  Message tracking  Privileged access (admin)  Non-owner Mailbox access  Using PowerShell to manage auditing in ExchangeOnline
Exchange Online  Run PowerShell as Admin  Set-ExecutionPolicy RemoteSigned  $UserCredential = Get-Credential  $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection  Import-PSSession $Session
Message tracking  Message flow  Who is emailing who?  Get-MessageTrace  https://blogs.technet.microsoft.com/eopfieldnotes/2014/12/16/ message-trace-the-powershell-way/  http://o365info.com/performing-an-extended-message-trace-in- office-365/
Admin operations  Exporting mailboxes  Granting permissions  Setting up forwarding rules  Everything an admin does in Exchange is ultimately a PowerShell command  Exchange audit’s admin activity at the PowerShell level  Enable for entire organization with  Set-AdminAuditLogConfig -AdminAuditLogEnabled $true - AdminAuditLogCmdlets * -AdminAuditLogParameters * - AdminAuditLogExcludedCmdlets *Mailbox*, *TransportRule*
Admin operations  Log via PowerShell  Interactive: Search-AdminAuditLog  Not details  Wait for email: New-AdminAuditLogSearch  Limited in result size  Log via Portal  Limited to pre-conceived search scenarios  Limited in result size
Non-Owner Mailbox Auditing  When does Bob access Alice’s mailbox to  View her email  Send email as her  Delete email  Track that with mailbox auditing  Must enable via PowerShell for each mailbox  Set-Mailbox -Identity "John Smith" -AuditDelegate SendAs,SendOnBehalf,MessageBind,FolderBind -AuditEnabled $true
Non-Owner Mailbox Auditing Action Administrator Delegate Owner Copy • n/a n/a Create • • • FolderBind • • • HardDelete • • • MessageBind • n/a n/a Move • • • MoveToDeletedIt ems • • • SendAs • • n/a SendOnBehalf • • n/a SoftDelete • • • Update • • •
Non-Owner Mailbox Auditing  Don’t enable –AuditOwner  Don’t distinguish between –AuditDelegate and –AuditAdmin  Always enable both  Most things an admin does are logged as delegate  Bogus events being triggered by some automated process?  Set-MailboxAuditBypassAssociation
Non-Owner Mailbox Auditing  How to get mailbox audit logs out?  This is complicated
Non-Owner Mailbox Auditing  How to get mailbox audit logs out?  Does not meet requirements  Search-MailboxAuditLog  The old way  New-SearchMailboxAuditLog  No longer works on Exchange 2016 or Exchange Online because of severe limitations  Examples
Non-Owner Mailbox Auditing  Portal  Only useful for casual, targeted querying of recent activity  Can’t search users  What does work?  O365 Management Activity API  Requires significant application programming  Check out Quest Change Auditor coming up
Bottom line  Office 365 captures the audit data  If you have a specific case you want to research, you can probably find the activity using the online portal  If you want enterprise logging for compliance and security  Long term archival  Powerful, comprehensive search  Alerting  Correlation with other activity feeds  You need more than base functionality  CheckoutQuest ChangeAuditor © 2016 Monterey Technology Group Inc.
Change Auditor – Office 365 Exchange Bryan Patton, CISSP
Confidential16 Change Auditor • Active Directory / LDS • Azure Active Directory • Active Directory Queries • Logon, Logoff, User Sessions • Exchange • O365 Exchange Online • SQL Server • SharePoint • Skype for Business • Windows File Servers • EMC Celerra, Isilon • NetApp • Dell Fluid File System • Quest GPOADmin • Quest Active Roles • Quest Authentication Services • Quest Defender Object protection
Confidential17 • Change Auditor provides complete, real-time change auditing, in-depth forensics and comprehensive reporting on all key configuration, user and administrator changes Change Auditor Who Made the change? Where Was the change made from? What Object was changed? When Was the change made? Why Was the change made (comment)? Workstation Where the change originated from Real-time smart alerts to any device
Demonstration
Questions? www.quest.com/change-auditor

