Overview
The Code42 Microsoft Office 365 email data connection monitors your email environment to detect when a user emails an attachment to an untrusted user. However, no email file events appear in Incydr if you're connected to and monitoring the environment but aren't monitoring any email users in it. This article helps you resolve issues so that emailed file activity appears in Incydr as expected.
Resolve missing file events for Office 365 email
If file events aren't appearing in Incydr for email attachments, verify that:
- The email users that you want to monitor in your Microsoft environment:
- Have an email account or mailbox
- Are active users
- Are included in the user or group scoping used to monitor your environment
- The Microsoft Office 365 email service has not been deauthorized in the Code42 console, and the Code42 enterprise application exists in your Microsoft Azure environment with the correct permissions.
Deauthorizing an email service in the Code42 console prevents Incydr from accessing or displaying that data. If the connection no longer exists in either your Code42 or Microsoft Office 365 environment, you need to re-add Microsoft Office 365 as an email data connection.
File attachment contents
By default, the Microsoft Office 365 email data connection does not collect file attachment contents. File contents are only available for download if the insider risk agent observed and collected the same file in a separate event.
By default, the Microsoft Office 365 email data connection does not collect file attachment contents. File contents are only available for download if the insider risk agent observed and collected the same file in a separate event.