Documentation forServer & Application Monitor

Microsoft Office 365 Security Statistics

This template shows status of Office 365 Exchange mailbox security and includes the following Component Monitors:

  • User Mailbox Security - Users that have access to more than 20 mailboxes
  • Users by Retention Policy - Users assigned to retention policies and their respective names
  • User Password Settings - Users based on password expiration settings
  • Last Password Change - Number of users that have password changes more than 90 days ago
  • Administrative Roles - Administrative roles and the number of users assigned to them
  • Mailbox Auditing - Mailboxes that currently have audit enabled
  • Multi-Factor Authentication - Users that have multi-factor authentication enabled\

Prerequisites

WMI access to the target server

See also Connect to Exchange Online Using Remote PowerShell (© 2020, Microsoft Corp, available at https://docs.microsoft.com/, obtained on February 3, 2020)

Run the PowerShell script mentioned in the Microsoft article on the Orion server, not the target node.

Credentials

  • An Orion account with SAM administrator permissions.
  • An Office 365 account with Global Administrator privileges.
    An alternative account with an admin role can be used if it meets the following requirements.
    • The account must be a member of an Office 365 admin role.
    • The account has adequate rights to subscriptions and management groups, as well as access to the Office 365 API.
    • The account should be an all-in-one, inclusive account to support the monitoring of all mailboxes.

Use UPN format (username@domain) — not domain\username format to enter credentials. Also, a service account for Exchange Web Services is recommended to avoid authentication issues when passwords are updated.