Recomendados

Spsct15 power shell_csom - amit vasu
Spsct15 power shell_csom - amit vasuSpsct15 power shell_csom - amit vasu
Spsct15 power shell_csom - amit vasuamitvasu
 
Office 365 Directory Synchronization
Office 365 Directory SynchronizationOffice 365 Directory Synchronization
Office 365 Directory Synchronizationamitvasu
 
Office 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC RestonOffice 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC Restonamitvasu
 
Spsdc 2014 o365_power_shell_csom_amitv
Spsdc 2014 o365_power_shell_csom_amitvSpsdc 2014 o365_power_shell_csom_amitv
Spsdc 2014 o365_power_shell_csom_amitvamitvasu
 
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...Bram de Jager
 
SPConnect2014 Office 365 APIs
SPConnect2014 Office 365 APIsSPConnect2014 Office 365 APIs
SPConnect2014 Office 365 APIsWes Hackett
 
Introduction to the Client OM in SharePoint 2010
Introduction to the Client OM in SharePoint 2010Introduction to the Client OM in SharePoint 2010
Introduction to the Client OM in SharePoint 2010Ben Robb
 
Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
Building Apps for SharePoint 2013 by Andrew Connell - SPTechConBuilding Apps for SharePoint 2013 by Andrew Connell - SPTechCon
Building Apps for SharePoint 2013 by Andrew Connell - SPTechConSPTechCon
 

Recomendados

Spsct15 power shell_csom - amit vasu
Spsct15 power shell_csom - amit vasuSpsct15 power shell_csom - amit vasu
Spsct15 power shell_csom - amit vasuamitvasu
 
Office 365 Directory Synchronization
Office 365 Directory SynchronizationOffice 365 Directory Synchronization
Office 365 Directory Synchronizationamitvasu
 
Office 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC RestonOffice 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC Restonamitvasu
 
Spsdc 2014 o365_power_shell_csom_amitv
Spsdc 2014 o365_power_shell_csom_amitvSpsdc 2014 o365_power_shell_csom_amitv
Spsdc 2014 o365_power_shell_csom_amitvamitvasu
 
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...
Developing hybrid SharePoint apps that run on-premise and in the cloud - ESPC...Bram de Jager
 
SPConnect2014 Office 365 APIs
SPConnect2014 Office 365 APIsSPConnect2014 Office 365 APIs
SPConnect2014 Office 365 APIsWes Hackett
 
Introduction to the Client OM in SharePoint 2010
Introduction to the Client OM in SharePoint 2010Introduction to the Client OM in SharePoint 2010
Introduction to the Client OM in SharePoint 2010Ben Robb
 
Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
Building Apps for SharePoint 2013 by Andrew Connell - SPTechConBuilding Apps for SharePoint 2013 by Andrew Connell - SPTechCon
Building Apps for SharePoint 2013 by Andrew Connell - SPTechConSPTechCon
 
SharePoint 2010 Client Object Model
SharePoint 2010 Client Object ModelSharePoint 2010 Client Object Model
SharePoint 2010 Client Object ModelG. Scott Singleton
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalO365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
 
Webinar functional testing automation slideshare
Webinar functional testing automation slideshareWebinar functional testing automation slideshare
Webinar functional testing automation slideshareSOASTA
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)Kashif Imran
 
Mastering sp fx in larger projects yannick borghmans
Mastering sp fx in larger projects yannick borghmansMastering sp fx in larger projects yannick borghmans
Mastering sp fx in larger projects yannick borghmansYannick Borghmans
 
SPS Vienna 2017
SPS Vienna 2017SPS Vienna 2017
SPS Vienna 2017Joëlle Ruelle
 
Auditing and Analysis methodologies for your Office365 tenant
Auditing and Analysis methodologies for your Office365 tenantAuditing and Analysis methodologies for your Office365 tenant
Auditing and Analysis methodologies for your Office365 tenantJoelle Ruelle
 
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013NCCOMMS
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...Ivan Sanders
 
