Before you start creating a monitoring plan to audit your Exchange Online organization, plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard.
To collect Activity Records only:
- The account needs to be created as a Cloud-Only account.
- To connect to Exchange Online, the account must be assigned the following Exchange admin roles:
- Audit logs
- Mail Recipients
- View-Only Configuration
See Assigning Office 365 Management Roles for more information.
NOTE: Accounts with multi-factor authentication are not supported.
To collect State-in-Time data:
To collect State-in-Time data in your Exchange Online environment, Netwrix creates a dedicated cloud application. The account under which the application is created requires enhanced roles assignment. Later, you can remove roles from the account and perform ongoing State-in-Time data collection with regular roles.
Create cloud application
Collect State-in-Time data
One of the following Azure Active Directory roles: