Owner Activities Test

If you want to audit the activities of specific mailbox owners, then use the Owner Activities Test.

This test automatically discovers the activities performed by configured mailbox owners, and reports the number of times each activity was performed, the number of unique users performing every activity, and the number of clients from which each activity was initiated. Detailed diagnostics reported by the test reveals which of the configured mailbox owners performed the activity, when, and what was the result of the activity each time it was performed.

Target of the test : Exchange Online

Agent deploying the test : A remote agent

Outputs of the test : One set of results for every activity/operation performed by a configured mailbox owner

First-level Descriptor: Operation name

Configurable parameters for the test

Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured. By default, this is portal.office.com

O365 User Name, O365 Password, and Confirm Password

For execution, this test requires the privileges of an O365 user who has been assigned the Service Administrator role and is vested with the View-Only Audit Logs, View-Only Recipients, Mail Recipients, and Mail Import Export permissions. Configure the credentials of such a user against O365 User Name and O365 Password text boxes. Confirm the password by retyping it in the Confirm Password text box.

While you can use the credentials of any existing O365 user with the afore-said privileges, it is recommended that you create a special user for monitoring purposes using the Office 365 portal and use the credentials of that user here. To know how to create a new user using the Office 365 portal and assign the required privileges to that user, refer to Creating a New User in the Office 365 Portal.

Domain, Domain User Name, Domain Password, and Confirm Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, in the Domain text box, specify the name of the Windows domain to which the eG agent host belongs. In the Domain User Name text box, mention the name of a valid domain user with login rights to the eG agent host. Provide the password of that user in the Domain Password text box and confirm that password by retyping it in the Confirm Password text box.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of these parameters. By default, these parameters are set to none.

Proxy Host, Proxy Port, Proxy User Name, and Proxy Password

These parameters are applicable only if the eG agent needs to communicate with the Office 365 portal via a Proxy server.

In this case, provide the IP/host name and port number of the Proxy server that the eG agent should use in the Proxy Host and Proxy Port parameters, respectively.

If the Proxy server requires authentication, then specify the credentials of a valid Proxy user against the Proxy User Name and Proxy Password text boxes. Confirm that password by retyping it in the Confirm Password text box. If the Proxy server does not require authentication, then specify none against the Proxy User Name, Proxy Password, and Confirm Password text boxes.

On the other hand, if the eG agent is not behind a Proxy server, then you need not disturb the default setting of any of the Proxy-related parameters. By default, these parameters are set to none.

Mailbox Owners ID

Configure a comma-separated list of the email IDs of mailbox owners you want to monitor - eg., andy@garcia.com,george@clooney.com

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time the test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Total operations

Indicates the total number of times this operation was performed.

Number

Use the detailed diagnosis of this measure to know which mailbox owner performed the operation, when, and what was the result of the activity each time it was performed.

Unique users

Indicates the number of unique users who performed this operation.

Number

Use the detailed diagnosis of this measure to know who are the users performing the operation.

Unique client IPs

Indicates the number of unique client IPs from which users initiated this operation.

Number

Use the detailed diagnosis of this measure to know the clients from which this operation was performed.

The detailed diagnosis of the Total operations measure reveals which mailbox owner performed the operation, when, and what was the result of the activity each time it was performed. With the help of this information, you can spot instances when the operation failed.

Figure 1 : The detailed diagnosis of the Total operations measure reported by the Owner Activities test

To know the users who performed a particular operation, use the detailed diagnosis of the Unique users measure.

Figure 2 : The detailed diagnosis of the Unique users measure reported by the Owner Activities test

To know the clients from which a particular operation was performed, use the detailed diagnosis of the Unique client IPs measure.

Figure 3 : The detailed diagnosis of the Unique client IPs measure reported by the Owner Activities test