diff --git a/.github/workflows/checkAutomatedPR.yaml b/.github/workflows/checkAutomatedPR.yaml
index fc83cc13f55..985be930309 100644
--- a/.github/workflows/checkAutomatedPR.yaml
+++ b/.github/workflows/checkAutomatedPR.yaml
@@ -30,7 +30,7 @@ jobs:
         id: ValidateAutomatedPR
 
         run: |
-          $prBodyContent = "${{ env.BODY }}"
+          $prBodyContent = '${{ env.BODY }}'
           $isAutomatedPR = $false
           if ($prBodyContent -like '*Automation have successfully*')
           {
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/MailGuard365_Threats_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/MailGuard365_Threats_CL.json
new file mode 100644
index 00000000000..7c01b2d068d
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/MailGuard365_Threats_CL.json
@@ -0,0 +1,133 @@
+{
+    "Name": "MailGuard365_Threats_CL",
+    "Properties": [
+        {
+            "Name": "TenantId",
+            "Type": "String"
+        },
+        {
+            "Name": "SourceSystem",
+            "Type": "String"
+        },
+        {
+            "Name": "TimeGenerated",
+            "Type": "DateTime"
+        },
+        {
+            "Name": "MessageId_s",
+            "Type": "String"
+        },
+        {
+            "Name": "HeaderMessageId_s",
+            "Type": "String"
+        },
+        {
+            "Name": "UserId_g",
+            "Type": "String"
+        },
+        {
+            "Name": "CustomerTenantId_g",
+            "Type": "String"
+        },
+        {
+            "Name": "Score_d",
+            "Type": "Real"
+        },
+        {
+            "Name": "Virus_b",
+            "Type": "Bool"
+        },
+        {
+            "Name": "Category",
+            "Type": "String"
+        },
+        {
+            "Name": "Attachments_s",
+            "Type": "String"
+        },
+        {
+            "Name": "Sender_Email_s",
+            "Type": "Double"
+        },
+        {
+            "Name": "Sender_Domain_s",
+            "Type": "DateTime"
+        },
+        {
+            "Name": "Recipients_s",
+            "Type": "String"
+        },
+        {
+            "Name": "ReceivedHeaders_s",
+            "Type": "String"
+        },
+        {
+            "Name": "SenderHeader_s",
+            "Type": "String"
+        },
+        {
+            "Name": "ToHeader_s",
+            "Type": "Guid"
+        },
+        {
+            "Name": "CcHeader_s",
+            "Type": "String"
+        },
+        {
+            "Name": "Subject_s",
+            "Type": "String"
+        },
+        {
+            "Name": "OriginCountry_s",
+            "Type": "String"
+        },
+        {
+            "Name": "MessageDate_t",
+            "Type": "DateTime"
+        },
+        {
+            "Name": "MessageSize_d",
+            "Type": "Real"
+        },
+        {
+            "Name": "Action_s",
+            "Type": "String"
+        },
+        {
+            "Name": "ReceivedDateTime_d",
+            "Type": "Real"
+        },
+        {
+            "Name": "ForefrontAntiSpam_s",
+            "Type": "String"
+        },
+        {
+            "Name": "MicrosoftAntiSpam_s",
+            "Type": "String"
+        },
+        {
+            "Name": "IsInWhiteList_b",
+            "Type": "Bool"
+        },
+        {
+            "Name": "IsInBlackList_b",
+            "Type": "Bool"
+        },
+        {
+            "Name": "Email_s",
+            "Type": "String"
+        },
+        {
+            "Name": "HasAttachment_b",
+            "Type": "Bool"
+        },
+        {
+            "Name": "HasImage_b",
+            "Type": "Bool"
+        },
+        {
+            "Name": "Type",
+            "Type": "String"
+        }
+    ]
+}
diff --git a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
index c9f8b5969a5..7178de90393 100644
--- a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
+++ b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
@@ -197,5 +197,8 @@
   "DynatraceAuditLogs",
   "DynatraceProblems",
   "MicrosoftDefenderThreatIntelligence",
-  "CortexXDR"
+  "CortexXDR",
+  "PingFederateAma",
+  "vArmourACAma",
+  "ContrastProtectAma"
 ]
diff --git a/.script/utils/workbookCheckers/WorkbookPreviewImageValidationSkipList.json b/.script/utils/workbookCheckers/WorkbookPreviewImageValidationSkipList.json
index 4968d6d0778..4ecde38d3a7 100644
--- a/.script/utils/workbookCheckers/WorkbookPreviewImageValidationSkipList.json
+++ b/.script/utils/workbookCheckers/WorkbookPreviewImageValidationSkipList.json
@@ -17,6 +17,11 @@
     "RecordedFutureDomainC2DNSWorkbook",
     "vCenter",
     "RecordedFutureIPActiveC2Workbook",
-    "Fortiweb-workbook"
+    "Fortiweb-workbook",
+    "SecurityBridgeWorkbook",
+    "NCProtectWorkbook",
+    "SAP-Monitors-AlertsandPerformance",
+    "SAP-SecurityAuditlogandInitialAccess",
+    "SAP-AuditControls"
   ]
 }
diff --git a/ASIM/dev/ASimTester/ASimTester.csv b/ASIM/dev/ASimTester/ASimTester.csv
index ef9ceb8f691..ad67f24de97 100644
--- a/ASIM/dev/ASimTester/ASimTester.csv
+++ b/ASIM/dev/ASimTester/ASimTester.csv
@@ -248,7 +248,7 @@ DstZone,string,Optional,WebSession,,,
 Duration,int,Alias,Dns,,,DnsNetworkDuration
 Duration,int,Alias,NetworkSession,,,NetworkDuration
 Duration,int,Alias,WebSession,,,NetworkDuration
-Duration,string,Alias,Dhcp,,,DhcpSessionDuration
+Duration,int,Alias,Dhcp,,,DhcpSessionDuration
 Dvc,string,Mandatory,AuditEvent,,,
 Dvc,string,Mandatory,Authentication,,,
 Dvc,string,Mandatory,Common,,,
diff --git a/DataConnectors/O365 Data/O365APItoAS-Template.zip b/DataConnectors/O365 Data/O365APItoAS-Template.zip
index a6cfacd13d5..9c8233dda82 100644
Binary files a/DataConnectors/O365 Data/O365APItoAS-Template.zip and b/DataConnectors/O365 Data/O365APItoAS-Template.zip differ
diff --git a/DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1 b/DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1
index ea02a010837..1cc01dcc960 100644
--- a/DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1	
+++ b/DataConnectors/O365 Data/O365APItoAS-Template/TimerTrigger/run.ps1	
@@ -159,9 +159,10 @@ function Get-AuthToken{
             [string]$TenantGUID
         )
     # Create app of type Web app / API in Azure AD, generate a Client Secret, and update the client id and client secret here
-    $loginURL = "$env:loginEndpoint"
+    if ([string]::IsNullOrEmpty($loginURL)){$loginURL = "https://login.microsoftonline.com/"}
     # Get the tenant GUID from Properties | Directory ID under the Azure Active Directory section
-    $resource = "https://$env:managementApi"
+    
+    $resource = "https://$managementApi"
     # auth
     $body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
     $oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
@@ -185,7 +186,7 @@ function Get-O365Data{
     $contentTypes = $env:contentTypes.split(",")
     #Loop for each content Type like Audit.General
     foreach($contentType in $contentTypes){
-        $listAvailableContentUri = "https://$env:managementApi/api/v1.0/$tenantGUID/activity/feed/subscriptions/content?contentType=$contentType&PublisherIdentifier=$env:publisher&startTime=$startTime&endTime=$endTime"
+        $listAvailableContentUri = "https://$managementApi/api/v1.0/$tenantGUID/activity/feed/subscriptions/content?contentType=$contentType&PublisherIdentifier=$env:publisher&startTime=$startTime&endTime=$endTime"
         do {
             #List Available Content
             $contentResult = Invoke-RestMethod -Method GET -Headers $headerParams -Uri $listAvailableContentUri
@@ -249,7 +250,22 @@ if (-Not [string]::IsNullOrEmpty($LAURI)){
 		Exit
 	}
 }
-
+$LoginURL = $env:loginEndpoint
+if (-Not [string]::IsNullOrEmpty($LoginURL)){
+	if($LoginURL.Trim() -notin @("https://login.microsoftonline.us","https://login.partner.microsoftonline.cn","https://login.microsoftonline.com"))
+	{
+		Write-Error -Message "MCASActivity-SecurityEvents: Invalid Login Endpoint Uri." -ErrorAction Stop
+		Exit
+	}
+}
+$managementApi = $env:managementApi
+if (-Not [string]::IsNullOrEmpty($managementApi)){
+	if($managementApi.Trim() -notin @("manage.office.com","manage-gcc.office.com","manage.office365.us","manage.protection.apps.mil"))
+	{
+		Write-Error -Message "MCASActivity-SecurityEvents: Invalid Management API Endpoint." -ErrorAction Stop
+		Exit
+	}
+} else {$managementApi = "manage.office.com"}
 
 #add last run time to blob file to ensure no missed packages
 $endTime = $currentUTCtime | Get-Date -Format yyyy-MM-ddTHH:mm:ss
diff --git a/DataConnectors/Templates/Connector_UploadIndicatorsAPI_template.json b/DataConnectors/Templates/Connector_UploadIndicatorsAPI_template.json
index 986f7655774..9a600710c46 100644
--- a/DataConnectors/Templates/Connector_UploadIndicatorsAPI_template.json
+++ b/DataConnectors/Templates/Connector_UploadIndicatorsAPI_template.json
@@ -22,7 +22,7 @@
             "lastDataReceivedQuery": "ThreatIntelligenceIndicator| where isnotempty(TimeGenerated) and SourceSystem == 'PROVIDER SOURCE SYSTEM NAME' | summarize Time = max(TimeGenerated)"
         }
     ],
-    "connectivityCriteria": [
+    "connectivityCriterias": [
         {
             "type": "IsConnectedQuery",
             "value": [
@@ -78,4 +78,4 @@
             ]
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml b/Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml
index 603a873e2ca..97fe057b006 100644
--- a/Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml
+++ b/Detections/MultipleDataSources/SuspiciousLoginfromDeletedExternalIdentities.yaml
@@ -38,11 +38,12 @@ query: |
   | join kind=inner (
       SigninLogs
       | where TimeGenerated > ago(query_period)
+      | where ResultType == 0
       | summarize take_any(*) by UserPrincipalName
       | extend ParsedUserPrincipalName = translate("@", "_", UserPrincipalName)
       | project SigninLogs_TimeGenerated = TimeGenerated, UserPrincipalName, UserDisplayName, ResultType, ResultDescription, IPAddress, LocationDetails, AppDisplayName, ResourceDisplayName, ClientAppUsed, UserAgent, DeviceDetail, UserId, UserType, OriginalRequestId, ParsedUserPrincipalName
       ) on $left.ParsedDeletedUserPrincipalName == $right.ParsedUserPrincipalName
-  | where Delete_TimeGenerated > SigninLogs_TimeGenerated
+  | where SigninLogs_TimeGenerated > Delete_TimeGenerated
   | project-away ParsedDeletedUserPrincipalName, ParsedUserPrincipalName
   | extend
       AccountName = tostring(split(UserPrincipalName, "@")[0]),
@@ -58,7 +59,7 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPAddress
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
 metadata:
     source:
diff --git a/Logos/Commvault-Logo.svg b/Logos/Commvault-Logo.svg
new file mode 100644
index 00000000000..3fa535441a9
--- /dev/null
+++ b/Logos/Commvault-Logo.svg
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="11e4c987-5560-4f7f-b43e-1c68ad084a3f" width="1626" height="267.4" version="1.1" viewBox="0 0 1626 267.4" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
+<style type="text/css">
+	.st0{fill:#0B2E44;}
+	.st1{fill:#FF4A6A;}
+</style>
+<g transform="translate(-236.8,-266.3)">
+			
+				<path class="st0" d="m359 467.3c-12.7 4.8-27 7.2-43.1 7.2-52.7 0-79.1-25.5-79.1-76.5 0-48.3 26.4-72.4 79.1-72.4 16.1 0 30.5 2.4 43.1 7.2v24.6c-12.7-5.5-26.4-8.2-41.1-8.2-35.3 0-52.9 16.3-52.9 48.8 0 35.3 17.6 52.9 52.9 52.9 14.7 0 28.4-2.7 41.1-8.2z"/>
+				<path class="st0" d="m373.2 400.2c0-49.8 24.6-74.7 73.7-74.7 48.4 0 72.6 24.9 72.6 74.7 0 49.5-24.2 74.3-72.6 74.3-47 0-71.5-24.8-73.7-74.3zm73.7 50.6c29.6 0 44.4-17.1 44.4-51.2 0-33.6-14.8-50.4-44.4-50.4-30.3 0-45.5 16.8-45.5 50.4 0 34.2 15.2 51.2 45.5 51.2z"/>
+				<path class="st0" d="m540.9 473.4v-146.8h28.2l49.8 111.4 48.8-111.4h27.2v146.9h-25.2v-102.4l-39.8 102.3h-23.2l-40.7-102.3v102.3z"/>
+				<path class="st0" d="m725.7 473.4v-146.8h28.3l49.8 111.4 48.8-111.4h27.2v146.9h-25.2v-102.4l-39.8 102.3h-23.2l-40.7-102.3v102.3z"/>
+				<path class="st0" d="m1046 326.6-64.4 146.9h-29.3l-61.6-146.9h32.4l45.4 112.4 45.4-112.5h32.1z"/>
+				<path class="st0" d="m1016 473.4 62.3-146.9h29.3l63.7 146.9h-29.3l-18.5-40.1h-46l9.4-23.6h29.5l-24-55.2-48.4 118.8h-28z"/>
+				<path class="st0" d="m1175 415.7v-89.1h27.2v89.1c0 23.4 12 35.1 35.9 35.1 24 0 35.9-11.7 35.9-35.1v-89.1h27.2v89.1c0 39.2-21.1 58.7-63.2 58.7s-63-19.5-63-58.7z"/>
+				<path class="st0" d="m1356 326.6v123.2h68.6v23.6h-95.8v-146.8z"/>
+				<path class="st0" d="m1521 326.6v23.6h-42.1v123.2h-27.2v-123.2h-42.1v-23.6z"/>
+			
+		
+		
+			
+				<path class="st0" d="m1548 331.4c1.7 0 2.9 0.3 3.7 1s1.2 1.7 1.2 3-0.4 2.2-1.1 2.8-1.6 0.9-2.6 1l4 6.2h-2.3l-3.8-6h-2.3v6h-2.2v-14.1h5.4zm-0.9 6.2h1.4c0.4 0 0.8-0.1 1.2-0.3 0.3-0.2 0.6-0.4 0.8-0.7s0.3-0.7 0.3-1.3c0-0.5-0.1-0.8-0.3-1.1s-0.4-0.5-0.7-0.6-0.6-0.3-1-0.3c-0.4-0.1-0.7-0.1-1.1-0.1h-2.9v4.5h2.3z"/>
+			
+			<path class="st0" d="m1547 326.4c-6.6 0-12 5.4-12 12s5.4 12 12 12 12-5.4 12-12-5.4-12-12-12zm0 22.3c-5.7 0-10.3-4.6-10.3-10.3s4.6-10.3 10.3-10.3 10.3 4.6 10.3 10.3-4.6 10.3-10.3 10.3z"/>
+		
+	
+	
+		<path id="52c3a064-831c-4926-873f-364c977658d6" class="st1" d="m1745 266.3-118.1 68.1v131.1l118.1 68.2 118.1-68.2v-131.1zm97.7 187.5-97.7 56.4-97.7-56.4v-107.6l97.7-56.4 97.7 56.4z"/>
+		<path id="faedd9eb-4c18-47d3-ad83-2443eddefe64" class="st1" d="m1738 483c0 1-1.1 1.6-2 1.1l-68.7-39.7c-1.2-0.7-2-2-2-3.4v-76.8c0-1 1.1-1.6 2-1.1l68.7 39.7c1.2 0.7 2 2 2 3.4z"/>
+		<path id="886bfc75-882b-490b-9695-b0b028cf8175" class="st1" d="m1814 352.6-65.8 38c-1.6 0.9-3.6 0.9-5.2 0l-65.8-38c-0.9-0.5-0.9-1.8 0-2.3l65.8-38c1.6-0.9 3.6-0.9 5.2 0l65.8 38c0.8 0.6 0.8 1.8 0 2.3z"/>
+		<path id="97189196-4a52-417e-b6f9-6a76cefd4e54" class="st1" d="m1814 449.7-59.7 34.4c-0.9 0.5-2-0.1-2-1.1v-68.9c0-1 1.1-1.6 2-1.1l59.7 34.4c0.8 0.5 0.8 1.7 0 2.3z"/>
+	
+</g>
+</svg>
diff --git a/Logos/MailGuard365_logo.svg b/Logos/MailGuard365_logo.svg
new file mode 100644
index 00000000000..7ab436e9d27
--- /dev/null
+++ b/Logos/MailGuard365_logo.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><svg id="8d5b3462-e1d9-45a1-942e-36b1473e7f1c" xmlns="http://www.w3.org/2000/svg" width="75" height="75" viewBox="0 0 75 75"><image width="75" height="75" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEsAAABLCAYAAAA4TnrqAAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABIAAAAAQAAAEgAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAEugAwAEAAAAAQAAAEsAAAAAdzEKuAAAAAlwSFlzAAALEwAACxMBAJqcGAAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACltJREFUeAHtmn9sVWcZx597e/kxS9mIhXVQF6XJBAVK4tZsLuBIIFkCM5Z/ZD+SRRYduuwfq6J/yHD6h5mrPyLODZPtj+nGsmGXrE1GhA3BbIFQhaWGX1slpihapEJLZ0tvr+dzynN4+t5zzz3ntnTKzpNd3ve87/M+7/N83+fHe06XKXgkKcVCIBuLK2XyEUjBSuAIKVgpWAkQSMCaelYKVgIEErCmnpWClQCBBKypZ6VgJUAgAWvqWSlYCRBIwJp61v8rWP0XL8p9j7TI3rcP+iZ8/sFNcqL7LwnMmTgre3/j8R+GCorhWd4XnNERkZH3RYb+LXLxbyLn3xU51yXy/j9DhU5kcGDgovz9H2NyAe/Ee6cmIi7xWvbvfOfPoetyRaOFUSm897LkTzwnhf53pZAfGseSva5OMnMaJXPdPBnt65LMtBuk6q5fiVTNGMdXyUNNdbX85qlWof1fpCKwCn/6kVw6tk2yM+dJbul3JFO7TGRWvcj0OSI5AMkEduCWhSM/kfwb90vVmpf9Obxh+69fkt+/NRZKn1n2abm3eZ0/hpfc0vBxeazlUR+Q9t+9KS+82i6cJuMtD2+Uh7+1RZ58bLPcsvATwT7aedHjfc1bAz9yv75po9z/tZZx/ITRi23t8swTj0uY/JtunOePo+OsWdWy+ZEvy/OvvOp7MHPoUYqwdxyNnPS8xKPc3e2S+dRDIvNuE/nITd7ATG/0ClA+k/dPof+U5HsPiPT+0R9CCdwYQ/jRBwAUAaT+gUH5XuvPBVAx/CsPfDEYb33mWX88LPQAChDu+8I6X+7x7lP+AbihCpDkuVLyCXH24QDZ+wc/fcrXG93uWbMqOGS1z7ZFYGVvWOrPjx76vkj+P5a3uD90Tkb++tsx/uPP+S0ehUF33dHk/1AKwmvwBhQCQEIND2IMoi2VK5gHWGSt89ar7Cj+UvIBGbrX0xGes+f6At2Qza8UFYVhtmGD5P91SEZ6XpPMzt2Su32bZG5e460v9qrRrl8GcvM9HZKVbf6JBoNeJyr/4IWEShzCI6ysGi+EylGYfDxPSQsJXq803/R1TNsiz8rU3aFzUvAq4KU/PCQjHau96udUiMEzMnL86YBXMlVX+jF6eAVAPbnl2/LmK8/7pxu1jBy29+0D/mEQYnsv50QA5FmJPmNx5Gt+stcT1lvwVC5tkWdJdb1ksjkpcF24TKPnT8jw63dL9vrFUrXsmyLTqiX/1qM67be5T3513HPcB1UUIFCSk+98p8tPtGNGd/njLZu+JFtbtwl3L4iwZS1hQy5TAwlXDW34XPmMKXEA8CKX/AW565WXthisTFaq6u/xclGb5fP7o+ePyuj+jUXj2eqPSWbpGHgoQJVR0tOzz4CAkiiIcgMD7T44rVs2iyZuQogCQXvcS8hUtxd+0eobr55DIVAjf/z0s/4WyGUdPGHyrReygMTOHrr+c59tCmSqztpmwv5uWOh5Qy7te1B5IttcwwOSvXXrpNyzojYiZDGUwyDXYCCGUTimikLBEq/KDe9sjNSh6qO3StWdP/PuYDdH8k3WJEBx5SAXEXJURPWqydqjnJxwsLxVIzuXyehQX9H67Mxayd3pVcEbby+au9YHiqqhGly1/Lva9VuS/rTbnpBc86EPJVCAUNKzfIS890Tvjg6b919JXH3WD8M/xdXQWp0CZNHwLt0pxUYg2rNii/E+dQ0NydGjR+XgwbGvDXbp7NmzZdGiRbJ8+XI7XHF/9+7dUltbO2ny4ioSnbNiSunu7hYMKEeAtnr1at/Qcryl5u1eALZ+/fpSrMH4jh075MKFC8Fzuc6CBQtk7dq1RWwTDsPDhw8XAbVw4UJpamryfxikhMIdHR1y9uxZHUrU4r379+8P1rBPOWJNEqCi5E0oDDHahh3Kr1ixQmbMuPLVlNCDb9++fX6L8nhhc3PzOL4oJXUOoFgPcfpxwrrSg9E9bTshsA4c8D76XSaUJ8TCCO/Crdva2vxT5qTJb3GMVXmEHz+Iw+BQ4lBvb2/Ahn5xvDFY4HQqDkNO7PTp0764OMrDQ2gqqeH6HNW64dfY2CjkvzjU398fsMVdEyxwOhWD1dPTE4iKqzzep5QkPCoJP91HPYvDsvlT55O0FYfh4sWLE4URSqFwUqo0/NgHj9RDqampSbp1EX/FnlWJ4ao4WsRZT26z1S+uB6uVNgTr672/UE2QKgarkn25ZijFSbRUWq1+hFCSgsA+NlVMnz5dt664nTKwuC7YpI6XRBHV0vKXqrRRMoaHh4PpyfCsinNWoEVEh7DjdI8cORJ4COxUxajKRPjZ+1s5/lIqWM8CeDzbHgAFhx/5N05auCpgkWfwjDCKc9cJCz8AxNC4hrG3zVk2BaheXH34sR8HUi7MrwpYqozbkqeiPAp+N/wwePv27YEo9TgMI5RLeQRerfkOnrCwB3wtOsgFuLB3Qt18Ul6kVZi2UZ4FD4baC6quwzheetVIHS/VAgKeau9vygsQeGM5TwQg9IUXKqUbc1cFLAQr4f54hxuWGOG+snC6brhoXlF5Gjr6TIs3uIABeCmvs2vpAxSvYnpIYfLgu+pgsQmEIpygTbCABWgQCuNVSoQr8y4IzBM6VFf1BkDZsGFDbHB0D9tymOgHsWdYOE7Z1UFDRsFBKaqkkgURoPgqEQYU/Ny5mNf8x0G4nqty47bopfLwXvUyu37KwNJN8RZVCs9QkI4dO6YsRZ95ggnTUfB1yAKvY0lbezia+K2MKQeLzfnErARg+mMMr7FKK19Ya3nxhDADw9aVGrPvjxrilvcDAWvu3LmBDiR/ex9KetO2wOoXhkB4wo698Yct/UDAchWx+WEy3uFc+XGfw7zJrq3oUmpLfJwbud2QvgUH17clvtzpurLsM2GoF1guwEneJ9GJxK5kvV/HKvIs+8VAE7QKjNNapQg7co+SfZ/TsajWympoaAhYS1W0gMHpUE31EDk8q5OyVgQWgrSiAVY599XNaOHVMo8MZFnl8A4LgF3r9uFTXmTNnz8/KA4YHrdCsqe+RrFH2KsR4xWB5QqM8zdD1mCA5bWvPPb+ZV8/WBdGgK6XSObVQPsyzNuA+0bgygJs/jynxMFZXXSctmqrR3Ygbp+Y7uvr83+Dg4Ny5swZqaurG5d/rCyU2rVrl8/POEYtWbIkYLHyAPXkyZO+986Z4/3/9w4ha8+ePYFH450rV670ufAw1YsBeNEtn8+LzUNERGdnp+9RzCmtWrVqHJ+O007odQej3D+aks/ceOfCaUOVk3PfC1EmTB7G23sZRtr7FHvxamKLBLLQC6CSULliNSGwVBHCQfOQjoW1GARItkC4fACGvDiFAznIc4FSmbZq61hYq57pHrLLOylgIRTPwUD35JnDk7gi2HzCeBSprDDQkAdQ9kJaSpbq5Xo3/PoFNurwrNxJA8sKvVb7FVfDaxWQKLtSsKLQceZSsBxAoh5TsKLQceZSsBxAoh5TsKLQceZSsBxAoh5TsKLQceZSsBxAoh5TsKLQceZSsBxAoh5TsKLQceZSsBxAoh7/C447HHM5cmO3AAAAAElFTkSuQmCC"/></svg>
diff --git a/Sample Data/Custom/ESI-ExchangeAdminAuditLogs-SampleData.json b/Sample Data/Custom/ESI-ExchangeAdminAuditLogs-SampleData.json
index 9cdd36f62b7..d34fbb249fa 100644
--- a/Sample Data/Custom/ESI-ExchangeAdminAuditLogs-SampleData.json	
+++ b/Sample Data/Custom/ESI-ExchangeAdminAuditLogs-SampleData.json	
@@ -2,7 +2,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:03:19.865 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:03:19.865 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -27,7 +27,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:03:19.764 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:03:19.764 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -52,7 +52,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:03:19.671 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:03:19.671 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -77,7 +77,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:03:19.564 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:03:19.564 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -102,7 +102,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:03:19.451 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:03:19.451 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -127,7 +127,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:00:29.847 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:00:29.847 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -152,7 +152,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:00:29.684 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:00:29.684 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -177,7 +177,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:00:29.419 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:00:29.419 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -202,7 +202,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:00:29.152 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:00:29.152 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -227,7 +227,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 7:00:28.339 PM",
