14. O365 Management Activity API
ユーザー
Microsoft
BaseAuditSchema
ID Record ID ClientIP
AuditLogRecordType Workload ObjectID
AuditLogRecordName Workload Name Geography
CreationTime Event Time IP of Client
Operation Action Taken Entity ID
OrganizationID Tenant ID Geo of IP
UserType User Role
UserKey User ID from AAD
SP/OD Extended Properties
Site
ItemType
EventSource
SourceName
UserAgent
CustomEvent
EventData
ModifiedProperties
MachineDomainInfo
MachineID
SiteURL
SourceRelativeURL
SourceFileName
SourceFileExtension
DestinationRelativeURL
DestinationFileName
DestinationFileExtension
UserSharedWith
SharingType
Exchange ExtendedProperties
OperationResult
LogonType
InternalLogonType
MailboxGuid
MailboxOwnerUPN
MailboxOwnerSID
MailboxOnwerMasterAccountSid
LogonUserSid
LogonUserDisplayName
ExchangeFolderID
ExchangeFolderPathName
ExchangeItemID
ExchangeItemSubject
ExchangeItemParentFolder
Folder
CrossMailboxOperation
DestMailboxGuid
more….
Azure AD ExtendedProperties
InterSystemsID
IntraSystemsID
Result
SupportTicketID
Target
CredentialType
LoginType
ClientLoginTime
ClientMode
CredentialFlag
DeviceID
LoginStatus
MobileKeepSignedIn
MobileLoginTime
MobileMarket
MobileUserAgentString
Purpose
more…….
150 以上の
アクテビティを
検出
① ユーザー アクテビティを検出
管理者