Known issues

This section explains known issues with this probe.

Note: There is also a known issue that affects all Java probes. See Troubleshooting Java probes expose secret credentials in the log files.

Probe does not show -version on AIX platforms

There is currently a known issue whereby the -version command does not return the probe's version details correctly when running on AIX platforms. The probe's version can be seen in the probe's log.

Probe for Microsoft EWS could access all mailboxes

There is a security concern due to Probe for Microsoft EWS apparent ability to access all mailboxes in the tenant domain.

Resolution

You can resolve this issue by limiting probe access to specific Exchange Online mailboxes.

By default, OAuth authentication enables the probe to access all mailboxes in an organization on Exchange Online. Administrators can identify the set of mailboxes to permit access by putting them in a mail-enabled security group. Administrators can then limit probe access to only that set of mailboxes by creating an application access policy for access to that group using the following steps:

  1. Create a new mail-enabled security group using steps in Create a group or use an existing one and identify the email address for the group.

  2. Add the user of mailbox to be accessed by probe into the group.

  3. Connect to EWS using Exchange Online PowerShell. For details, see Connect to Exchange Online PowerShell.

  4. Create an access policy on the registered Azure Active Directory application.

    New-ApplicationAccessPolicy -AppId <<Application/ClientID>> -PolicyScopeGroupId <<SecGroupEmail>> -AccessRight RestrictAccess -Description "IBM Netcool EWS Probe Mailbox"