REST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksREST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksSalesforce Developers
 
Connector API Apps
Connector API AppsConnector API Apps
Connector API AppsBizTalk360
 
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the EnvironmentsO365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the EnvironmentsIvan Sanders
 
Hard learned CSOM and REST tips
Hard learned CSOM and REST tipsHard learned CSOM and REST tips
Hard learned CSOM and REST tipsSPC Adriatics
 
SharePoint 2013 REST APIs
SharePoint 2013 REST APIsSharePoint 2013 REST APIs
SharePoint 2013 REST APIsGiuseppe Marchi
 
First Look at Azure Logic Apps (BAUG)
First Look at Azure Logic Apps (BAUG)First Look at Azure Logic Apps (BAUG)
First Look at Azure Logic Apps (BAUG)Daniel Toomey
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by muleSon Nguyen
 
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...NCCOMMS
 
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for OfficeIvan Sanders
 
Creating reusable pieces in Logic Apps
Creating reusable pieces in Logic AppsCreating reusable pieces in Logic Apps
Creating reusable pieces in Logic AppsBizTalk360
 
SPS London 2017
SPS London 2017SPS London 2017
SPS London 2017Joëlle Ruelle
 
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideSPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideStephan Bisser
 

Más contenido relacionado

La actualidad más candente

SharePoint 2010 Client Object Model
SharePoint 2010 Client Object ModelSharePoint 2010 Client Object Model
SharePoint 2010 Client Object ModelG. Scott Singleton
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalO365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalNCCOMMS
 
Webinar functional testing automation slideshare
Webinar functional testing automation slideshareWebinar functional testing automation slideshare
Webinar functional testing automation slideshareSOASTA
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)Kashif Imran
 
Mastering sp fx in larger projects yannick borghmans
Mastering sp fx in larger projects yannick borghmansMastering sp fx in larger projects yannick borghmans
Mastering sp fx in larger projects yannick borghmansYannick Borghmans
 
Auditing and Analysis methodologies for your Office365 tenant
Auditing and Analysis methodologies for your Office365 tenantAuditing and Analysis methodologies for your Office365 tenant
Auditing and Analysis methodologies for your Office365 tenantJoelle Ruelle
 
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013NCCOMMS
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...Ivan Sanders
 
REST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksREST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksSalesforce Developers
 
Connector API Apps
Connector API AppsConnector API Apps
Connector API AppsBizTalk360
 
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the EnvironmentsO365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the EnvironmentsIvan Sanders
 
Hard learned CSOM and REST tips
Hard learned CSOM and REST tipsHard learned CSOM and REST tips
Hard learned CSOM and REST tipsSPC Adriatics
 
SharePoint 2013 REST APIs
SharePoint 2013 REST APIsSharePoint 2013 REST APIs
SharePoint 2013 REST APIsGiuseppe Marchi
 
First Look at Azure Logic Apps (BAUG)
First Look at Azure Logic Apps (BAUG)First Look at Azure Logic Apps (BAUG)
First Look at Azure Logic Apps (BAUG)Daniel Toomey
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by muleSon Nguyen
 
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...NCCOMMS
 
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for OfficeIvan Sanders
 
Creating reusable pieces in Logic Apps
Creating reusable pieces in Logic AppsCreating reusable pieces in Logic Apps
Creating reusable pieces in Logic AppsBizTalk360
 

La actualidad más candente (20)

SharePoint 2010 Client Object Model
SharePoint 2010 Client Object ModelSharePoint 2010 Client Object Model
SharePoint 2010 Client Object Model
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
 
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalO365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
 
Webinar functional testing automation slideshare
Webinar functional testing automation slideshareWebinar functional testing automation slideshare
Webinar functional testing automation slideshare
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)
 
Mastering sp fx in larger projects yannick borghmans
Mastering sp fx in larger projects yannick borghmansMastering sp fx in larger projects yannick borghmans
Mastering sp fx in larger projects yannick borghmans
 
SPS Vienna 2017
SPS Vienna 2017SPS Vienna 2017
SPS Vienna 2017
 
Auditing and Analysis methodologies for your Office365 tenant
Auditing and Analysis methodologies for your Office365 tenantAuditing and Analysis methodologies for your Office365 tenant
Auditing and Analysis methodologies for your Office365 tenant
 
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
 
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...
 
