![]() ![]() The Exchange GUID of the mailbox that was accessed to send mail on behalf of SMTP address of the user who is being impersonated The Exchange GUID of the mailbox that was accessed to send email as Indicates whether the action (specified in the Operation property) was successful or not Reason for the result reported in ResultType See the AuditLogRecordType table for details on the types of audit log recordsĪ unique identifier for the resource that the record is associated with The type of operation indicated by the record. The name and value for all parameters that were used with the cmdlet that is identified in the Operations property The name of the server from which the cmdlet was executed This value will always be the same for your organization The GUID for your organization's Office 365 tenant. The name of the operation that the user is performing The Office 365 service where the activity occurred New value of the settingįor SharePoint and OneDrive for Business activity The property is included for admin events, such as adding a user as a member of a site or a site collection admin group This is the user friendly name of the object that was modified by the cmdlet The email address of the person who owns the mailbox that was accessedĪn identifier for a chat or channel message Mailbox owner account's master account SID The Exchange GUID of the mailbox that was accessed The SID of the user who performed the operation The user-friendly name of the user who performed the operation Indicates the type of user who accessed the mailbox and performed the operation that was logged The mapping of various interesting logon failures could be done by alerting algorithms This property is from OrgIdLogon.LoginStatus directly. See the ItemType table for details on the types of objects The type of object that was accessed or modified. The string in the Subject field of the email message Represents the item upon which the operation was performed Indicates if operation was created by a device managed by the organization When _IsBillable is false ingestion isn't billed to your Azure account Specifies whether ingesting the data is billable. The GUID that's generated by Azure Active Directory to track the action The GUID that track the actions across components within the Office 365 service Used for comments and other generic information Information about the source folders involved in an operation The folder where a group of items is located Specifies whether the cmdlet was run by a user in your organization The extended properties of the Azure AD event Possible values are SharePoint or ObjectModel Identifies that an event occurred in SharePoint. The duration for which the elevation was active (in Hours)Ī unique identifier for the elevation request The timestamp for when the elevation was approved ![]() The name of the tenant that the elevation/cmdlet was targeted at Set only if the CrossMailboxOperations parameter is True The URL of the destination folder where a file is copied or moved The name of the file that is copied or moved The file extension of a file that is copied or moved Indicates if the operation involved more than one mailbox The type of communications that was conducted The email client that was used to access the mailbox The machine name that hosts the Outlook client The IP address of the device that was used when the activity was logged Information about the email client that was used to perform the operation The IP address of the device that was used when the operation was logged The type of channel being audited (Standard/Private)ĭetails about the client device, device OS, and device browser that was used for the of the account login event ![]() The type of add-on that generated this eventĪ unique identifier for the channel being audited The name of the add-on that generated this event The unique identifier of the add-on generated this event The actor's IP address in IPV4 or IPV6 address format The GUID of the organization that the actor belongs to The user or service principal that performed the action The user that the action (identified by the Operation property) was performed on Including Exchange, SharePoint and Teams logs. Audit logs for Office 365 tenants collected by Azure Sentinel. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |