Office365ExchangeAdmin log type
- Svetlana Sheptiy
- Marlon Morales
Description
Events from the Exchange admin audit log.
Log Structure
Table Fields
Field | Description |
|---|---|
TABLE | Office365ExchangeAdmin |
RECORDTYPE | Based on RecordType, this field indicates the operation performed by the record. |
APPID | Based on AppId, there’s no available documentation for this field. |
CLIENTAPPID | Based on ClientAppId, there’s no available documentation for this field. |
MODOBJECTRESOLVENAME | Based on ModifiedObjectResolvedName, this field contains the the user-friendly name of the object that was modified by the cmdlet. |
MODIFIEDPROPERTIES | Based on ModifiedProperties, this field contains the name of the property that was modified, the new value of the modified property, and the previous value of the modified object. |
PARAMS | Based on Parameters, this field contains the name and value for all parameters that were used with the cmdlet that is identified in the Operations property. |
EXTERNALACCESS | Based on ExternalAccess, this field contains the details that specifies whether the cmdlet was run by a user in your organization, by Microsoft datacenter personnel or a datacenter service account, or by a delegated administrator. |
ORIGINATINGSERVER | Based on OriginatingServer, this field contains the name of the server from which the cmdlet was executed. |
ORGNAME | Based on OrganizationName, this field contains the name of the tenant. |
SNAREDATAMAP | All unclassified field(s) parsed from this log type will be pushed into the SNAREDATAMAP. |