Administrators who collect message trace events for Microsoft Exchange online need to be aware of a protocol change that can impact your ability to collect Microsoft Exchange Online message trace events. As Microsoft is deprecating basic authentication on 31 December 2022, a new protocol for QRadar needs to be developed and released to continue to collect events from the Reporting Web Services API offered by Microsoft.
Administrators can confirm whether they collect message trace events for Exchange Online from the Log Source Management app. As a future protocol update is required to resolve security changes from Microsoft.
- Log in to the QRadar Console.
- Click the Admin tab > Log Sources.
- Review the Protocol Type list for Office 365 Message Trace REST API.
If you have Office 365 Message Trace REST API protocols enabled, QRadar Support recommends you subscribe to APAR IJ38984. An updated protocol for QRadar is expected to release before 31 December 2022 to resolve this issue in the long term to support Microsoft API changes. As more information is available, this technical note includes a change list to inform users of updates and corrections.
Was this topic helpful?
14 October 2022