Get exchange server controle back - send admin audit log in realtime to Power BI

A lot of times when I visit customers I notice that they struggle with the concept of managing exchange. Although they have extensive RBAC in place, they are still unable to understand who is doing what. They rely on their change procedures to know who is changing what in their awyaenvironment. We all know how good we as administrator are using proper change procedures in production environments ( Or even better test / preproduction environment ) when something breaks or needs to be done on Friday 17:00. Ask yourself the following questions and be honest do you have the proper measures in place for them:

Because I have seen way to many of these issue I have started working on a kind of backup for the admin audit log. A new way to make it visible, in real time, with a fast responding interface and easy to view the data without any 3rd party tools. The only thing you need is a Power BI free license ( or push all the data in a O365 Teams Power BI to have the data shared with the entire group ). Here is the sample dashboard from my environment. Notice there are 3 tabs "Admin vs Target, Servers, Raw data". You can filter dates or drill down in a rapport.

How do we create these nice reports of the admin audit log in Power BI

There is a functionality that Microsoft introduced into exchange 2010 that is not so commonly known. This functionality is called “Cmdlet extension agents” and you can find more info about it on the Microsoft technet site. Although you might find some blogs on the internet describing some basic functionality most of the capabilities are not well documented. With this functionality we can extend the build in PowerShell exchange commands to run additional code before, during or after execution of that command. In the backend the new code instantly customizes the default commands on all servers, for all admins and applications. As crazy as it sounds your now standardized your customization??!!??. By enabling this functionality we can extend all the commands we want to do a direct API call to Power BI or Azure event hubs ( if you want a blob storage backup and sent the data to Power BI). So now we know that we can manipulate the code running after a exchange command we can start extracting the data from the command and use that data to generate JSON strings. Since Microsoft build a nice application called Power BI that accepts JSON as input for streaming API and creates very nice graphical dashboards this was a must to explorer.

  

More info and how to implement

A manual on how to implement this is on my blogsite: Http://www.tech-savvy.nl

A sample report is available at : My Power BI sample report

Sample screenshots: