Office 365
Microsoft Office 365 cloud productivity suite including Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Logs are captured via the Office 365 Management Activity API.
Azure-Active-Directory
No description available.
role_member_added
Records Azure Active Directory role assignment operations, particularly additions to privileged roles like Global Administrator, which represent privilege escalation and potential security risks
Exchange
No description available.
inbox_rule_created
Records New-InboxRule operations where users create email forwarding rules, often with external forwarding to bypass administrator controls and exfiltrate sensitive data
mailbox_forwarding
Records Set-Mailbox operations that configure external email forwarding, a common data exfiltration technique where emails are automatically forwarded to external addresses
mailbox_permission_added
Records Add-MailboxPermission operations that grant mailbox access rights (FullAccess, SendAs, SendOnBehalf) to other users, providing persistent access that survives password resets
Sharepoint
No description available.
anonymous_link_created
Records SharePoint Online anonymous link creation events where users create publicly accessible sharing links for files or folders, enabling external access without authentication