AskCody is using Azure ApplicationInsights to monitor and log request. All requests in the central AskCody Service is logged in Azure ApplicationInsights. Requests are logged in the European Azure Tennant for European Customers and the North American for our North American customers respectively. Azure ApplicationInsights enables AskCody to have a full audit trail on request and by this account for requests being made. (Please note that individual EWS requests are not being logged).
Also, audit logging and trails for the Service Account can be enabled in Office 365 by the customer. A full audit trail can be provided by both the IIS and EWS native logging functionality and by the Non-Owner Mailbox Access Report in Exchange Admin Center. The Non-Owner Mailbox Access Report in the Exchange Administration Center (EAC) lists the mailboxes that have been accessed by someone other than the person who owns the mailbox. When a mailbox is accessed by a non-owner, Microsoft Exchange logs information about this action in a mailbox audit log that’s stored as an email message in a hidden folder in the mailbox being audited. Entries from this log are displayed as search results and include a list of mailboxes accessed by a non-owner, who accessed the mailbox and when, the actions performed by the non-owner, and whether the action was successful. By default, entries in the mailbox audit log are retained for 90 days. This can be changed to meet your needs. When you enable mailbox audit logging for a mailbox, Microsoft Exchange logs specific actions by non-owners, including both administrators and users, called delegated users, who have been assigned permissions to a mailbox. You can also narrow the search to users inside or outside your organization. To learn more about this please visit Technet. Mailbox activities performed by the mailbox owner, a delegated user, or an administrator are logged. By default, mailbox auditing in Office 365 isn’t turned on. Mailbox audit logging must be turned on for each mailbox before mailbox activity will be logged.
As of June 20th, 2018 you are also able to audit calendar delegation and inbox rules. This allows you to keep an eye on changes made to calendar delegation and inbox and this also lets you know who made the changes.
To see a full list of Exchange Mailbox Activities that are logged by the mailbox audit logging, please go to https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-SecurityCompliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=enUS&ad=US&fromAR=1