REST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action LinksREST API: Do More in the Feed with Action Links
REST API: Do More in the Feed with Action Links
 
Connector API Apps
Connector API AppsConnector API Apps
Connector API Apps
 
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the EnvironmentsO365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
O365 DEVCamp Los Angeles June 16, 2015 Module 02 Setting up the Environments
 
Hard learned CSOM and REST tips
Hard learned CSOM and REST tipsHard learned CSOM and REST tips
Hard learned CSOM and REST tips
 
SharePoint 2013 REST APIs
SharePoint 2013 REST APIsSharePoint 2013 REST APIs
SharePoint 2013 REST APIs
 
First Look at Azure Logic Apps (BAUG)
First Look at Azure Logic Apps (BAUG)First Look at Azure Logic Apps (BAUG)
First Look at Azure Logic Apps (BAUG)
 
Query in share point by mule
Query in share point by muleQuery in share point by mule
Query in share point by mule
 
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
O365Con18 - Reach for the Cloud Build Solutions with the Power of Microsoft G...
 
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
O365 DEVCamp Los Angeles June 16, 2015 Module 05 Hook into Apps for Office
 
Creating reusable pieces in Logic Apps
Creating reusable pieces in Logic AppsCreating reusable pieces in Logic Apps
Creating reusable pieces in Logic Apps
 

Similar a How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online

SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideSPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideStephan Bisser
 
Spstc2011 Developing Reusable Workflow Features
Spstc2011 Developing Reusable Workflow FeaturesSpstc2011 Developing Reusable Workflow Features
Spstc2011 Developing Reusable Workflow FeaturesMichael Oryszak
 
Office365 groups from the ground up - SPTechCon Boston
Office365 groups from the ground up - SPTechCon BostonOffice365 groups from the ground up - SPTechCon Boston
Office365 groups from the ground up - SPTechCon BostonDrew Madelung
 
Design mission-critical enterprise applications with Power Automate and Docto...
Design mission-critical enterprise applications with Power Automate and Docto...Design mission-critical enterprise applications with Power Automate and Docto...
Design mission-critical enterprise applications with Power Automate and Docto...serge luca
 
F1_Design Mission Critical Enterprise Applications with Power Automate and Do...
F1_Design Mission Critical Enterprise Applications with Power Automate and Do...F1_Design Mission Critical Enterprise Applications with Power Automate and Do...
F1_Design Mission Critical Enterprise Applications with Power Automate and Do...serge luca
 
Solve Todays Problems with 10 New SharePoint 2010 Features
Solve Todays Problems with 10 New SharePoint 2010 FeaturesSolve Todays Problems with 10 New SharePoint 2010 Features
Solve Todays Problems with 10 New SharePoint 2010 FeaturesCory Peters
 
SPO Migration - New API
SPO Migration - New APISPO Migration - New API
SPO Migration - New APIAshish Trivedi
 
SharePoint 2010 - What's New?
SharePoint 2010 - What's New?SharePoint 2010 - What's New?
SharePoint 2010 - What's New?Cory Peters
 
Introduction to Azure logic apps
Introduction to Azure logic appsIntroduction to Azure logic apps
Introduction to Azure logic appsGeorge Grammatikos
 
Externalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldExternalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldSitaraman Lakshminarayanan
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Toni Frankola
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...spsnyc
 
CASPUG - Developing Reusable Workflow Features
CASPUG - Developing Reusable Workflow FeaturesCASPUG - Developing Reusable Workflow Features
CASPUG - Developing Reusable Workflow FeaturesMichael Oryszak
 
