5.6 Configuring Office 365 Monitoring

Change Guardian monitors the following in Office 365:

  • Exchange Online Settings

  • Mailbox Accounts

  • Mailbox Messages

  • Management Role Groups

This section provides the following information:

The following diagram illustrates how Change Guardian collects events from Exchange Online:

5.6.1 Implementation Checklist

Complete the following tasks to start monitoring Office 365 events:

Task

See

Complete the prerequisites

Prerequisites

Add the license key

Adding a License Key

Configure Change Guardian for monitoring

Configuring Change Guardian for Monitoring

Triage events

Section 7.0, Managing Events

Section 8.0, Configuring Alerts

5.6.3 Configuring Change Guardian for Monitoring

You must configure the Change Guardian server to receive Office 365 event logs from Change Guardian Event Collector Addon for Windows Agent.

Enabling Office 365 Monitoring

To enable monitoring:

  1. In Agent Manager, select the asset and click Manage Installations > Install Agents.

    Or

    In Agent Manager, select the asset and click Manage Installations > Reconfigure Agents.

  2. In the Reconfigure Agent page, select Enable Collector Plugin under Edit Agent Configuration.

  3. Specify the location to store CEF events in CEF Data Output Path.

    NOTE:Ensure that the value in CEF Data Output Path matches the CEF data path you specify during Change Guardian Event Collector Addon for Windows Agent installation. You can get the CEF data path from the ceffolder parameter in <install_directory>\current\user\agent\agent.properties.

5.6.4 Categories of Office 365 Policies

Exchange Online Settings: Policies about creating, deleting, and changing settings, such as role permissions, data loss prevention, anti-malware and retention policies, and mailbox recipients

Mailbox Accounts: Policies about the following:

  • Creating and deleting of mailbox accounts

  • Enabling and disabling mailbox accounts

Mailbox Messages: Policies about sending on behalf of another user, moving, deleting messages, and so on

Management Roles Groups: Policies about adding, changing, and deleting the following management groups: compliance, discovery, organization, and records

For information about creating policies in Change Guardian, see Creating Change Guardian Policies.

After creating policies, you can assign them to assets. For information about assigning policies, see Working with Policies.