Microsoft Office 365 Security Statistics
This SAM application monitor template shows status of Office 365 Exchange mailbox security and includes the following component monitors:
- User Mailbox Security - Users with access to more than 20 mailboxes
- Users by Retention Policy - Users assigned to retention policies and their respective names
- User Password Settings - Users based on password expiration settings
- Last Password Change - Number of users that changed passwords more than 90 days ago
- Administrative Roles - Administrative roles and the number of users assigned to them
- Mailbox Auditing - Mailboxes that currently have audit enabled
- Multi-Factor Authentication - Users that have MFA enabled
Tip: Consider using one of the new SAM API Poller templates designed for Microsoft 365 instead of legacy application monitor templates.
WMI access to the target server
See also Connect to Exchange Online Using Remote PowerShell (© 2020, Microsoft Corp, available at https://docs.microsoft.com/, obtained on February 3, 2020)
Run the PowerShell script mentioned in the Microsoft article on the Orion server, not the target node.
- An Orion account with SAM administrator permissions.
- An all-in-one, inclusive Office 365 account with Global Administrator privileges.
Alternatively, use an account with an admin role that has permission to access data to be monitored via the Office 365 API.
Use UPN format (
username@domain) — not
domain\username format to enter credentials.
To avoid authentication issues if passwords change, use a service account.