Automatically generated based on tag:

Required privileges Page The "Global Reader" role on the Azure AD tenant is required to access the Azure AD sign-ins and audit logs.

The "View-Only Audit Logs" role in Exchange Online is required to access the Office 365 Unified and Mailbox Audit Logs.

The "Log Analytics Reader" role on the Azure subscription is required to access the Azure Activity logs.

The "Auditing\View audit log" permission is required in the Azure DevOps organization to access the Azure DevOps Activity logs.
Security review - Emails forwarding Page Emails can be forwarded to external or internal recipients using different mechanisms:

- Mailbox Email Forwarding.

- Mailbox Inbox rules.

- Mailbox Mail Flow / Transport rules (requires Exchange Admin privileges).
Security review - Licensing plans Page The licensing plans in use will define the level of logs available.

For instance, MailItemsAccessed mail access events will only be available for users associated to an E5 license.
Security review - Mailbox auditing configuration Page Mailbox auditing is on by default for the entire Office 365 tenant, but can be turned off.

While mailbox auditing cannot be disabled for a specific mailbox if mailbox auditing is enabled tenant-wide, mailbox audit logging can still be bypassed by defined users. In such circumstances, mailbox access and actions, to any mailbox, made by the bypassing account are not logged.
Security review - Mailbox delegations Page The following level / scope of mailbox delegations can be configured:

- Mailbox permissions: to allow items viewing at the mails box level (but not the right to send emails).

- Recipient SendAs permissions: to delegate the right to send emails from the mailbox (that transparently appear to come from the specified mailbox to the recipients).

- Recipient SendOnBehalf permissions: to delegate the right to send emails on behalf of the mailbox (and will appear as such to the receiving recipients).

- Folder-level permissions: to delegate the rights to interact with items at the mailboxes folder level.
Security review - OAuth permissions Page OAuth is a protocol to delegate access and grant third party websites or applications access to users data and perform operations on their behalf.

OAuth applications can be leveraged by threat actors: in illicit consent grant phishing attacks, to maintain persistence, or to automate operations (such as virtual machines creation for cryptomining activity).

View on GitHub