Mailbox Auditing - Reporting and Alert Emails set up for User Signed into Mailbox via OWA
Currently, the audit logs search for the “User Signed into Mailbox” action reveals the whole type of access (Mail app, browser, etc.). There is either no option to filter the access to OWA from the user GUI screen or run an audit search specifically for the OWA mailbox access. The only way to know the access to the mailbox via OWA is to export the results and search using the keyword OWA. Also, the report does not explicitly tell which browser the user used to log into the mailbox.
The requirement is firstly to have a search feature to find who accessed the mailbox via OWA, and secondly to set up alert emails just for the Mailbox Access through OWA.
I believe that this feature is essential as the Admin could come to know unauthorised accesses from any internal and external bad actors, quickly. Once an email account has been compromised, the first thing an adversary is expected to do is to log into the mailbox.
If the request makes sense, please add the following audit features.
1. Run a report to know the mailbox access via OWA or filter the OWA access at the GUI Screen.
2. Set up alert emails for the “User Signed into Mailbox via OWA”.