5.4 Configuring Microsoft Exchange Monitoring

Change Guardian monitors Microsoft Exchange settings, mailbox accounts, mailbox messages, management role groups, and rights.

Figure 5-4 Microsoft Exchange Monitoring using Change Guardian

The deployment diagram illustrates the following:

  • SmartConnector for Change Guardian acts as the interface between Microsoft Exchange and Change Guardian. It pulls event data from Exchange and stores the event details in a CEF log file.

  • Change Guardian Agent for Windows reads from the CEF log file and sends the event details to the Change Guardian server.

5.4.1 Implementation Checklist

The following table provides an overview of the tasks required for Change Guardian to start monitoring Microsoft Exchange events:

Task

See

Complete the prerequisites

Prerequisites

Add the license key

Adding a License Key

Configure Change Guardian for monitoring

Enabling Exchange Monitoring

Creating Microsoft Exchange Policies

Triage events

You can triage events in the Change Guardian dashboard and the Administration Console.

5.4.2 Prerequisites

Ensure that you have completed the following in the same order:

IMPORTANT:Install SmartConnector for Change Guardian, Change Guardian Agent for Windows, and on the same machine as Microsoft Exchange.

  1. Enable auditing in Microsoft Exchange

    • Enable Mailbox Auditing

    • Enable Administrator Auditing

    • Execute PowerShell Scripts

  2. Install SmartConnector for Change Guardian

  3. Install Change Guardian Agent for Windows

  4. Install Policy Editor.

5.4.3 Configuring Change Guardian

You must complete the following tasks on Change Guardian server.

Enabling Exchange Monitoring

You must configure the Change Guardian server to receive the Exchange event logs from SmartConnector for Change Guardian.

Prerequisite: Ensure that you have added Exchange asset in Agent Manager.

To enable monitoring:

  1. In Agent Manager, select the asset and click Manage Installations > Reconfigure Agents.

  2. In the Reconfigure Agents page, edit the configuration to select Enable Smart Connector Plugin.

  3. Specify the location to store CEF events CEF Data Output Path.

    NOTE:Ensure that the value in CEF Data Output Path matches the CEF data path that you had specified during SmartConnector for Change Guardian installation. You can get the CEF data path from ceffolder parameter in the <install_directory>\current\user\agent\agent.properties.

Creating Microsoft Exchange Policies

You can create policies to the following event sources:

Exchange Settings : Policies for creating, deleting configuration settings.

Mailbox Accounts : Policies for creating, deleting and moving of mailbox accounts, and enabling and disabling mailbox accounts.

Mailbox Messages : Policies for sending, moving, deleting messages, and so on.

Management Role Groups : Policies for adding, deleting, and modifying role group, adding and removing group member, and so on.

For information about creating policies, see Creating Change Guardian Policies.

After creating policies, you can assign them to assets. For information about assigning policies, see Working with Policies.

NOTE:While creating mailbox policies, you do not have to configure LDAP settings to browse the Exchange server mailboxes.