June 2023 Architect Group FTW.pdf
June 2023 Architect Group FTW.pdfJune 2023 Architect Group FTW.pdf
June 2023 Architect Group FTW.pdfAmeyKulkarni84
 
EO-TH-v2-End-Users.pptx
EO-TH-v2-End-Users.pptxEO-TH-v2-End-Users.pptx
EO-TH-v2-End-Users.pptxssuser9dddf7
 
Breaking SAP portal (HackerHalted)
Breaking SAP portal (HackerHalted)Breaking SAP portal (HackerHalted)
Breaking SAP portal (HackerHalted)ERPScan
 

Similar a How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online (20)

SPS London 2017
SPS London 2017SPS London 2017
SPS London 2017
 
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideSPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
 
Spstc2011 Developing Reusable Workflow Features
Spstc2011 Developing Reusable Workflow FeaturesSpstc2011 Developing Reusable Workflow Features
Spstc2011 Developing Reusable Workflow Features
 
Office365 groups from the ground up - SPTechCon Boston
Office365 groups from the ground up - SPTechCon BostonOffice365 groups from the ground up - SPTechCon Boston
Office365 groups from the ground up - SPTechCon Boston
 
Design mission-critical enterprise applications with Power Automate and Docto...
Design mission-critical enterprise applications with Power Automate and Docto...Design mission-critical enterprise applications with Power Automate and Docto...
Design mission-critical enterprise applications with Power Automate and Docto...
 
Travis Wright - Complete it service management
Travis Wright - Complete it service managementTravis Wright - Complete it service management
Travis Wright - Complete it service management
 
F1_Design Mission Critical Enterprise Applications with Power Automate and Do...
F1_Design Mission Critical Enterprise Applications with Power Automate and Do...F1_Design Mission Critical Enterprise Applications with Power Automate and Do...
F1_Design Mission Critical Enterprise Applications with Power Automate and Do...
 
Azure automation
Azure automationAzure automation
Azure automation
 
Solve Todays Problems with 10 New SharePoint 2010 Features
Solve Todays Problems with 10 New SharePoint 2010 FeaturesSolve Todays Problems with 10 New SharePoint 2010 Features
Solve Todays Problems with 10 New SharePoint 2010 Features
 
Exchange Server 2010
Exchange Server 2010Exchange Server 2010
Exchange Server 2010
 
SPO Migration - New API
SPO Migration - New APISPO Migration - New API
SPO Migration - New API
 
SharePoint 2010 - What's New?
SharePoint 2010 - What's New?SharePoint 2010 - What's New?
SharePoint 2010 - What's New?
 
Introduction to Azure logic apps
Introduction to Azure logic appsIntroduction to Azure logic apps
Introduction to Azure logic apps
 
Externalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services worldExternalizing Authorization in Micro Services world
Externalizing Authorization in Micro Services world
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
 
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
Governance in the Modern Workplace: SharePoint, OneDrive, Groups, Teams, Flow...
 
CASPUG - Developing Reusable Workflow Features
CASPUG - Developing Reusable Workflow FeaturesCASPUG - Developing Reusable Workflow Features
CASPUG - Developing Reusable Workflow Features
 
June 2023 Architect Group FTW.pdf
June 2023 Architect Group FTW.pdfJune 2023 Architect Group FTW.pdf
June 2023 Architect Group FTW.pdf
 
EO-TH-v2-End-Users.pptx
EO-TH-v2-End-Users.pptxEO-TH-v2-End-Users.pptx
EO-TH-v2-End-Users.pptx
 
Breaking SAP portal (HackerHalted)
Breaking SAP portal (HackerHalted)Breaking SAP portal (HackerHalted)
Breaking SAP portal (HackerHalted)
 

Más de Quest

DBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
DBA vs Deadlock: How to Out-Index a Deadly Blocking ScenarioDBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
DBA vs Deadlock: How to Out-Index a Deadly Blocking ScenarioQuest
 
