Microsoft Exchange Security for Exchange Online
Solution: Microsoft Exchange Security - Exchange Online
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Community |
| Support Tier | Community |
| Support Link | https://github.com/Azure/Azure-Sentinel/issues |
| Categories | domains |
| Version | 3.1.7 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-12-21 |
| Solution Folder | Microsoft Exchange Security - Exchange Online |
| Marketplace | Azure Marketplace · Popularity: 🟢 High (95%) |
The Exchange Security Audit and Configuration Insight solution analyze Exchange Online configuration and logs from a security lens to provide insights and alerts.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Custom logs ingestion via Data Collector REST API
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 3 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
ESIExchangeOnlineConfig_CL 🔶 |
Exchange Security Insights Online Collector | Workbooks |
Event |
- | Workbooks |
OfficeActivity |
- | Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 10 content item(s):
| Content Type | Count |
|---|---|
| Parsers | 5 |
| Workbooks | 4 |
| Watchlists | 1 |
Workbooks
Parsers
| Name | Description | Tables Used |
|---|---|---|
| ExchangeConfiguration | The list of section to query. Default is all. | - |
| ExchangeEnvironmentList | The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises... | - |
| MESCheckOnlineVIP | The user to verifiy if is a VIP or not. Default value is "all". | - |
| MESCompareDataMRA | The Section to compare. Default value is "". | ESIExchangeOnlineConfig_CL (read) |
| MESOfficeActivityLogs | - | OfficeActivity (read) |
Watchlists
| Name | Description | Tables Used |
|---|---|---|
| ExchOnlineVIP | - | - |
Additional Documentation
📄 Source: Microsoft Exchange Security - Exchange Online/README.md
Overview
We have published Public Contents for the Microsoft Exchange Security Sentinel Solution. The contents can be found here:
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.1.7 | 26-03-2025 | Update documentation link to new repository |
| 3.1.6 | 30-08-2024 | Correct bug on LasdtReceivedData of DataConnector. and change parser |
| 3.1.5 | 15-05-2024 | Enhancement in existing Parser |
| 3.1.4 | 30-04-2024 | Repackaged for parser issue |
| 3.1.3 | 25-04-2024 | Repackaged for parser issue with old names |
| 3.1.2 | 18-04-2024 | Repackaged for parser issue while update |
| 3.1.1 | 19-03-2024 | Manually updated package content |
| 3.0.5 | 20-02-2024 | Correct DataConnector last Log indicator |
| 3.0.4 | 18-12-2023 | Correct Parser parameters and force version update |
| 3.0.3 | 05-12-2023 | Added parameters in Parser to fix default values issue. |
| 3.0.2 | 01-11-2023 | Added a Parser to verify if user is Microsoft Exchange Security VIP (Watchlist) |
| 3.0.1 | 13-09-2023 | Readme file for parsers added and typo correction |
| 3.0.0 | 23-08-2023 | ExchangeEnvironmentList parser name corrected in Workbooks. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