+    "TimeGenerated [UTC]": "08/28/2023, 7:00:28.339 PM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -252,7 +252,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:03:43.461 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:03:43.461 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -277,7 +277,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:03:43.291 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:03:43.291 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -302,7 +302,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:03:43.152 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:03:43.152 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -327,7 +327,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:03:43.019 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:03:43.019 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -352,7 +352,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:03:42.902 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:03:42.902 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -377,7 +377,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:00:22.461 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:00:22.461 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -402,7 +402,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:00:22.306 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:00:22.306 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
@@ -427,7 +427,7 @@
   {
     "TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
     "SourceSystem": "OpsManager",
-    "TimeGenerated [UTC]": "11/15/2022, 11:00:22.065 AM",
+    "TimeGenerated [UTC]": "08/28/2023, 11:00:22.065 AM",
     "Source": "MSExchange CmdletLogs",
     "EventLog": "MSExchange Management",
     "Computer": "IT-X2016-04.MyCompany.de",
diff --git a/Sample Data/Custom/ESI-ExchangeOnPremisesCollector-SampleData.json b/Sample Data/Custom/ESI-ExchangeOnPremisesCollector-SampleData.json
index 9332c9aba36..b868a57f16c 100644
--- a/Sample Data/Custom/ESI-ExchangeOnPremisesCollector-SampleData.json	
+++ b/Sample Data/Custom/ESI-ExchangeOnPremisesCollector-SampleData.json	
@@ -2,7 +2,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ESIEnvironment",
         "PSCmdL":  "Get-Domain",
         "Name":  "",
@@ -16,7 +16,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ESIEnvironment",
         "PSCmdL":  "Get-Domain",
         "Name":  "",
@@ -30,7 +30,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ESIEnvironment",
         "PSCmdL":  "Get-Domain",
         "Name":  "",
@@ -44,7 +44,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MbxDBJournaling",
         "PSCmdL":  "Get-Mailboxdatabase",
         "Name":  "",
@@ -58,7 +58,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MbxDBJournaling",
         "PSCmdL":  "Get-Mailboxdatabase",
         "Name":  "",
@@ -72,7 +72,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MbxDBJournaling",
         "PSCmdL":  "Get-Mailboxdatabase",
         "Name":  "",
@@ -86,7 +86,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MbxDBJournaling",
         "PSCmdL":  "Get-Mailboxdatabase",
         "Name":  "",
@@ -100,7 +100,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DAGEncryption",
         "PSCmdL":  "Get-DatabaseAvailabilityGroup",
         "Name":  "DAG01",
@@ -114,7 +114,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabases",
         "PSCmdL":  "Get-MailboxDatabase",
         "Name":  "",
@@ -128,7 +128,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabases",
         "PSCmdL":  "Get-MailboxDatabase",
         "Name":  "",
@@ -142,7 +142,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabases",
         "PSCmdL":  "Get-MailboxDatabase",
         "Name":  "",
@@ -156,7 +156,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabases",
         "PSCmdL":  "Get-MailboxDatabase",
         "Name":  "",
@@ -170,7 +170,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DAG",
         "PSCmdL":  "Get-DatabaseAvailabilityGroup",
         "Name":  "",
@@ -184,7 +184,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "AdminAuditLog",
         "PSCmdL":  "Get-AdminAuditLogConfig",
         "Name":  "Admin Audit Log Settings",
@@ -198,7 +198,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RemoteDomain",
         "PSCmdL":  "Get-RemoteDomain",
         "Name":  "Default",
@@ -212,7 +212,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RemoteDomain",
         "PSCmdL":  "Get-RemoteDomain",
         "Name":  "Hybrid Domain - Contoso.mail.onmicrosoft.com",
@@ -226,7 +226,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RemoteDomain",
         "PSCmdL":  "Get-RemoteDomain",
         "Name":  "Hybrid Domain - Contoso.onmicrosoft.com",
@@ -240,7 +240,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -254,7 +254,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -268,7 +268,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -282,7 +282,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -296,7 +296,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -310,7 +310,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -324,7 +324,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -338,7 +338,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseReceiveAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Receive-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -352,7 +352,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseSendAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Send-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -366,7 +366,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseSendAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Send-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -380,7 +380,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseSendAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Send-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -394,7 +394,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MailboxDatabaseSendAs",
         "PSCmdL":  "Get-MailboxDatabase -IncludePreExchange2013  | Get-ADPermission | ? {$_.ExtendedRights -like \"Send-AS\" -and $_.Deny -eq $false }",
         "Name":  "",
@@ -408,7 +408,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "AcceptedDomain",
         "PSCmdL":  "Get-AcceptedDomain",
         "Name":  "contosolife.com",
@@ -422,7 +422,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "AcceptedDomain",
         "PSCmdL":  "Get-AcceptedDomain",
         "Name":  "contoso.com",
@@ -436,7 +436,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "AcceptedDomain",
         "PSCmdL":  "Get-AcceptedDomain",
         "Name":  "Contoso.mail.onmicrosoft.com",
@@ -450,7 +450,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "OrganizationConfig",
         "PSCmdL":  "Get-OrganizationConfig",
         "Name":  "",
@@ -464,7 +464,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchangeServers",
         "PSCmdL":  "Get-ExchangeServer",
         "Name":  "Contoso-EDGE-01",
@@ -478,7 +478,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchangeServers",
         "PSCmdL":  "Get-ExchangeServer",
         "Name":  "AX-EX19-01",
@@ -492,7 +492,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchangeServers",
         "PSCmdL":  "Get-ExchangeServer",
         "Name":  "AX-EX19-02",
@@ -506,7 +506,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchangeServers",
         "PSCmdL":  "Get-ExchangeServer",
         "Name":  "AX-EX19-03",
@@ -520,7 +520,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchangeServers",
         "PSCmdL":  "Get-ExchangeServer",
         "Name":  "AX-EX19-04",
@@ -534,7 +534,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchVersion",
         "PSCmdL":  "invoke-command -ComputerName AX-EX19-01  -ScriptBlock {Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}}",
         "Name":  "",
@@ -548,7 +548,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchVersion",
         "PSCmdL":  "invoke-command -ComputerName AX-EX19-02  -ScriptBlock {Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}}",
         "Name":  "",
@@ -562,7 +562,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchVersion",
         "PSCmdL":  "invoke-command -ComputerName AX-EX19-03  -ScriptBlock {Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}}",
         "Name":  "",
@@ -576,7 +576,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExchVersion",
         "PSCmdL":  "invoke-command -ComputerName AX-EX19-04  -ScriptBlock {Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}}",
         "Name":  "",
@@ -590,7 +590,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Active Directory Permissions-Organization Management",
@@ -604,7 +604,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Active Directory Permissions-Organization Management-Delegating",
@@ -618,7 +618,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Address Lists-Organization Management",
@@ -632,7 +632,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Address Lists-Organization Management-Delegating",
@@ -646,7 +646,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ApplicationImpersonation-ContosoSvcAcc1",
@@ -660,7 +660,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ApplicationImpersonation-BRSvcAcc2",
@@ -674,7 +674,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ApplicationImpersonation-Hygiene Management",
@@ -688,7 +688,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ApplicationImpersonation-Organization Management-Delegating",
@@ -702,7 +702,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ArchiveApplication-Exchange Online-ApplicationAccount",
@@ -716,7 +716,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ArchiveApplication-Organization Management-Delegating",
@@ -730,7 +730,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ArchiveApplication-Teams-ApplicationAccount",
@@ -744,7 +744,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Audit Logs-Compliance Management",
@@ -758,7 +758,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Audit Logs-Organization Management",
@@ -772,7 +772,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Audit Logs-Organization Management-Delegating",
@@ -786,7 +786,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Audit Logs-Records Management",
@@ -800,7 +800,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Cmdlet Extension Agents-Organization Management",
@@ -814,7 +814,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Cmdlet Extension Agents-Organization Management-Delegating",
@@ -828,7 +828,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Compliance Admin-Compliance Management",
@@ -842,7 +842,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Compliance Admin-Organization Management",
@@ -856,7 +856,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Compliance Admin-Organization Management-Delegating",
@@ -870,7 +870,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Data Loss Prevention-Compliance Management",
@@ -884,7 +884,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Data Loss Prevention-Organization Management",
@@ -898,7 +898,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Data Loss Prevention-Organization Management-Delegating",
@@ -912,7 +912,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Database Availability Groups-Organization Management",
@@ -926,7 +926,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Database Availability Groups-Organization Management-Delegating",
@@ -940,7 +940,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Database Copies-Organization Management",
@@ -954,7 +954,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Database Copies-Organization Management-Delegating",
@@ -968,7 +968,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Database Copies-Server Management",
@@ -982,7 +982,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Databases-Organization Management",
@@ -996,7 +996,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Databases-Organization Management-Delegating",
@@ -1010,7 +1010,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Databases-Server Management",
@@ -1024,7 +1024,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Disaster Recovery-Organization Management",
@@ -1038,7 +1038,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Disaster Recovery-Organization Management-Delegating",
@@ -1052,7 +1052,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Distribution Groups-Organization Management",
@@ -1066,7 +1066,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Distribution Groups-Organization Management-Delegating",
@@ -1080,7 +1080,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Distribution Groups-Recipient Management",
@@ -1094,7 +1094,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Edge Subscriptions-Organization Management",
@@ -1108,7 +1108,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Edge Subscriptions-Organization Management-Delegating",
@@ -1122,7 +1122,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "E-Mail Address Policies-Organization Management",
@@ -1136,7 +1136,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "E-Mail Address Policies-Organization Management-Delegating",
@@ -1150,7 +1150,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Connectors-Organization Management",
@@ -1164,7 +1164,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Connectors-Organization Management-Delegating",
@@ -1178,7 +1178,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Connectors-Server Management",
@@ -1192,7 +1192,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Server Certificates-Organization Management",
@@ -1206,7 +1206,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Server Certificates-Organization Management-Delegating",
@@ -1220,7 +1220,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Server Certificates-Server Management",
@@ -1234,7 +1234,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Servers-Organization Management",
@@ -1248,7 +1248,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Servers-Organization Management-Delegating",
@@ -1262,7 +1262,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Servers-Server Management",
@@ -1276,7 +1276,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Virtual Directories-Organization Management",
@@ -1290,7 +1290,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Virtual Directories-Organization Management-Delegating",
@@ -1304,7 +1304,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Exchange Virtual Directories-Server Management",
@@ -1318,7 +1318,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "ExchangeCrossServiceIntegration-Organization Management-Delegati",
@@ -1332,7 +1332,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Federated Sharing-Organization Management",
@@ -1346,7 +1346,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Federated Sharing-Organization Management-Delegating",
@@ -1360,7 +1360,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Information Rights Management-Compliance Management",
@@ -1374,7 +1374,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Information Rights Management-Organization Management",
@@ -1388,7 +1388,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Information Rights Management-Organization Management-Delegating",
@@ -1402,7 +1402,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Journaling-Compliance Management",
@@ -1416,7 +1416,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Journaling-Organization Management",
@@ -1430,7 +1430,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Journaling-Organization Management-Delegating",
@@ -1444,7 +1444,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Journaling-Records Management",
@@ -1458,7 +1458,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Legal Hold-Discovery Management",
@@ -1472,7 +1472,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Legal Hold-Organization Management",
@@ -1486,7 +1486,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Legal Hold-Organization Management-Delegating",
@@ -1500,7 +1500,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "LegalHoldApplication-Exchange Online-ApplicationAccount",
@@ -1514,7 +1514,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "LegalHoldApplication-Organization Management-Delegating",
@@ -1528,7 +1528,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Enabled Public Folders-Organization Management",
@@ -1542,7 +1542,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Enabled Public Folders-Organization Management-Delegating",
@@ -1556,7 +1556,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Enabled Public Folders-Public Folder Management",
@@ -1570,7 +1570,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Recipient Creation-Organization Management",
@@ -1584,7 +1584,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Recipient Creation-Organization Management-Delegating",
@@ -1598,7 +1598,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Recipient Creation-Recipient Management",
@@ -1612,7 +1612,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Recipients-Organization Management",
@@ -1626,7 +1626,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Recipients-Organization Management-Delegating",
@@ -1640,7 +1640,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Recipients-Recipient Management",
@@ -1654,7 +1654,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Tips-Organization Management",
@@ -1668,7 +1668,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mail Tips-Organization Management-Delegating",
@@ -1682,7 +1682,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Import Export-contosolife-A",
@@ -1696,7 +1696,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Import Export-Organization Management",
@@ -1710,7 +1710,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Import Export-Organization Management-Delegating",
@@ -1724,7 +1724,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Import Export-U_SvcAccount",
@@ -1738,7 +1738,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Search-Discovery Management",
@@ -1752,7 +1752,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Search-Exchange Online-ApplicationAccount",
@@ -1766,7 +1766,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Search-Organization Management-Delegating",
@@ -1780,7 +1780,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Mailbox Search-U_SvcAccount",
@@ -1794,7 +1794,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MailboxSearchApplication-Exchange Online-ApplicationAccount",
@@ -1808,7 +1808,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MailboxSearchApplication-Organization Management-Delegating",
@@ -1822,7 +1822,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MeetingGraphApplication-Exchange Online-ApplicationAccount",
@@ -1836,7 +1836,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MeetingGraphApplication-Organization Management-Delegating",
@@ -1850,7 +1850,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Message Tracking-Compliance Management",
@@ -1864,7 +1864,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Message Tracking-Organization Management",
@@ -1878,7 +1878,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Message Tracking-Organization Management-Delegating",
@@ -1892,7 +1892,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Message Tracking-Recipient Management",
@@ -1906,7 +1906,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Message Tracking-Records Management",
@@ -1920,7 +1920,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Migration-Organization Management",
@@ -1934,7 +1934,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Migration-Organization Management-Delegating",
@@ -1948,7 +1948,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Migration-Recipient Management",
@@ -1962,7 +1962,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Monitoring-Organization Management",
@@ -1976,7 +1976,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Monitoring-Organization Management-Delegating",
@@ -1990,7 +1990,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Monitoring-Server Management",
@@ -2004,7 +2004,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Monitoring-View-Only Organization Management",
@@ -2018,7 +2018,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Move Mailboxes-Organization Management",
@@ -2032,7 +2032,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Move Mailboxes-Organization Management-Delegating",
@@ -2046,7 +2046,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Move Mailboxes-Recipient Management",
@@ -2060,7 +2060,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "My Custom Apps-Default Role Assignment Policy",
@@ -2074,7 +2074,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "My Custom Apps-Organization Management-Delegating",