Got Open Source?
Got Open Source?Got Open Source?
Got Open Source?Quest
 
SQL Server 2017 Enhancements You Need To Know
SQL Server 2017 Enhancements You Need To KnowSQL Server 2017 Enhancements You Need To Know
SQL Server 2017 Enhancements You Need To KnowQuest
 
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 AdoptionQuest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 AdoptionQuest
 
Top 10 Enterprise Reporter Reports You Didn't Know You Needed
Top 10 Enterprise Reporter Reports You Didn't Know You NeededTop 10 Enterprise Reporter Reports You Didn't Know You Needed
Top 10 Enterprise Reporter Reports You Didn't Know You NeededQuest
 
Migrating to Windows 10: Starting Fast. Finishing Strong
Migrating to Windows 10: Starting Fast. Finishing StrongMigrating to Windows 10: Starting Fast. Finishing Strong
Migrating to Windows 10: Starting Fast. Finishing StrongQuest
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Ensuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementEnsuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementQuest
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update ManagementQuest
 
Predicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldPredicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldQuest
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Quest
 
Sounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingSounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
 
Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachQuest
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutQuest
 
How to Restructure Active Directory with ZeroIMPACT
How to Restructure Active Directory with ZeroIMPACTHow to Restructure Active Directory with ZeroIMPACT
How to Restructure Active Directory with ZeroIMPACTQuest
 
How to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsHow to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsQuest
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
 
Your Biggest Systems Management Challenges – and How to Overcome Them
Your Biggest Systems Management Challenges – and How to Overcome ThemYour Biggest Systems Management Challenges – and How to Overcome Them
Your Biggest Systems Management Challenges – and How to Overcome ThemQuest
 

Más de Quest (20)

DBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
DBA vs Deadlock: How to Out-Index a Deadly Blocking ScenarioDBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
DBA vs Deadlock: How to Out-Index a Deadly Blocking Scenario
 
Got Open Source?
Got Open Source?Got Open Source?
Got Open Source?
 
SQL Server 2017 Enhancements You Need To Know
SQL Server 2017 Enhancements You Need To KnowSQL Server 2017 Enhancements You Need To Know
SQL Server 2017 Enhancements You Need To Know
 
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 AdoptionQuest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 Adoption
 
Top 10 Enterprise Reporter Reports You Didn't Know You Needed
Top 10 Enterprise Reporter Reports You Didn't Know You NeededTop 10 Enterprise Reporter Reports You Didn't Know You Needed
Top 10 Enterprise Reporter Reports You Didn't Know You Needed
 
Migrating to Windows 10: Starting Fast. Finishing Strong
Migrating to Windows 10: Starting Fast. Finishing StrongMigrating to Windows 10: Starting Fast. Finishing Strong
Migrating to Windows 10: Starting Fast. Finishing Strong
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
Ensuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementEnsuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint Management
 
Effective Patch and Software Update Management
Effective Patch and Software Update ManagementEffective Patch and Software Update Management
Effective Patch and Software Update Management
 
Predicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldPredicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile World
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security Breach
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
 
Sounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingSounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and Alerting
 
Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking About
 
How to Restructure Active Directory with ZeroIMPACT
How to Restructure Active Directory with ZeroIMPACTHow to Restructure Active Directory with ZeroIMPACT
How to Restructure Active Directory with ZeroIMPACT
 
How to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsHow to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 Environments
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
 
Your Biggest Systems Management Challenges – and How to Overcome Them
Your Biggest Systems Management Challenges – and How to Overcome ThemYour Biggest Systems Management Challenges – and How to Overcome Them
Your Biggest Systems Management Challenges – and How to Overcome Them
 

Último

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 

Último (20)

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 

How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online

  • 1. Sponsored by HowtoAuditPrivilegedOperations and MailboxAccessinOffice 365 ExchangeOnline © 2016 Monterey Technology Group Inc.
  • 2. Thanks to  Made possible by
  • 3. Preview of key points  Types of activity to audit in Exchange Online  Message tracking  Privileged access (admin)  Non-owner Mailbox access  Using PowerShell to manage auditing in ExchangeOnline
  • 4. Exchange Online  Run PowerShell as Admin  Set-ExecutionPolicy RemoteSigned  $UserCredential = Get-Credential  $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection  Import-PSSession $Session
  • 5. Message tracking  Message flow  Who is emailing who?  Get-MessageTrace  https://blogs.technet.microsoft.com/eopfieldnotes/2014/12/16/ message-trace-the-powershell-way/  http://o365info.com/performing-an-extended-message-trace-in- office-365/
  • 6. Admin operations  Exporting mailboxes  Granting permissions  Setting up forwarding rules  Everything an admin does in Exchange is ultimately a PowerShell command  Exchange audit’s admin activity at the PowerShell level  Enable for entire organization with  Set-AdminAuditLogConfig -AdminAuditLogEnabled $true - AdminAuditLogCmdlets * -AdminAuditLogParameters * - AdminAuditLogExcludedCmdlets *Mailbox*, *TransportRule*
  • 7. Admin operations  Log via PowerShell  Interactive: Search-AdminAuditLog  Not details  Wait for email: New-AdminAuditLogSearch  Limited in result size  Log via Portal  Limited to pre-conceived search scenarios  Limited in result size
  • 8. Non-Owner Mailbox Auditing  When does Bob access Alice’s mailbox to  View her email  Send email as her  Delete email  Track that with mailbox auditing  Must enable via PowerShell for each mailbox  Set-Mailbox -Identity "John Smith" -AuditDelegate SendAs,SendOnBehalf,MessageBind,FolderBind -AuditEnabled $true
  • 9. Non-Owner Mailbox Auditing Action Administrator Delegate Owner Copy • n/a n/a Create • • • FolderBind • • • HardDelete • • • MessageBind • n/a n/a Move • • • MoveToDeletedIt ems • • • SendAs • • n/a SendOnBehalf • • n/a SoftDelete • • • Update • • •
  • 10. Non-Owner Mailbox Auditing  Don’t enable –AuditOwner  Don’t distinguish between –AuditDelegate and –AuditAdmin  Always enable both  Most things an admin does are logged as delegate  Bogus events being triggered by some automated process?  Set-MailboxAuditBypassAssociation
  • 11. Non-Owner Mailbox Auditing  How to get mailbox audit logs out?  This is complicated
  • 12. Non-Owner Mailbox Auditing  How to get mailbox audit logs out?  Does not meet requirements  Search-MailboxAuditLog  The old way  New-SearchMailboxAuditLog  No longer works on Exchange 2016 or Exchange Online because of severe limitations  Examples
  • 13. Non-Owner Mailbox Auditing  Portal  Only useful for casual, targeted querying of recent activity  Can’t search users  What does work?  O365 Management Activity API  Requires significant application programming  Check out Quest Change Auditor coming up
  • 14. Bottom line  Office 365 captures the audit data  If you have a specific case you want to research, you can probably find the activity using the online portal  If you want enterprise logging for compliance and security  Long term archival  Powerful, comprehensive search  Alerting  Correlation with other activity feeds  You need more than base functionality  CheckoutQuest ChangeAuditor © 2016 Monterey Technology Group Inc.
  • 15. Change Auditor – Office 365 Exchange Bryan Patton, CISSP
  • 16. Confidential16 Change Auditor • Active Directory / LDS • Azure Active Directory • Active Directory Queries • Logon, Logoff, User Sessions • Exchange • O365 Exchange Online • SQL Server • SharePoint • Skype for Business • Windows File Servers • EMC Celerra, Isilon • NetApp • Dell Fluid File System • Quest GPOADmin • Quest Active Roles • Quest Authentication Services • Quest Defender Object protection
  • 17. Confidential17 • Change Auditor provides complete, real-time change auditing, in-depth forensics and comprehensive reporting on all key configuration, user and administrator changes Change Auditor Who Made the change? Where Was the change made from? What Object was changed? When Was the change made? Why Was the change made (comment)? Workstation Where the change originated from Real-time smart alerts to any device