MC909164 - Microsoft Exchange Online: New fields for Exchange mailbox schema

Coming soon to Microsoft Exchange Online: A significant rollout that introduces two new subfields under AppAccessContext for improved field consistency and enhanced telemetry in other Exchange APIs:

• ClientAppId
• APIId

When this will happen:

General Availability (Worldwide): We will begin rolling out late October 2024 and expect to complete by mid-November 2024.

General Availability (GCC, GCC High): We will begin rolling out late November 2024 and expect to complete by late November 2024.

General Availability (DoD): We will begin rolling out early December 2024 and expect to complete by early December 2024.

How this will affect your organization:

Before this rollout: The ClientAppId and AppAccessContext fields exist across previous schemas outside of the Microsoft Exchange Web Service (EWS) schema.

After this rollout: The AppAccessContext field, which serves a similar purpose to the ClientAppId field, will be in EWS schema with two new subfields: ClientAppId and APIId. This update is on by default. The ClientAppId field and the ClientAppId subfield under the AppAccessContext field will both be populated more consistently and robustly with a new fallback.

Field definitions

• AppAccessContext: Used to provide additional information about the application context in which an event or action occurs. This field helps in tracking and auditing purposes by identifying the specific application or service involved in each operation.
  • ClientAppId: The original field used to identify the application that initiated a particular action or event. After this rollout, this subfield will have a new fallback to enhance capabilities.
  • APIId: Used to uniquely identify an API endpoint or service. This subfield is particularly useful in scenarios where admins need to filter or track activities specific to certain APIs, such as the Microsoft Exchange Web Service (EWS).

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout.

After the rollout, we recommend admins review and update your workflows to accommodate both the ClientAppIdand AppAccessContext fields. This will ensure that your operations continue seamlessly and leverage the new features effectively.

Accessing and using the new fields

1. Navigate to the admin center: Start by logging into the Microsoft 365 admin center.
2. Access the audit logs: Go to the section where audit logs are managed. This is typically found under the Security & Compliance section or the Microsoft Purview section.
3. Search for relevant logs: Use the search to filter logs that include the AppAccessContext and ClientAppId fields. You may need to specify the event types or actions that involve these fields.
4. View and analyze logs: After the logs are filtered, you can view the details, which will include the AppAccessContext and ClientAppId fields. These fields provide additional information about the application context and the client application involved in each operation.

Learn more

• The Engage Mailbox schema section in Office 365 Management Activity API schema | Microsoft Learn
• Mailbox audit logging in Exchange Server | Microsoft Learn