Exchange
NOTE: Before configuring your monitoring plan, read and complete the instructions in the following topics:
-
Protocols and Ports Required – To ensure successful data collection and activity monitoring configure necessary protocols and ports for inbound and outbound connections
-
Data Collecting Account – Configure data collecting accounts as required to audit your IT systems
-
Exchange – Configure the data source as required for monitoring
Complete the following fields:
| Option | Description |
|---|---|
| Monitor this data source and collect activity data | Enable monitoring of the selected data source and configure Auditor to collect and store audit data. |
| Detect additional details | Specify additional information to include in reports and activity summaries. Select Group membership if you want to include Group membership of the account under which the change was made. |
| Specify data collection method | You can enable network traffic compression. If enabled, Auditor automatically launches a Compression Service on the audited computer to collect and prefilter data. This significantly improves data transfer and minimizes the impact on the target computer performance. |
| Configure audit settings | You can adjust audit settings automatically. Auditor checks your current audit settings on each data collection and adjusts them if necessary. Netwrix recommends this method for evaluation purposes in test environments. If Auditor detects any conflicts with your current audit settings, it will not perform automatic audit configuration. Don't select the checkbox if you want to configure audit settings manually. See the Exchange configuration topic for additional information about audit settings required to collect comprehensive audit data and the instructions on how to configure them. |
| Collect data on non-owner access to mailboxes | Enable monitoring of unauthorized access to mailboxes within your Exchange Online organization. Configure the following: - Notify users if someone gained access to their mailboxes — Select this checkbox if you want to notify users on non-owner access events to their mailboxes. - Notify only specific users — Select this checkbox and click Add Recipient to specify the list of users who will receive notifications on non-owner access to their mailboxes. Users not included in this list receive no notification. - Enable automatic audit configuration— If Auditor detects any conflicts with your current audit settings, it will not perform automatic audit configuration. See the Exchange and Exchange Online topics for additional information about the audit settings required for Auditor to collect comprehensive audit data and instructions on how to configure them. If you select to automatically configure audit in the target environment, Auditor checks your current audit settings on each data collection and adjusts them if necessary. |
Review your data source settings and click Add to go back to your plan. The newly created data source will appear in the Data source list. Next, click Add item to specify an object for monitoring. See the Add Items for Monitoring topic for additional information.
Domain
Complete the following fields:
| Option | Description |
|---|---|
| Specify Active Directory domain | Specify the audited domain name in the FQDN format. For example, "company.local". |
| Specify the account for collecting data | Select the account to use for collecting data for this item. If you want to use a specific account (other than the one you specified during monitoring plan creation), select account type you want to use and enter credentials. The following choices are available: - User/password. You must grant the account the same permissions and access rights as the default account used for data collection. See the Data Collecting Account topic for additional information. - Group Managed Service Account (gMSA). You should specify only the account name in the domain\account$ format. See the Use Group Managed Service Account (gMSA) topic for additional information. - Netwrix Privilege Secure. Starting with version 10.7, you can integrate Netwrix Auditor with Netwrix Privilege Secure. See the Netwrix Privilege Secure topic for additional information. |
See the Permissions for Exchange Auditing topic for additional information.
Use Netwrix Privilege Secure as a Data Collecting Account
Starting with version 10.7, you can use Netwrix Privilege Secure to manage the account for collecting data, after configuring the integration. See the Netwrix Privilege Secure topic for additional information about integration and supported data sources. In this case, Netwrix Auditor will not store the credentials. Instead, Netwrix Privilege Secure will manage and provide them on demand, ensuring password rotation or using temporary accounts for data collection.
To use Netwrix Privilege Secure as an account for data collection:
Step 1 – Select the item you want to configure.
Step 2 – In the item configuration menu, select Netwrix Privilege Secure as an option for data collection.
Step 3 – Select the type of the Access Policy you want to use in Netwrix Privilege Secure. Credential-based is the default option. Refer to the Netwrix Privilege Secure documentation for information about Access Policies.
In this case, you need to provide the username of the account that Netwrix Privilege Secure manages, and to which Netwrix Auditor has access through a Credential-based access policy.
NOTE: Netwrix recommends using different credentials for different monitoring plans and data sources.
The second option is Resource-based. To use this option, you need to provide the Activity and Resource names, assigned to Netwrix Auditor in the corresponding Resource-based policy. Ensure the names match those in Netwrix Privilege Secure.
The Resource name in this case is where the activity occurs. For example, if you grant the data collecting account access to a local Administrators group - the resource is the server where Netwrix Privilege Secure grants the permission.
Netwrix Privilege Secure is ready to use as an account for data collection.