@@ -2088,7 +2088,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "My Marketplace Apps-Default Role Assignment Policy",
@@ -2102,7 +2102,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "My Marketplace Apps-Organization Management-Delegating",
@@ -2116,7 +2116,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "My ReadWriteMailbox Apps-Default Role Assignment Policy",
@@ -2130,7 +2130,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "My ReadWriteMailbox Apps-Organization Management-Delegating",
@@ -2144,7 +2144,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyBaseOptions-Default Role Assignment Policy",
@@ -2158,7 +2158,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyBaseOptions-Organization Management-Delegating",
@@ -2172,7 +2172,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyContactInformation-Default Role Assignment Policy",
@@ -2186,7 +2186,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyContactInformation-Organization Management-Delegating",
@@ -2200,7 +2200,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyDiagnostics-Organization Management-Delegating",
@@ -2214,7 +2214,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyDistributionGroupMembership-Default Role Assignment Policy",
@@ -2228,7 +2228,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyDistributionGroupMembership-Organization Management-Delegating",
@@ -2242,7 +2242,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyDistributionGroups-Organization Management-Delegating",
@@ -2256,7 +2256,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyMailboxDelegation-Organization Management-Delegating",
@@ -2270,7 +2270,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyProfileInformation-Organization Management-Delegating",
@@ -2284,7 +2284,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyRetentionPolicies-Organization Management-Delegating",
@@ -2298,7 +2298,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyTeamMailboxes-Default Role Assignment Policy",
@@ -2312,7 +2312,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyTeamMailboxes-Organization Management-Delegating",
@@ -2326,7 +2326,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyTextMessaging-Default Role Assignment Policy",
@@ -2340,7 +2340,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyTextMessaging-Organization Management-Delegating",
@@ -2354,7 +2354,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyVoiceMail-Default Role Assignment Policy",
@@ -2368,7 +2368,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "MyVoiceMail-Organization Management-Delegating",
@@ -2382,7 +2382,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "OfficeExtensionApplication-Organization Management-Delegating",
@@ -2396,7 +2396,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Org Custom Apps-Organization Management",
@@ -2410,7 +2410,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Org Custom Apps-Organization Management-Delegating",
@@ -2424,7 +2424,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Org Marketplace Apps-Organization Management",
@@ -2438,7 +2438,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Org Marketplace Apps-Organization Management-Delegating",
@@ -2452,7 +2452,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Organization Client Access-Organization Management",
@@ -2466,7 +2466,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Organization Client Access-Organization Management-Delegating",
@@ -2480,7 +2480,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Organization Configuration-Organization Management",
@@ -2494,7 +2494,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Organization Configuration-Organization Management-Delegating",
@@ -2508,7 +2508,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Organization Transport Settings-Organization Management",
@@ -2522,7 +2522,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Organization Transport Settings-Organization Management-Delegati",
@@ -2536,7 +2536,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "POP3 And IMAP4 Protocols-Organization Management",
@@ -2550,7 +2550,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "POP3 And IMAP4 Protocols-Organization Management-Delegating",
@@ -2564,7 +2564,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "POP3 And IMAP4 Protocols-Server Management",
@@ -2578,7 +2578,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Public Folders-Organization Management",
@@ -2592,7 +2592,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Public Folders-Organization Management-Delegating",
@@ -2606,7 +2606,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Public Folders-Public Folder Management",
@@ -2620,7 +2620,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Receive Connectors-Hygiene Management",
@@ -2634,7 +2634,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Receive Connectors-Organization Management",
@@ -2648,7 +2648,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Receive Connectors-Organization Management-Delegating",
@@ -2662,7 +2662,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Receive Connectors-Server Management",
@@ -2676,7 +2676,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Recipient Policies-Organization Management",
@@ -2690,7 +2690,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Recipient Policies-Organization Management-Delegating",
@@ -2704,7 +2704,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Recipient Policies-Recipient Management",
@@ -2718,7 +2718,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Remote and Accepted Domains-Organization Management",
@@ -2732,7 +2732,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Remote and Accepted Domains-Organization Management-Delegating",
@@ -2746,7 +2746,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Retention Management-Compliance Management",
@@ -2760,7 +2760,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Retention Management-Organization Management",
@@ -2774,7 +2774,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Retention Management-Organization Management-Delegating",
@@ -2788,7 +2788,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Retention Management-Records Management",
@@ -2802,7 +2802,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Role Management-Organization Management",
@@ -2816,7 +2816,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Role Management-Organization Management-Delegating",
@@ -2830,7 +2830,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Admin-Organization Management",
@@ -2844,7 +2844,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Admin-Organization Management-Delegating",
@@ -2858,7 +2858,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Admin-Security Administrator",
@@ -2872,7 +2872,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Group Creation and Membership-Organization Management",
@@ -2886,7 +2886,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Group Creation and Membership-Organization Management-D",
@@ -2900,7 +2900,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Reader-Organization Management",
@@ -2914,7 +2914,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Reader-Organization Management-Delegating",
@@ -2928,7 +2928,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Security Reader-Security Reader",
@@ -2942,7 +2942,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Send Connectors-Organization Management",
@@ -2956,7 +2956,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Send Connectors-Organization Management-Delegating",
@@ -2970,7 +2970,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "SendMailApplication-Organization Management-Delegating",
@@ -2984,7 +2984,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Support Diagnostics-Organization Management-Delegating",
@@ -2998,7 +2998,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Team Mailboxes-Organization Management",
@@ -3012,7 +3012,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Team Mailboxes-Organization Management-Delegating",
@@ -3026,7 +3026,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Team Mailboxes-Recipient Management",
@@ -3040,7 +3040,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "TeamMailboxLifecycleApplication-Exchange Online-ApplicationAccou",
@@ -3054,7 +3054,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "TeamMailboxLifecycleApplication-Organization Management-Delegati",
@@ -3068,7 +3068,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Agents-Hygiene Management",
@@ -3082,7 +3082,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Agents-Organization Management",
@@ -3096,7 +3096,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Agents-Organization Management-Delegating",
@@ -3110,7 +3110,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Hygiene-Hygiene Management",
@@ -3124,7 +3124,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Hygiene-Organization Management",
@@ -3138,7 +3138,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Hygiene-Organization Management-Delegating",
@@ -3152,7 +3152,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Queues-Organization Management",
@@ -3166,7 +3166,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Queues-Organization Management-Delegating",
@@ -3180,7 +3180,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Queues-Server Management",
@@ -3194,7 +3194,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Rules-Compliance Management",
@@ -3208,7 +3208,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Rules-Organization Management",
@@ -3222,7 +3222,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Rules-Organization Management-Delegating",
@@ -3236,7 +3236,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Transport Rules-Records Management",
@@ -3250,7 +3250,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UM Mailboxes-Organization Management",
@@ -3264,7 +3264,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UM Mailboxes-Organization Management-Delegating",
@@ -3278,7 +3278,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UM Mailboxes-UM Management",
@@ -3292,7 +3292,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UM Prompts-Organization Management",
@@ -3306,7 +3306,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UM Prompts-Organization Management-Delegating",
@@ -3320,7 +3320,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UM Prompts-UM Management",
@@ -3334,7 +3334,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Unified Messaging-Organization Management",
@@ -3348,7 +3348,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Unified Messaging-Organization Management-Delegating",
@@ -3362,7 +3362,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "Unified Messaging-UM Management",
@@ -3376,7 +3376,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UnScoped Role Management-Organization Management-Delegating",
@@ -3390,7 +3390,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "User Options-Help Desk",
@@ -3404,7 +3404,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "User Options-Organization Management",
@@ -3418,7 +3418,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "User Options-Organization Management-Delegating",
@@ -3432,7 +3432,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UserApplication-Exchange Online-ApplicationAccount",
@@ -3446,7 +3446,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UserApplication-Organization Management-Delegating",
@@ -3460,7 +3460,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "UserApplication-Teams-ApplicationAccount",
@@ -3474,7 +3474,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Audit Logs-Compliance Management",
@@ -3488,7 +3488,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Audit Logs-Organization Management",
@@ -3502,7 +3502,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Audit Logs-Organization Management-Delegating",
@@ -3516,7 +3516,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Configuration-Compliance Management",
@@ -3530,7 +3530,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Configuration-Delegated Setup",
@@ -3544,7 +3544,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Configuration-Hygiene Management",
@@ -3558,7 +3558,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Configuration-Organization Management",
@@ -3572,7 +3572,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Configuration-Organization Management-Delegating",
@@ -3586,7 +3586,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Configuration-View-Only Organization Management",
@@ -3600,7 +3600,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Recipients-Compliance Management",
@@ -3614,7 +3614,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Recipients-Help Desk",
@@ -3628,7 +3628,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Recipients-Hygiene Management",
@@ -3642,7 +3642,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Recipients-Organization Management",
@@ -3656,7 +3656,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Recipients-Organization Management-Delegating",
@@ -3670,7 +3670,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "View-Only Recipients-View-Only Organization Management",
@@ -3684,7 +3684,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "SleeploadManagement-Organization Management",
@@ -3698,7 +3698,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRA",
         "PSCmdL":  "Get-ManagementRoleAssignment",
         "Name":  "SleeploadManagement-Organization Management-Delegating",
@@ -3712,7 +3712,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRCustom",
         "PSCmdL":  "Get-ManagementRole | ? { $_.IsRootRole -eq $false -and $_.IsEndUserRole -eq $false }",
         "Name":  "",
@@ -3726,7 +3726,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRCustomDetails",
         "PSCmdL":  "$result=@();$AllCustomMR=Get-ManagementRole | ? { $_.IsRootRole -eq $false -and $_.IsEndUserRole -eq $false };foreach ($CustomMR in $AllCustomMR) {$ParentRole = $CustomMR.Parent ; $result += Get-ManagementRole $CustomMR | Get-ManagementRoleEntry | select Role,Name,Type,WhenCreated,WhenChanged,@{Name=\"Parameters\";Expression={[string]::join(\";\",($_.Parameters))}} };$result",
         "Name":  "",
@@ -3740,7 +3740,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "MRScope",
         "PSCmdL":  "Get-Managementscope",
         "Name":  "",
@@ -3754,7 +3754,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PopSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-PopSettings",
         "Name":  "",
@@ -3768,7 +3768,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PopSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-PopSettings",
         "Name":  "",
@@ -3782,7 +3782,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PopSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-PopSettings",
         "Name":  "",
@@ -3796,7 +3796,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PopSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-PopSettings",
         "Name":  "",
@@ -3810,7 +3810,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "IMAPSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-IMAPSettings",
         "Name":  "",
@@ -3824,7 +3824,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "IMAPSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-IMAPSettings",
         "Name":  "",
@@ -3838,7 +3838,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "IMAPSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-IMAPSettings",
         "Name":  "",
@@ -3852,7 +3852,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "IMAPSettings",
         "PSCmdL":  "Get-ClientAccessService | Get-IMAPSettings",
         "Name":  "",
@@ -3866,7 +3866,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-01 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeImap4",
@@ -3880,7 +3880,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-01 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeIMAP4BE",
@@ -3894,7 +3894,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-01 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePop3",
@@ -3908,7 +3908,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-01 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePOP3BE",
@@ -3922,7 +3922,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-02 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeImap4",
@@ -3936,7 +3936,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-02 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeIMAP4BE",
@@ -3950,7 +3950,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-02 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePop3",
@@ -3964,7 +3964,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-02 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePOP3BE",
@@ -3978,7 +3978,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-03 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeImap4",
@@ -3992,7 +3992,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-03 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeIMAP4BE",
@@ -4006,7 +4006,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-03 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePop3",
@@ -4020,7 +4020,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-03 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePOP3BE",
@@ -4034,7 +4034,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-04 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeImap4",
@@ -4048,7 +4048,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-04 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangeIMAP4BE",
@@ -4062,7 +4062,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-04 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePop3",
@@ -4076,7 +4076,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "POPIMAPServicesStatus",
         "PSCmdL":  "Get-Service -ComputerName AX-EX19-04 | where {$_.Name -like \"MSExchangePOP3*\" -or $_.Name -like \"MSExchangeIMAP*\"}",
         "Name":  "MSExchangePOP3BE",
@@ -4090,7 +4090,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Compliance Management",
@@ -4104,7 +4104,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Delegated Setup",
@@ -4118,7 +4118,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Discovery Management",
@@ -4132,7 +4132,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Help Desk",
@@ -4146,7 +4146,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Hygiene Management",
@@ -4160,7 +4160,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Organization Management",
@@ -4174,7 +4174,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Public Folder Management",
@@ -4188,7 +4188,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Recipient Management",
@@ -4202,7 +4202,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Records Management",
@@ -4216,7 +4216,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Security Administrator",
@@ -4230,7 +4230,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Security Reader",
@@ -4244,7 +4244,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "Server Management",
@@ -4258,7 +4258,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "UM Management",
@@ -4272,7 +4272,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RoleGroup",
         "PSCmdL":  "Get-RoleGroup",
         "Name":  "View-Only Organization Management",
@@ -4286,7 +4286,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ETS",
         "PSCmdL":  "Get-adgroupmember \"Exchange Trusted Subsystem\" -server contoso.com",
         "Name":  "ContosoSvcO365EWS",
@@ -4300,7 +4300,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ETS",
         "PSCmdL":  "Get-adgroupmember \"Exchange Trusted Subsystem\" -server contoso.com",
         "Name":  "AX-EX19-01",
@@ -4314,7 +4314,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ETS",
         "PSCmdL":  "Get-adgroupmember \"Exchange Trusted Subsystem\" -server contoso.com",
         "Name":  "AX-EX19-02",
@@ -4328,7 +4328,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ETS",
         "PSCmdL":  "Get-adgroupmember \"Exchange Trusted Subsystem\" -server contoso.com",
         "Name":  "AX-EX19-03",
@@ -4342,7 +4342,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ETS",
         "PSCmdL":  "Get-adgroupmember \"Exchange Trusted Subsystem\" -server contoso.com",
         "Name":  "AX-EX19-04",
@@ -4356,7 +4356,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "EWP",
