MAPIHttp Logs

%3CLINGO-SUB%20id%3D%22lingo-sub-3301779%22%20slang%3D%22en-US%22%3EMAPIHttp%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3301779%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20in%20the%20prosses%20of%20starting%20to%20work%20to%20move%20to%20Exchange%20Online%20from%20Exchange%202016.%20As%20a%20part%20of%20that%2C%20we%20have%202%20Licenses%20types%20that%20we%20have%20purchased%20E3%20and%20F3.%20I%20am%20working%20to%20figure%20out%20what%20license%20users%2Froles%20should%20be%20assigned.%20One%20of%20the%20data%20points%20I%20would%20like%20to%20review%20is%20who%20is%20accessing%20their%20mailbox%20via%20the%20Outlook%20Client.%26nbsp%3B%20The%20MAPIHttp%20log%20looks%20to%20have%20that%20info.%20I%20am%20wondering%20if%20there%20is%20any%20public%20documentation%20on%20the%20logfile%20and%20what's%20all%20captured.%20The%20field%20I%20am%20really%20interested%20in%20is%20the%20Operations%20field.%26nbsp%3B%20I%20am%20hoping%20that%20the%20Operation%20of%20OwnerLogon*%20is%20an%20indication%20of%20a%20user%20being%20authenticated%20but%20would%20like%20more%20details%20as%20i%20see%20there%20can%20be%20back%20to%20back%20auths%20with%20different%20LogonIDs.%3CBR%20%2F%3EThanks%20in%20advance.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3301779%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

I am in the prosses of starting to work to move to Exchange Online from Exchange 2016. As a part of that, we have 2 Licenses types that we have purchased E3 and F3. I am working to figure out what license users/roles should be assigned. One of the data points I would like to review is who is accessing their mailbox via the Outlook Client.  The MAPIHttp log looks to have that info. I am wondering if there is any public documentation on the logfile and what's all captured. The field I am really interested in is the Operations field.  I am hoping that the Operation of OwnerLogon* is an indication of a user being authenticated but would like more details as i see there can be back to back auths with different LogonIDs.
Thanks in advance. 

0 Replies