Configuring Exchange Online Activity Monitoring
Note
Verify auditing is enabled which was listed in the prerequisites.
Activity Monitoring gathers events from applications to help control and audit resource access.
Activity Monitoring is automatically disabled. To enable it, set the Allow Activity Monitoring toggle to on.
Setting the Data Retention Period
Setting a data retention period allows the user to specify how long activities will be stored offline. Activities are available on the Activity Forensics screen for a default of 12 months. After the initial 12 months, the activity data is retained and available via a support ticket. You can set a retention period from between 1 month and 7 years. After the retention period is met, all activities will be deleted.
Example: If the data retention period in the application configuration is set to 18 months, the activities will be available in Data Access Security for the initial 6 months and then available by a support ticket for the 18 additional months, making it a total of 24 months.
Supported Event Types
Owner
| Event | Out-of-the-Box | Add-Ons |
|---|---|---|
| AddFolerPermission | ✓ | |
| ApplyRecord | ✓ | |
| Create | ✓ | |
| HardDelete | ✓ | |
| MailboxLogin | ✓ | |
| MailItemsAccessed | ✓ | |
| ModifyFolderPermissions | ✓ | |
| Move | ✓ | |
| MoveToDeletedItems | ✓ | |
| RecordDelete | ✓ | |
| RemoveFolderPermissions | ✓ | |
| SoftDelete | ✓ | |
| Update | ✓ | |
| UpdateFolderPermissions | ✓ | |
| UpdateCalendarDelegation | ✓ | |
| UpdateInboxRules | ✓ |
Delegate
| Event | Out-of-the-Box | Add-Ons |
|---|---|---|
| AddFolerPermission | ✓ | |
| ApplyRecord | ✓ | |
| Create | ✓ | |
| FolderBind | ✓ | |
| HardDelete | ✓ | |
| MailItemsAccessed | ✓ | |
| ModifyFolderPermissions | ✓ | |
| Move | ✓ | |
| MoveToDeletedItems | ✓ | |
| RecordDelete | ✓ | |
| RemoveFolderPermissions | ✓ | |
| SendAs | ✓ | |
| SendOnBehalf | ✓ | |
| SoftDelete | ✓ | |
| Update | ✓ | |
| UpdateFolderPermissions | ✓ | |
| UpdateInboxRules | ✓ |
Admin
| Event | Out-of-the-Box | Add-Ons |
|---|---|---|
| AddFolerPermission | ✓ | |
| ApplyRecord | ✓ | |
| Copy | ✓ | |
| Create | ✓ | |
| FolderBind | ✓ | |
| HardDelete | ✓ | |
| MailItemsAccessed | ✓ | |
| ModifyFolderPermissions | ✓ | |
| Move | ✓ | |
| MoveToDeletedItems | ✓ | |
| RecordDelete | ✓ | |
| RemoveFolderPermissions | ✓ | |
| SendAs | ✓ | |
| SendOnBehalf | ✓ | |
| SoftDelete | ✓ | |
| Update | ✓ | |
| UpdateFolderPermissions | ✓ | |
| UpdateCalendarDelegation | ✓ | |
| UpdateInboxRules | ✓ |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.