What is a one sentence summary of your feature request?
Please add an option to use custom certificates in authorization for Exchange Online activity.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Please add the option use a custom certificate to securely connect Netwrix Activity Monitor to the registered enterprise application. This is already available in Access Analyzer’s Exchange Modern Authentication connection profile ( Exchange Modern Authentication for User Credentials | Netwrix Product Documentation ).
Currently, there is no way to specify a certificate to use.
How do you currently solve the challenges you have by not having this feature?
Company policy requires the use of certificates signed by internal Certificate Authority. We are unable to use Activity Monitor to monitor to collect data from Exchange Online without this option.
For now, Exchange Online activity is collected by Access Analyzer, but my understanding is that Netwrix Access Analyzer 26 will use Activity Monitor to supply this data.
Hi @Joshua.Sexton,
Thank you for the suggestion. This is a valid use case, and we can consider adding support for certificate-based authentication for Exchange Online and other cloud sources in Activity Monitor.
Today, certificate authentication is supported only for Copilot activity. In that case, Activity Monitor uses the agent certificate for authentication. The certificate is self-signed by default, but it can be replaced with a CA-issued certificate in the agent properties.
Company policy requires the use of certificates signed by internal Certificate Authority.
Just to clarify the requirement: does the company policy prohibit the use of client secrets entirely, or is the main requirement that any certificate-based authentication must use a certificate issued by the internal CA?
Thanks,
Paul
Hi @paul_shmakov ,
Our security policy requires faster refresh cycles for client secrets, whereas certificate-based authentication allows longer validity periods. Therefore, we require certificate-based authentication issued by internal CA.
Thanks,
Sam
Hi @samuelbahri,
Thanks for the details.
We’re adding your idea to the roadmap: certificate-based authentication for Exchange Online, Entra ID, and SharePoint Online in Activity Monitor. I can’t give you a date yet, but I’ll sort out the scheduling with the team and keep this idea updated so you can follow it.
Thanks again for suggesting it.
Best,
Paul