Measures reported by EXOAdminActTest
It is important to keep track of the activities of administrators on Exchange Online, as the changes they make may impact the way Exchange Online functions and how it performs. This is why, it is good practice to periodically run the EXOAdminActTest test.
This test keeps tabs on the activities performed by administrators on Exchange Online. In the process, the test reports the count of operations that were performed, the number of admin users who performed the operations, and the count of client IPs from which the administrators initiated these operations. Detailed diagnostics reported by the test reveal which users performed which operations from which client IPs. In the process, you can accurately identify the admin user who has imposed the maximum operational load on Exchange Online. Moreover, if you notice any sudden change in the way the Exchange Online operates or any unexpected dip in the performance of Exchange Online, you can use this test and its detailed metrics to figure out if any critical configuration change was made, and if so, what change is it and which administrator effected the change.
Note:
This test will report metrics only if Audit Logging is enabled for Exchange Online.
Outputs of the test : One set of results for the Office 365 tenant being monitored.
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| Total_Operations |
Indicates the total number of operations performed by the administrators. |
Number |
Use the detailed diagnosis of this measure to know which operations were performed, who performed each operation, and when.
This information enables an efficient audit of the activities of administrators. |
| Unique_Users |
Indicates the number of unique admin users. |
Number |
Use the detailed diagnosis of this measure to know who are the unique users, what are the unique operations each user performed, and how many times every operation was performed. This way, you can quickly identify which user imposed the maximum operational load on Exchange Online. |
| Unique_Operations |
Indicates the number of unique operations performed by the administrators. |
Number |
Use the detailed diagnosis of this measure to know which operations were performed and how many times. From this, you can identify the operation that was performed most often on Exchange Online. |
| Unique_ClientIP |
Indicates the number of unique clients from which administrators initiated operations on Exchange Online. |
Number |
Use the detailed diagnosis of this measure to know the clients from which administrators operated Exchange Online. The unique operations performed from each client and the number of times every operation was performed from that client are also reported as part of detailed diagnostics. |
| Ms_AdminOperation |
Indicates the number of operations performed by Microsoft administrators. |
Number |
|
|