Revision History

Revision # Date Summary of Changes

Revision 1


Initial version of documentation for Netwrix Auditor 9.96.

Revision 2


Fixed the requirement for Secondary Logon service (for AD monitoring) in the Configure IT Infrastructure for Auditing and Monitoring section.

Fixed permissions for data collecting account required for activity data collection from SharePoint Online (using basic authentication) in the Accessing SharePoint Online using basic authentication section.

Fixed formatting in the For Oracle Database Auditing section.

Added a requirement for data collecting account membership in the Administrators group of SSO domain in the For VMware Server Auditing section.

Revision 3


Added information about Netwrix Auditor components to be added as exclusions for antivirus to the Prepare for Windows File Server Monitoring section.

Fixed formatting in the Configure Nutanix File Server for Monitoring section.

Revision 4


Fixed format of the WorkingHours filter in the Filters section.

Restructured sections on Oracle Database configuration for auditing (Configure Oracle Database for Monitoring and related sections).

Information about configuring SQL Server added to the Configure SQL Server for Monitoring section.

Added information about System access zone for Dell EMC Isilon storages to the Supported Data Sources section.

Revision 5


Updated Release Notes with fixes and enhancements in Update 2. See What Has Been Fixed.

Edited paragraph on the list of inclusions /exclusions in the User Activity

Revision 6


Added a note about username format to description of SSRS settings in the Audit Database section.

Added information about Read-only role to be revoked from data collecting account if planning to collect state-in-time data from VMware servers. See For VMware Server Auditing .

Updated content, mentioning EMC Unity in the Configure Dell EMC VNX/VNXe/Celerra/Unity for Monitoring section.

Note about scale-out file server (SOFS) added to the Supported Data Sources section.

Revision 7


Session ID description added to the Actions, Object Types and Attributes Monitored on File Servers section.

Fixed the Assign Roles section.

DFS processing details added to the Prepare for Windows File Server Monitoring section.

Note about dedicated apps added to the Configuring Azure AD app section.

Revision 8


Added "Using historical data" paragraph to the Monitoring Plans section.

Fixed missing screenshots.

Removed outdated information about File Servers and Windows Servers from the Fine-tune Netwrix Auditor with Registry Keys section.

Revision 9


Updated Release Notes with fixes and enhancements in Update 3. See What Has Been Fixed

Fixed cmd formatting in the Using Group Managed Service Account (gMSA) section.

Revision 10


Min requred RAM value for Netwrix Auditor Server changed to 8 GB — see the Hardware Requirements section.

Added details for supported User Activity data source — see the User Activitysection.

Revision 11


Added a note about Microsoft GCC High (government community cloud high) and DoD tenant types to the Supported Data Sources

Removed sections about Data Discovery and Classification Edition, as its support expired in December 2020.

Fixed typos and formatting.

Revision 12


Added information about Exchange management roles required for data collection account to collect data from Active Directory (see For Active Directory Auditing section).

Added information about the Infognition ScreenPressor codec to the Install Netwrix Auditor User Activity Core Service and Uninstall Netwrix Auditor Compression and Core Services sections.

Added a known issue and work-around about using PowerShell cmdlets to report on the Add/Remove mailbox actions in Exchange Online (see Known Issues).

Revision 13


Note about limitations of using gMSA for data collection from AD domain with on-premise Exchange added to the For Active Directory Auditing section.

Fixed the list of mailbox types supported when collecting data on mailbox access in the СConfigure Exchange for Monitoring Mailbox Access section.

Fixed cmdlet in the Using Group Managed Service Account (gMSA)

Updated the procedure of granting application permission in the Settings for non-owner mailbox access audit: automatic configuration section.

Note about Cloud-only user account added to the Accessing Exchange Online using basic authentication

Revision 14


Added a link to the Knowledge Base article about log archiving, replacing the related paragraph in the Adjust Security Event Log Size and Retention Settings section.

Added and to the list of Exchange Online endpoints in the Protocols and Ports Required for Monitoring Office 365

Added links to the Knowledge Base and Customer portal to the Troubleshooting section.