Before you start creating a monitoring plan to audit your Exchange Online organization, plan for the account that will be used for data collection. This account will be specified in the monitored item (Office 365 tenant) settings.
- If your organization uses modern authentication for identity management:
- Netwrix Auditor will access the cloud-based Office 365 infrastructure using a dedicated Azure AD application. This app should be created manually by user with administrative role and assigned required permissions. See Configuring Azure AD app for details.
- You will need to provide the Azure AD app settings in the monitored item (Office 365 tenant) properties. See Office 365 Tenant for more information.
IMPORTANT! With modern authentication, Netwrix Auditor will collect only activity data from the Exchange Online organization.
NOTE: To collect data on the non-owner mailbox access, additional configuration steps are required. See Auditing non-owner mailbox access for details.
- If basic authentication is used:
- Netwrix Auditor will be able to collect both activity and state-in-time data.
- Security permissions and roles will depend on Netwrix Auditor deployment scenario —new installation or upgraded deployment. See Accessing Exchange Online using basic authentication.
NOTE: To collect data on the non-owner mailbox access, additional configuration steps and specific permissions are required for both deployment scenarios. See related sections for details.