         "PSCmdL":  "Get-adgroupmember \"Exchange Windows Permissions\" -server contoso.com",
         "Name":  "Exchange Trusted Subsystem",
@@ -4370,7 +4370,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4384,7 +4384,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4398,7 +4398,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4412,7 +4412,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4426,7 +4426,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4440,7 +4440,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4454,7 +4454,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4468,7 +4468,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4482,7 +4482,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4496,7 +4496,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4510,7 +4510,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4524,7 +4524,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4538,7 +4538,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4552,7 +4552,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4566,7 +4566,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4580,7 +4580,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4594,7 +4594,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4608,7 +4608,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4622,7 +4622,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4636,7 +4636,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4650,7 +4650,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4664,7 +4664,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4678,7 +4678,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4692,7 +4692,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4706,7 +4706,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4720,7 +4720,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4734,7 +4734,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4748,7 +4748,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4762,7 +4762,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4776,7 +4776,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4790,7 +4790,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4804,7 +4804,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4818,7 +4818,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4832,7 +4832,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4846,7 +4846,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4860,7 +4860,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4874,7 +4874,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4888,7 +4888,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4902,7 +4902,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4916,7 +4916,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4930,7 +4930,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4944,7 +4944,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4958,7 +4958,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4972,7 +4972,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -4986,7 +4986,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5000,7 +5000,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5014,7 +5014,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5028,7 +5028,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5042,7 +5042,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5056,7 +5056,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5070,7 +5070,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5084,7 +5084,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5098,7 +5098,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5112,7 +5112,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5126,7 +5126,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5140,7 +5140,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5154,7 +5154,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5168,7 +5168,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5182,7 +5182,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5196,7 +5196,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5210,7 +5210,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5224,7 +5224,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5238,7 +5238,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5252,7 +5252,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5266,7 +5266,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5280,7 +5280,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ExGroup",
         "PSCmdL":  "get-adgroup  -filter * -searchbase \"ou=Microsoft Exchange Security Groups,DC=Contoso,DC=com\" -server contoso.com",
         "Name":  "",
@@ -5294,7 +5294,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5308,7 +5308,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5322,7 +5322,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5336,7 +5336,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5350,7 +5350,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5364,7 +5364,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5378,7 +5378,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5392,7 +5392,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5406,7 +5406,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5420,7 +5420,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5434,7 +5434,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5448,7 +5448,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5462,7 +5462,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5476,7 +5476,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5490,7 +5490,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5504,7 +5504,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5518,7 +5518,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5532,7 +5532,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5546,7 +5546,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5560,7 +5560,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5574,7 +5574,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5588,7 +5588,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5602,7 +5602,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5616,7 +5616,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ADGroup",
         "PSCmdL":  "@( \"S-1-5-32-544\", \"S-1-5-32-548\",\"S-1-5-21-955129242-3502184188-2641241535-512\",\"S-1-5-21-955129242-3502184188-2641241535-518\",\"S-1-5-21-955129242-3502184188-2641241535-519\") | %{ Get-ADgroup -identity $_ -server Contoso-DC-01.contoso.com }",
         "Name":  "",
@@ -5630,7 +5630,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5644,7 +5644,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5658,7 +5658,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5672,7 +5672,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5686,7 +5686,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5700,7 +5700,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5714,7 +5714,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5728,7 +5728,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5742,7 +5742,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5756,7 +5756,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5770,7 +5770,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5784,7 +5784,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5798,7 +5798,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5812,7 +5812,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5826,7 +5826,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5840,7 +5840,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5854,7 +5854,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5868,7 +5868,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5882,7 +5882,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5896,7 +5896,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5910,7 +5910,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5924,7 +5924,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5938,7 +5938,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5952,7 +5952,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5966,7 +5966,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5980,7 +5980,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -5994,7 +5994,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -6008,7 +6008,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -6022,7 +6022,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -6036,7 +6036,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -6050,7 +6050,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -6064,7 +6064,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "DirectRoleAssignments",
         "PSCmdL":  "Get-ManagementRoleAssignment | where {$_.RoleAssigneeType -in (\"SecurityGroup\",\"User\")} | select *, @{Name=\"ObjectClass\";Expression={\"ManagementRoleAssignment\"}} -ExcludeProperty ObjectClass",
         "Name":  "",
@@ -6078,7 +6078,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6092,7 +6092,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6106,7 +6106,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6120,7 +6120,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6134,7 +6134,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6148,7 +6148,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6162,7 +6162,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6176,7 +6176,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6190,7 +6190,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6204,7 +6204,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6218,7 +6218,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6232,7 +6232,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6246,7 +6246,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6260,7 +6260,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6274,7 +6274,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6288,7 +6288,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6302,7 +6302,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6316,7 +6316,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6330,7 +6330,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6344,7 +6344,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6358,7 +6358,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6372,7 +6372,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6386,7 +6386,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6400,7 +6400,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6414,7 +6414,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6428,7 +6428,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6442,7 +6442,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6456,7 +6456,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6470,7 +6470,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6484,7 +6484,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6498,7 +6498,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6512,7 +6512,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6526,7 +6526,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6540,7 +6540,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6554,7 +6554,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6568,7 +6568,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6582,7 +6582,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6596,7 +6596,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6610,7 +6610,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-01\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-01 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-01\"}",
         "Name":  "",
@@ -6624,7 +6624,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6638,7 +6638,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6652,7 +6652,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6666,7 +6666,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6680,7 +6680,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6694,7 +6694,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6708,7 +6708,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6722,7 +6722,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6736,7 +6736,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6750,7 +6750,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6764,7 +6764,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6778,7 +6778,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6792,7 +6792,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6806,7 +6806,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6820,7 +6820,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6834,7 +6834,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6848,7 +6848,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6862,7 +6862,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6876,7 +6876,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6890,7 +6890,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6904,7 +6904,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6918,7 +6918,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6932,7 +6932,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6946,7 +6946,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6960,7 +6960,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6974,7 +6974,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -6988,7 +6988,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7002,7 +7002,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7016,7 +7016,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7030,7 +7030,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7044,7 +7044,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7058,7 +7058,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7072,7 +7072,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7086,7 +7086,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7100,7 +7100,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7114,7 +7114,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7128,7 +7128,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7142,7 +7142,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7156,7 +7156,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7170,7 +7170,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7184,7 +7184,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7198,7 +7198,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7212,7 +7212,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7226,7 +7226,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7240,7 +7240,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7254,7 +7254,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7268,7 +7268,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7282,7 +7282,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7296,7 +7296,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7310,7 +7310,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7324,7 +7324,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7338,7 +7338,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7352,7 +7352,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7366,7 +7366,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7380,7 +7380,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7394,7 +7394,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7408,7 +7408,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7422,7 +7422,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7436,7 +7436,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7450,7 +7450,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7464,7 +7464,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7478,7 +7478,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7492,7 +7492,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7506,7 +7506,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7520,7 +7520,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7534,7 +7534,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7548,7 +7548,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7562,7 +7562,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7576,7 +7576,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7590,7 +7590,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7604,7 +7604,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7618,7 +7618,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7632,7 +7632,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7646,7 +7646,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7660,7 +7660,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7674,7 +7674,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7688,7 +7688,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7702,7 +7702,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7716,7 +7716,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7730,7 +7730,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7744,7 +7744,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7758,7 +7758,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7772,7 +7772,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7786,7 +7786,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7800,7 +7800,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7814,7 +7814,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7828,7 +7828,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7842,7 +7842,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7856,7 +7856,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7870,7 +7870,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7884,7 +7884,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7898,7 +7898,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7912,7 +7912,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7926,7 +7926,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7940,7 +7940,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7954,7 +7954,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7968,7 +7968,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7982,7 +7982,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -7996,7 +7996,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8010,7 +8010,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8024,7 +8024,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8038,7 +8038,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8052,7 +8052,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8066,7 +8066,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8080,7 +8080,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8094,7 +8094,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8108,7 +8108,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8122,7 +8122,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8136,7 +8136,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8150,7 +8150,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8164,7 +8164,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8178,7 +8178,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8192,7 +8192,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8206,7 +8206,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8220,7 +8220,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8234,7 +8234,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8248,7 +8248,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8262,7 +8262,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8276,7 +8276,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8290,7 +8290,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8304,7 +8304,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8318,7 +8318,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8332,7 +8332,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8346,7 +8346,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8360,7 +8360,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8374,7 +8374,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8388,7 +8388,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8402,7 +8402,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8416,7 +8416,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8430,7 +8430,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8444,7 +8444,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8458,7 +8458,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8472,7 +8472,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8486,7 +8486,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8500,7 +8500,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8514,7 +8514,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8528,7 +8528,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8542,7 +8542,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8556,7 +8556,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8570,7 +8570,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8584,7 +8584,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8598,7 +8598,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8612,7 +8612,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8626,7 +8626,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8640,7 +8640,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8654,7 +8654,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8668,7 +8668,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8682,7 +8682,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8696,7 +8696,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8710,7 +8710,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8724,7 +8724,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8738,7 +8738,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8752,7 +8752,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8766,7 +8766,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8780,7 +8780,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8794,7 +8794,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8808,7 +8808,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8822,7 +8822,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8836,7 +8836,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8850,7 +8850,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8864,7 +8864,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8878,7 +8878,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8892,7 +8892,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8906,7 +8906,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8920,7 +8920,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8934,7 +8934,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8948,7 +8948,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8962,7 +8962,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8976,7 +8976,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -8990,7 +8990,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9004,7 +9004,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9018,7 +9018,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9032,7 +9032,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9046,7 +9046,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9060,7 +9060,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9074,7 +9074,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9088,7 +9088,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9102,7 +9102,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9116,7 +9116,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9130,7 +9130,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9144,7 +9144,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9158,7 +9158,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9172,7 +9172,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9186,7 +9186,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9200,7 +9200,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9214,7 +9214,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9228,7 +9228,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9242,7 +9242,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9256,7 +9256,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9270,7 +9270,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9284,7 +9284,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9298,7 +9298,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9312,7 +9312,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9326,7 +9326,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9340,7 +9340,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9354,7 +9354,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9368,7 +9368,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9382,7 +9382,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9396,7 +9396,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9410,7 +9410,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9424,7 +9424,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9438,7 +9438,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9452,7 +9452,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9466,7 +9466,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9480,7 +9480,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9494,7 +9494,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9508,7 +9508,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9522,7 +9522,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9536,7 +9536,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9550,7 +9550,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9564,7 +9564,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9578,7 +9578,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9592,7 +9592,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9606,7 +9606,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9620,7 +9620,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9634,7 +9634,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9648,7 +9648,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9662,7 +9662,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9676,7 +9676,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9690,7 +9690,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9704,7 +9704,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9718,7 +9718,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9732,7 +9732,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9746,7 +9746,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9760,7 +9760,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9774,7 +9774,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9788,7 +9788,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9802,7 +9802,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9816,7 +9816,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9830,7 +9830,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9844,7 +9844,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9858,7 +9858,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9872,7 +9872,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9886,7 +9886,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9900,7 +9900,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9914,7 +9914,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9928,7 +9928,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9942,7 +9942,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9956,7 +9956,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9970,7 +9970,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9984,7 +9984,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -9998,7 +9998,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10012,7 +10012,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10026,7 +10026,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10040,7 +10040,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10054,7 +10054,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10068,7 +10068,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10082,7 +10082,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10096,7 +10096,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10110,7 +10110,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10124,7 +10124,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10138,7 +10138,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10152,7 +10152,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10166,7 +10166,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10180,7 +10180,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10194,7 +10194,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10208,7 +10208,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10222,7 +10222,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10236,7 +10236,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10250,7 +10250,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10264,7 +10264,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10278,7 +10278,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10292,7 +10292,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10306,7 +10306,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10320,7 +10320,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10334,7 +10334,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10348,7 +10348,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10362,7 +10362,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10376,7 +10376,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10390,7 +10390,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10404,7 +10404,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10418,7 +10418,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10432,7 +10432,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10446,7 +10446,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10460,7 +10460,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10474,7 +10474,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10488,7 +10488,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10502,7 +10502,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10516,7 +10516,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10530,7 +10530,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10544,7 +10544,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10558,7 +10558,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10572,7 +10572,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10586,7 +10586,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10600,7 +10600,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10614,7 +10614,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10628,7 +10628,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10642,7 +10642,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10656,7 +10656,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10670,7 +10670,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10684,7 +10684,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10698,7 +10698,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10712,7 +10712,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10726,7 +10726,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10740,7 +10740,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10754,7 +10754,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10768,7 +10768,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10782,7 +10782,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10796,7 +10796,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10810,7 +10810,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10824,7 +10824,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10838,7 +10838,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10852,7 +10852,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10866,7 +10866,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10880,7 +10880,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10894,7 +10894,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10908,7 +10908,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10922,7 +10922,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10936,7 +10936,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10950,7 +10950,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10964,7 +10964,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10978,7 +10978,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -10992,7 +10992,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11006,7 +11006,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11020,7 +11020,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11034,7 +11034,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11048,7 +11048,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11062,7 +11062,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11076,7 +11076,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11090,7 +11090,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11104,7 +11104,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11118,7 +11118,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11132,7 +11132,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11146,7 +11146,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11160,7 +11160,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11174,7 +11174,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11188,7 +11188,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11202,7 +11202,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11216,7 +11216,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11230,7 +11230,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11244,7 +11244,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11258,7 +11258,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11272,7 +11272,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11286,7 +11286,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11300,7 +11300,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11314,7 +11314,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11328,7 +11328,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11342,7 +11342,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11356,7 +11356,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11370,7 +11370,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11384,7 +11384,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11398,7 +11398,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11412,7 +11412,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11426,7 +11426,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11440,7 +11440,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11454,7 +11454,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11468,7 +11468,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11482,7 +11482,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11496,7 +11496,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11510,7 +11510,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11524,7 +11524,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11538,7 +11538,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11552,7 +11552,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11566,7 +11566,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11580,7 +11580,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11594,7 +11594,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11608,7 +11608,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11622,7 +11622,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11636,7 +11636,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11650,7 +11650,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11664,7 +11664,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11678,7 +11678,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11692,7 +11692,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11706,7 +11706,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11720,7 +11720,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11734,7 +11734,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11748,7 +11748,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11762,7 +11762,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11776,7 +11776,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11790,7 +11790,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11804,7 +11804,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11818,7 +11818,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11832,7 +11832,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11846,7 +11846,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11860,7 +11860,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11874,7 +11874,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11888,7 +11888,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11902,7 +11902,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11916,7 +11916,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11930,7 +11930,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11944,7 +11944,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11958,7 +11958,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11972,7 +11972,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -11986,7 +11986,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12000,7 +12000,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12014,7 +12014,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12028,7 +12028,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12042,7 +12042,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12056,7 +12056,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12070,7 +12070,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12084,7 +12084,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12098,7 +12098,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12112,7 +12112,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12126,7 +12126,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12140,7 +12140,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12154,7 +12154,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12168,7 +12168,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12182,7 +12182,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12196,7 +12196,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12210,7 +12210,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12224,7 +12224,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12238,7 +12238,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12252,7 +12252,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12266,7 +12266,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12280,7 +12280,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12294,7 +12294,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12308,7 +12308,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12322,7 +12322,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12336,7 +12336,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12350,7 +12350,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12364,7 +12364,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12378,7 +12378,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12392,7 +12392,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12406,7 +12406,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12420,7 +12420,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12434,7 +12434,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12448,7 +12448,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12462,7 +12462,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12476,7 +12476,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12490,7 +12490,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12504,7 +12504,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12518,7 +12518,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12532,7 +12532,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12546,7 +12546,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12560,7 +12560,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12574,7 +12574,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12588,7 +12588,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12602,7 +12602,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12616,7 +12616,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12630,7 +12630,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12644,7 +12644,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12658,7 +12658,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12672,7 +12672,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12686,7 +12686,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12700,7 +12700,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12714,7 +12714,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12728,7 +12728,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12742,7 +12742,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12756,7 +12756,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12770,7 +12770,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12784,7 +12784,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12798,7 +12798,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12812,7 +12812,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12826,7 +12826,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12840,7 +12840,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12854,7 +12854,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12868,7 +12868,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12882,7 +12882,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12896,7 +12896,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12910,7 +12910,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12924,7 +12924,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12938,7 +12938,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12952,7 +12952,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12966,7 +12966,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12980,7 +12980,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -12994,7 +12994,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13008,7 +13008,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13022,7 +13022,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13036,7 +13036,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13050,7 +13050,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13064,7 +13064,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13078,7 +13078,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13092,7 +13092,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13106,7 +13106,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13120,7 +13120,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13134,7 +13134,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13148,7 +13148,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13162,7 +13162,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13176,7 +13176,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13190,7 +13190,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13204,7 +13204,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13218,7 +13218,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13232,7 +13232,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13246,7 +13246,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13260,7 +13260,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13274,7 +13274,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13288,7 +13288,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13302,7 +13302,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13316,7 +13316,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13330,7 +13330,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13344,7 +13344,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13358,7 +13358,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13372,7 +13372,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13386,7 +13386,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13400,7 +13400,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13414,7 +13414,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13428,7 +13428,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13442,7 +13442,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13456,7 +13456,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13470,7 +13470,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13484,7 +13484,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13498,7 +13498,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13512,7 +13512,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13526,7 +13526,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13540,7 +13540,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13554,7 +13554,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13568,7 +13568,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13582,7 +13582,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13596,7 +13596,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13610,7 +13610,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13624,7 +13624,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13638,7 +13638,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13652,7 +13652,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13666,7 +13666,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13680,7 +13680,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13694,7 +13694,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13708,7 +13708,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13722,7 +13722,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13736,7 +13736,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13750,7 +13750,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13764,7 +13764,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13778,7 +13778,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13792,7 +13792,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13806,7 +13806,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13820,7 +13820,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13834,7 +13834,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13848,7 +13848,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13862,7 +13862,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13876,7 +13876,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13890,7 +13890,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13904,7 +13904,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13918,7 +13918,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13932,7 +13932,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13946,7 +13946,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13960,7 +13960,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13974,7 +13974,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -13988,7 +13988,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14002,7 +14002,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14016,7 +14016,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14030,7 +14030,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14044,7 +14044,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14058,7 +14058,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14072,7 +14072,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14086,7 +14086,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14100,7 +14100,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14114,7 +14114,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14128,7 +14128,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14142,7 +14142,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14156,7 +14156,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14170,7 +14170,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14184,7 +14184,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14198,7 +14198,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14212,7 +14212,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14226,7 +14226,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14240,7 +14240,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14254,7 +14254,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14268,7 +14268,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14282,7 +14282,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14296,7 +14296,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14310,7 +14310,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14324,7 +14324,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14338,7 +14338,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14352,7 +14352,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14366,7 +14366,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14380,7 +14380,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14394,7 +14394,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14408,7 +14408,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14422,7 +14422,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14436,7 +14436,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14450,7 +14450,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14464,7 +14464,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14478,7 +14478,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14492,7 +14492,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14506,7 +14506,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14520,7 +14520,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14534,7 +14534,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14548,7 +14548,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14562,7 +14562,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14576,7 +14576,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14590,7 +14590,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14604,7 +14604,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14618,7 +14618,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14632,7 +14632,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14646,7 +14646,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14660,7 +14660,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14674,7 +14674,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14688,7 +14688,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14702,7 +14702,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14716,7 +14716,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14730,7 +14730,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14744,7 +14744,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14758,7 +14758,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14772,7 +14772,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14786,7 +14786,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14800,7 +14800,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14814,7 +14814,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14828,7 +14828,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14842,7 +14842,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14856,7 +14856,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14870,7 +14870,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14884,7 +14884,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14898,7 +14898,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14912,7 +14912,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14926,7 +14926,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14940,7 +14940,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14954,7 +14954,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14968,7 +14968,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14982,7 +14982,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -14996,7 +14996,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15010,7 +15010,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15024,7 +15024,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15038,7 +15038,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15052,7 +15052,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15066,7 +15066,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15080,7 +15080,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15094,7 +15094,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15108,7 +15108,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15122,7 +15122,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15136,7 +15136,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15150,7 +15150,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15164,7 +15164,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15178,7 +15178,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15192,7 +15192,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15206,7 +15206,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15220,7 +15220,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15234,7 +15234,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15248,7 +15248,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15262,7 +15262,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15276,7 +15276,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15290,7 +15290,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15304,7 +15304,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15318,7 +15318,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15332,7 +15332,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15346,7 +15346,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15360,7 +15360,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15374,7 +15374,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15388,7 +15388,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15402,7 +15402,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15416,7 +15416,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15430,7 +15430,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15444,7 +15444,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15458,7 +15458,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15472,7 +15472,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15486,7 +15486,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15500,7 +15500,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15514,7 +15514,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15528,7 +15528,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15542,7 +15542,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15556,7 +15556,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15570,7 +15570,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15584,7 +15584,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15598,7 +15598,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15612,7 +15612,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15626,7 +15626,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15640,7 +15640,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15654,7 +15654,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15668,7 +15668,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15682,7 +15682,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15696,7 +15696,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15710,7 +15710,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15724,7 +15724,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15738,7 +15738,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15752,7 +15752,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15766,7 +15766,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15780,7 +15780,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15794,7 +15794,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15808,7 +15808,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15822,7 +15822,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15836,7 +15836,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15850,7 +15850,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15864,7 +15864,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15878,7 +15878,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15892,7 +15892,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15906,7 +15906,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15920,7 +15920,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15934,7 +15934,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15948,7 +15948,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15962,7 +15962,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15976,7 +15976,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -15990,7 +15990,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16004,7 +16004,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16018,7 +16018,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16032,7 +16032,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16046,7 +16046,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16060,7 +16060,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16074,7 +16074,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16088,7 +16088,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16102,7 +16102,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16116,7 +16116,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16130,7 +16130,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16144,7 +16144,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16158,7 +16158,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16172,7 +16172,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16186,7 +16186,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16200,7 +16200,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16214,7 +16214,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16228,7 +16228,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16242,7 +16242,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16256,7 +16256,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16270,7 +16270,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16284,7 +16284,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16298,7 +16298,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16312,7 +16312,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16326,7 +16326,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16340,7 +16340,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16354,7 +16354,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16368,7 +16368,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16382,7 +16382,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16396,7 +16396,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16410,7 +16410,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16424,7 +16424,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16438,7 +16438,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16452,7 +16452,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16466,7 +16466,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16480,7 +16480,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16494,7 +16494,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16508,7 +16508,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16522,7 +16522,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16536,7 +16536,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16550,7 +16550,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16564,7 +16564,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16578,7 +16578,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16592,7 +16592,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16606,7 +16606,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16620,7 +16620,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16634,7 +16634,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16648,7 +16648,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16662,7 +16662,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16676,7 +16676,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16690,7 +16690,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16704,7 +16704,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16718,7 +16718,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16732,7 +16732,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16746,7 +16746,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16760,7 +16760,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16774,7 +16774,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16788,7 +16788,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16802,7 +16802,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16816,7 +16816,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16830,7 +16830,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16844,7 +16844,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16858,7 +16858,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16872,7 +16872,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16886,7 +16886,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16900,7 +16900,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16914,7 +16914,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16928,7 +16928,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16942,7 +16942,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16956,7 +16956,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16970,7 +16970,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16984,7 +16984,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -16998,7 +16998,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17012,7 +17012,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17026,7 +17026,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17040,7 +17040,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17054,7 +17054,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17068,7 +17068,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17082,7 +17082,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17096,7 +17096,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17110,7 +17110,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17124,7 +17124,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17138,7 +17138,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17152,7 +17152,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17166,7 +17166,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17180,7 +17180,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17194,7 +17194,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17208,7 +17208,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17222,7 +17222,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17236,7 +17236,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17250,7 +17250,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17264,7 +17264,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17278,7 +17278,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17292,7 +17292,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17306,7 +17306,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17320,7 +17320,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17334,7 +17334,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17348,7 +17348,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17362,7 +17362,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17376,7 +17376,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17390,7 +17390,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17404,7 +17404,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17418,7 +17418,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17432,7 +17432,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17446,7 +17446,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17460,7 +17460,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17474,7 +17474,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17488,7 +17488,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17502,7 +17502,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17516,7 +17516,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17530,7 +17530,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17544,7 +17544,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17558,7 +17558,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17572,7 +17572,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17586,7 +17586,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17600,7 +17600,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17614,7 +17614,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17628,7 +17628,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17642,7 +17642,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17656,7 +17656,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17670,7 +17670,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17684,7 +17684,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17698,7 +17698,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17712,7 +17712,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17726,7 +17726,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17740,7 +17740,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17754,7 +17754,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17768,7 +17768,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17782,7 +17782,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17796,7 +17796,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17810,7 +17810,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17824,7 +17824,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17838,7 +17838,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17852,7 +17852,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17866,7 +17866,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17880,7 +17880,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17894,7 +17894,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17908,7 +17908,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17922,7 +17922,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17936,7 +17936,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17950,7 +17950,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17964,7 +17964,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17978,7 +17978,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -17992,7 +17992,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18006,7 +18006,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18020,7 +18020,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18034,7 +18034,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18048,7 +18048,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18062,7 +18062,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18076,7 +18076,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18090,7 +18090,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18104,7 +18104,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18118,7 +18118,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18132,7 +18132,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18146,7 +18146,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18160,7 +18160,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18174,7 +18174,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18188,7 +18188,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18202,7 +18202,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18216,7 +18216,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18230,7 +18230,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18244,7 +18244,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18258,7 +18258,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18272,7 +18272,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18286,7 +18286,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18300,7 +18300,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18314,7 +18314,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18328,7 +18328,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18342,7 +18342,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18356,7 +18356,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18370,7 +18370,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18384,7 +18384,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18398,7 +18398,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18412,7 +18412,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18426,7 +18426,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18440,7 +18440,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18454,7 +18454,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18468,7 +18468,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18482,7 +18482,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18496,7 +18496,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18510,7 +18510,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18524,7 +18524,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18538,7 +18538,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18552,7 +18552,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18566,7 +18566,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18580,7 +18580,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18594,7 +18594,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18608,7 +18608,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18622,7 +18622,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18636,7 +18636,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18650,7 +18650,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18664,7 +18664,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18678,7 +18678,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18692,7 +18692,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18706,7 +18706,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18720,7 +18720,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18734,7 +18734,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18748,7 +18748,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18762,7 +18762,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18776,7 +18776,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18790,7 +18790,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18804,7 +18804,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18818,7 +18818,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18832,7 +18832,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18846,7 +18846,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18860,7 +18860,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18874,7 +18874,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18888,7 +18888,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18902,7 +18902,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18916,7 +18916,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18930,7 +18930,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18944,7 +18944,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18958,7 +18958,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18972,7 +18972,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -18986,7 +18986,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19000,7 +19000,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19014,7 +19014,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19028,7 +19028,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19042,7 +19042,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19056,7 +19056,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19070,7 +19070,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19084,7 +19084,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19098,7 +19098,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19112,7 +19112,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19126,7 +19126,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19140,7 +19140,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19154,7 +19154,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19168,7 +19168,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19182,7 +19182,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19196,7 +19196,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19210,7 +19210,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19224,7 +19224,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19238,7 +19238,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19252,7 +19252,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19266,7 +19266,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19280,7 +19280,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19294,7 +19294,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19308,7 +19308,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19322,7 +19322,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19336,7 +19336,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19350,7 +19350,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19364,7 +19364,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19378,7 +19378,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19392,7 +19392,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19406,7 +19406,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19420,7 +19420,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19434,7 +19434,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19448,7 +19448,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19462,7 +19462,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19476,7 +19476,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19490,7 +19490,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19504,7 +19504,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19518,7 +19518,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19532,7 +19532,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19546,7 +19546,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19560,7 +19560,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19574,7 +19574,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19588,7 +19588,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19602,7 +19602,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19616,7 +19616,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19630,7 +19630,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19644,7 +19644,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19658,7 +19658,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19672,7 +19672,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19686,7 +19686,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19700,7 +19700,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19714,7 +19714,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19728,7 +19728,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19742,7 +19742,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19756,7 +19756,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19770,7 +19770,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19784,7 +19784,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19798,7 +19798,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19812,7 +19812,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19826,7 +19826,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19840,7 +19840,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19854,7 +19854,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19868,7 +19868,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19882,7 +19882,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19896,7 +19896,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19910,7 +19910,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19924,7 +19924,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19938,7 +19938,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19952,7 +19952,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19966,7 +19966,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19980,7 +19980,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -19994,7 +19994,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20008,7 +20008,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20022,7 +20022,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20036,7 +20036,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20050,7 +20050,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20064,7 +20064,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20078,7 +20078,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20092,7 +20092,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20106,7 +20106,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20120,7 +20120,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20134,7 +20134,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20148,7 +20148,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20162,7 +20162,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20176,7 +20176,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20190,7 +20190,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20204,7 +20204,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20218,7 +20218,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20232,7 +20232,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "PartConfPerm",
         "PSCmdL":  "$DNTocheck = @(\u0027CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027,\u0027CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com\u0027);$ExchSrvListDN =@(foreach ($srv in (Get-ExchangeServer)){(Get-ExchangeServer -identity $srv).distinguishedName});$DNTocheck +=$ExchSrvListDN ;$resPArtConf =@(); foreach ($DNtocheckEntry in $DNTocheck){$resPArtConf += Get-ADPermission -Identity $DNtocheckEntry};$resPArtConf",
         "Name":  "",
@@ -20246,7 +20246,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20260,7 +20260,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20274,7 +20274,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20288,7 +20288,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20302,7 +20302,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20316,7 +20316,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20330,7 +20330,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20344,7 +20344,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20358,7 +20358,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20372,7 +20372,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20386,7 +20386,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20400,7 +20400,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20414,7 +20414,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20428,7 +20428,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20442,7 +20442,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20456,7 +20456,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20470,7 +20470,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20484,7 +20484,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20498,7 +20498,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20512,7 +20512,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20526,7 +20526,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20540,7 +20540,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20554,7 +20554,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20568,7 +20568,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20582,7 +20582,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20596,7 +20596,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20610,7 +20610,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20624,7 +20624,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20638,7 +20638,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20652,7 +20652,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20666,7 +20666,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20680,7 +20680,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20694,7 +20694,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20708,7 +20708,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20722,7 +20722,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20736,7 +20736,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20750,7 +20750,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20764,7 +20764,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20778,7 +20778,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20792,7 +20792,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20806,7 +20806,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-02\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-02 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-02\"}",
         "Name":  "",
@@ -20820,7 +20820,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20834,7 +20834,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20848,7 +20848,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20862,7 +20862,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20876,7 +20876,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20890,7 +20890,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20904,7 +20904,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20918,7 +20918,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20932,7 +20932,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20946,7 +20946,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20960,7 +20960,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20974,7 +20974,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -20988,7 +20988,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21002,7 +21002,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21016,7 +21016,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21030,7 +21030,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21044,7 +21044,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21058,7 +21058,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21072,7 +21072,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21086,7 +21086,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21100,7 +21100,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21114,7 +21114,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21128,7 +21128,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21142,7 +21142,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21156,7 +21156,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21170,7 +21170,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21184,7 +21184,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21198,7 +21198,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21212,7 +21212,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21226,7 +21226,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-03\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-03 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-03\"}",
         "Name":  "",
@@ -21240,7 +21240,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21254,7 +21254,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21268,7 +21268,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21282,7 +21282,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21296,7 +21296,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21310,7 +21310,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21324,7 +21324,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21338,7 +21338,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21352,7 +21352,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21366,7 +21366,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21380,7 +21380,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21394,7 +21394,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21408,7 +21408,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21422,7 +21422,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21436,7 +21436,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21450,7 +21450,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21464,7 +21464,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21478,7 +21478,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21492,7 +21492,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21506,7 +21506,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21520,7 +21520,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21534,7 +21534,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21548,7 +21548,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21562,7 +21562,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21576,7 +21576,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21590,7 +21590,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21604,7 +21604,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21618,7 +21618,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21632,7 +21632,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21646,7 +21646,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21660,7 +21660,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21674,7 +21674,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21688,7 +21688,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21702,7 +21702,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21716,7 +21716,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21730,7 +21730,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21744,7 +21744,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21758,7 +21758,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21772,7 +21772,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21786,7 +21786,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21800,7 +21800,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "LocalAminGroup",
         "PSCmdL":  "$res = Get-WmiObject -Class Win32_GroupUser -Filter \"GroupComponent=\"\"Win32_Group.Domain=\u0027AX-EX19-04\u0027,Name=\u0027Administrators\u0027\"\"\" -ComputerName AX-EX19-04 |% {if ($_.PartComponent -match \u0027cimv2:(.+).Domain=\"(.+)\",Name=\"(.+)\"\u0027){$members=@();$members+=$Matches[1]+\";\"+$Matches[2]+\"\\\"+$Matches[3];$members}};@{\"List\"=$res;\"srv\"=\"AX-EX19-04\"}",
         "Name":  "",
@@ -21814,7 +21814,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Outbound Proxy Frontend AX-EX19-01",
@@ -21828,7 +21828,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Frontend AX-EX19-01",
@@ -21842,7 +21842,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "RC-OR",
@@ -21856,7 +21856,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default AX-EX19-01",
@@ -21870,7 +21870,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Proxy AX-EX19-01",
@@ -21884,7 +21884,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default Frontend AX-EX19-01",
@@ -21898,7 +21898,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Frontend AX-EX19-02",
@@ -21912,7 +21912,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "O365 RC",
@@ -21926,7 +21926,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Outbound Proxy Frontend AX-EX19-02",
@@ -21940,7 +21940,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default AX-EX19-02",
@@ -21954,7 +21954,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Proxy AX-EX19-02",
@@ -21968,7 +21968,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default Frontend AX-EX19-02",
@@ -21982,7 +21982,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Frontend AX-EX19-03",
@@ -21996,7 +21996,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "RC-OR",
@@ -22010,7 +22010,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Proxy AX-EX19-03",
@@ -22024,7 +22024,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default Frontend AX-EX19-03",
@@ -22038,7 +22038,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default AX-EX19-03",
@@ -22052,7 +22052,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Outbound Proxy Frontend AX-EX19-03",
@@ -22066,7 +22066,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Application Receive Connector",
@@ -22080,7 +22080,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Frontend AX-EX19-04",
@@ -22094,7 +22094,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Client Proxy AX-EX19-04",
@@ -22108,7 +22108,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default AX-EX19-04",
@@ -22122,7 +22122,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Outbound Proxy Frontend AX-EX19-04",
@@ -22136,7 +22136,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "ReceiveConnector",
         "PSCmdL":  "Get-ReceiveConnector",
         "Name":  "Default Frontend AX-EX19-04",
@@ -22150,7 +22150,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportRule",
         "PSCmdL":  "Get-TransportRule",
         "Name":  "",
@@ -22164,7 +22164,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "JournalRule",
         "PSCmdL":  "Get-JournalRule",
         "Name":  "",
@@ -22178,7 +22178,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportConfig",
         "PSCmdL":  "Get-TransportConfig",
         "Name":  "",
@@ -22192,7 +22192,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "SendConnector",
         "PSCmdL":  "Get-Sendconnector",
         "Name":  "fabrikam.net",
@@ -22206,7 +22206,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "SendConnector",
         "PSCmdL":  "Get-Sendconnector",
         "Name":  "EdgeSync - Default-First-Site-Name to Internet",
@@ -22220,7 +22220,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "SendConnector",
         "PSCmdL":  "Get-Sendconnector",
         "Name":  "EdgeSync - Inbound to Default-First-Site-Name",
@@ -22234,7 +22234,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "SendConnector",
         "PSCmdL":  "Get-Sendconnector",
         "Name":  "Internet contosolife to Office 365",
@@ -22248,7 +22248,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "SendConnector",
         "PSCmdL":  "Get-Sendconnector",
         "Name":  "Outbound to Office 365 - 584b63c9-db0e-41c2-a087-09a0ed9124f0",
@@ -22262,7 +22262,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "SendConnector",
         "PSCmdL":  "Get-Sendconnector",
         "Name":  "To Internet",
@@ -22276,7 +22276,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportPipeline",
         "PSCmdL":  "Get-Transportservice",
         "Name":  "",
@@ -22290,7 +22290,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportPipeline",
         "PSCmdL":  "Get-Transportservice",
         "Name":  "",
@@ -22304,7 +22304,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportPipeline",
         "PSCmdL":  "Get-Transportservice",
         "Name":  "",
@@ -22318,7 +22318,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportPipeline",
         "PSCmdL":  "Get-Transportservice",
         "Name":  "",
@@ -22332,7 +22332,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "TransportPipeline",
         "PSCmdL":  "Get-Transportservice",
         "Name":  "",
@@ -22346,7 +22346,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RCAnonymous",
         "PSCmdL":  "Get-ReceiveConnector  | Get-ADPermission | ? {$_.ExtendedRights -like \"ms-Exch-SMTP-Accept-Any-Recipient\" -and $_.User -like \"*NT AUTHORITY\\ANONYMOUS LOGON*\"}",
         "Name":  "",
@@ -22360,7 +22360,7 @@
     {
         "GenerationInstanceID":  "d7c3c6e9-f848-4c98-8a51-9682c938d611",
         "ESIEnvironment":  "Contoso",
-        "EntryDate":  "2022-10-26 05:31:11 +02:00",
+        "EntryDate":  "2023-08-27 05:31:11 +02:00",
         "Section":  "RCAnonymous",
         "PSCmdL":  "Get-ReceiveConnector  | Get-ADPermission | ? {$_.ExtendedRights -like \"ms-Exch-SMTP-Accept-Any-Recipient\" -and $_.User -like \"*NT AUTHORITY\\ANONYMOUS LOGON*\"}",
         "Name":  "",
diff --git a/Sample Data/Custom/ESI-HttpProxyLogs-CSV.txt b/Sample Data/Custom/ESI-HttpProxyLogs-CSV.txt
index 83e01461b26..29f55a5e6c8 100644
--- a/Sample Data/Custom/ESI-HttpProxyLogs-CSV.txt	
+++ b/Sample Data/Custom/ESI-HttpProxyLogs-CSV.txt	
@@ -1,73 +1,73 @@
 DateTime,RequestId,MajorVersion,MinorVersion,BuildVersion,RevisionVersion,ClientRequestId,Protocol,UrlHost,UrlStem,ProtocolAction,AuthenticationType,IsAuthenticated,AuthenticatedUser,Organization,AnchorMailbox,UserAgent,ClientIpAddress,ServerHostName,HttpStatus,BackEndStatus,ErrorCode,Method,ProxyAction,TargetServer,TargetServerVersion,RoutingType,RoutingHint,BackEndCookie,ServerLocatorHost,ServerLocatorLatency,RequestBytes,ResponseBytes,TargetOutstandingRequests,AuthModulePerfContext,HttpPipelineLatency,CalculateTargetBackEndLatency,GlsLatencyBreakup,TotalGlsLatency,AccountForestLatencyBreakup,TotalAccountForestLatency,ResourceForestLatencyBreakup,TotalResourceForestLatency,ADLatency,SharedCacheLatencyBreakup,TotalSharedCacheLatency,ActivityContextLifeTime,ModuleToHandlerSwitchingLatency,ClientReqStreamLatency,BackendReqInitLatency,BackendReqStreamLatency,BackendProcessingLatency,BackendRespInitLatency,BackendRespStreamLatency,ClientRespStreamLatency,KerberosAuthHeaderLatency,HandlerCompletionLatency,RequestHandlerLatency,HandlerToModuleSwitchingLatency,ProxyTime,CoreLatency,RoutingLatency,HttpProxyOverhead,TotalRequestTime,RouteRefresherLatency,UrlQuery,BackEndGenericInfo,GenericInfo,GenericErrors,EdgeTraceId,DatabaseGuid,UserADObjectGuid,PartitionEndpointLookupLatency,RoutingStatus
-2023-02-08T00:00:03.324Z,26dd3d37-651e-43e9-a928-fad7f55eec30,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:00:03.323Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:00:03.324Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:01:04.313Z,2a5d89d4-d393-4bab-8a42-c634dde3f7d1,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:01:04.311Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:01:04.313Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:02:01.046Z,caf00545-8fcd-4a89-ad02-3815f2051fc6,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:02:01.045Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:02:01.046Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:03:01.052Z,dfc399e6-b77c-4b82-9f55-bd6c22d3400b,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,2,,2,,2,2,,,,BeginRequest=2023-02-08T00:03:01.049Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:03:01.052Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:04:01.176Z,1c86edef-7196-49cb-829b-f6af9346ea81,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,1,1,,2,,3,3,,,,BeginRequest=2023-02-08T00:04:01.173Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:04:01.176Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:00:03.324Z,26dd3d37-651e-43e9-a928-fad7f55eec30,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:00:03.323Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:00:03.324Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:01:04.313Z,2a5d89d4-d393-4bab-8a42-c634dde3f7d1,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:01:04.311Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:01:04.313Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:02:01.046Z,caf00545-8fcd-4a89-ad02-3815f2051fc6,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:02:01.045Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:02:01.046Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:03:01.052Z,dfc399e6-b77c-4b82-9f55-bd6c22d3400b,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,2,,2,,2,2,,,,BeginRequest=2023-08-27T00:03:01.049Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:03:01.052Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:04:01.176Z,1c86edef-7196-49cb-829b-f6af9346ea81,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,1,1,,2,,3,3,,,,BeginRequest=2023-08-27T00:04:01.173Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:04:01.176Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,bc51cc91-49b9-4da6-ac2d-70263338196a,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600011,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:05:01.204Z,d91edba7-e75c-4cf8-b371-d11938acea46,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:05:01.202Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:05:01.204Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:06:01.186Z,7904232f-acc3-4765-83c8-d21e464ad802,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,2,,2,,3,3,,,,BeginRequest=2023-02-08T00:06:01.183Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:06:01.186Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:07:01.222Z,f8049135-10a6-4d6d-b62b-a1eff1e1dfc7,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:07:01.220Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:07:01.222Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:08:01.372Z,7fc0bf66-8944-4072-93b5-2ec4f2288670,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:08:01.371Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:08:01.372Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:09:01.470Z,93456641-1baa-4963-a654-09211f129a56,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,14,0,,,,,,,,,0,1,4,,5,,5,5,,,,BeginRequest=2023-02-08T00:09:01.465Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/7/2023 11:38:59 PM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:09:01.470Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:05:01.204Z,d91edba7-e75c-4cf8-b371-d11938acea46,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:05:01.202Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:05:01.204Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:06:01.186Z,7904232f-acc3-4765-83c8-d21e464ad802,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,2,,2,,3,3,,,,BeginRequest=2023-08-27T00:06:01.183Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:06:01.186Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:07:01.222Z,f8049135-10a6-4d6d-b62b-a1eff1e1dfc7,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:07:01.220Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:07:01.222Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:08:01.372Z,7fc0bf66-8944-4072-93b5-2ec4f2288670,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:08:01.371Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:08:01.372Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:09:01.470Z,93456641-1baa-4963-a654-09211f129a56,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,14,0,,,,,,,,,0,1,4,,5,,5,5,,,,BeginRequest=2023-08-27T00:09:01.465Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/7/2023 11:38:59 PM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:09:01.470Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,2bedfd2a-7af0-4338-85ad-f7db0d726d99,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600014,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:10:01.631Z,7cc9b8d0-21ce-40cc-973f-bb65ec17507c,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:10:01.629Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:10:01.631Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:11:01.525Z,b32ced2d-ca79-4294-a075-b13999c3f268,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,1,,1,,2,2,,,,BeginRequest=2023-02-08T00:11:01.523Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:11:01.525Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:12:01.673Z,3c3d928d-4774-4857-89a4-343e84abb108,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:12:01.672Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:12:01.673Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:13:01.807Z,32c63760-6e2d-4465-b980-9a3dcfd60b29,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,3,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,3,3,,,,BeginRequest=2023-02-08T00:13:01.804Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:13:01.807Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:14:01.820Z,463cee32-6387-4a39-b42f-be767939435a,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:14:01.819Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:14:01.820Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:10:01.631Z,7cc9b8d0-21ce-40cc-973f-bb65ec17507c,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:10:01.629Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:10:01.631Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:11:01.525Z,b32ced2d-ca79-4294-a075-b13999c3f268,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,1,,1,,2,2,,,,BeginRequest=2023-08-27T00:11:01.523Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:11:01.525Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:12:01.673Z,3c3d928d-4774-4857-89a4-343e84abb108,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:12:01.672Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:12:01.673Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:13:01.807Z,32c63760-6e2d-4465-b980-9a3dcfd60b29,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,3,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,3,3,,,,BeginRequest=2023-08-27T00:13:01.804Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:13:01.807Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:14:01.820Z,463cee32-6387-4a39-b42f-be767939435a,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:14:01.819Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:14:01.820Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
 ,92b961db-dc08-4dc4-a64b-cee2be82f30f,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600015,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity;I32:ATE.C[MISSED]=3;F:ATE.AL[MISSED]=0;I32:ADR.C[MISSED]=2;F:ADR.AL[MISSED]=1.8464;I32:ADS.C[MISSED]=1;F:ADS.AL[MISSED]=1.5753,,,,,,
-2023-02-08T00:15:01.888Z,e757ef0e-6e63-4cb0-b94c-e4e353321c76,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:15:01.887Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:15:01.888Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:16:02.012Z,ff3b24c2-bf07-4df9-ac83-4ba00c1479a3,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,2,,2,,3,3,,,,BeginRequest=2023-02-08T00:16:02.009Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:16:02.012Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:17:02.034Z,2b3ab478-4a94-42a1-92f3-41d1215f3343,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:17:02.033Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:17:02.034Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:18:02.145Z,7fa07211-6c84-4947-92f8-148276067fc8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:18:02.143Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:18:02.145Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:19:02.210Z,0ad151e5-4bcd-4010-a7ed-ba832690d50e,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:19:02.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:19:02.210Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:15:01.888Z,e757ef0e-6e63-4cb0-b94c-e4e353321c76,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:15:01.887Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:15:01.888Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:16:02.012Z,ff3b24c2-bf07-4df9-ac83-4ba00c1479a3,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,2,,2,,3,3,,,,BeginRequest=2023-08-27T00:16:02.009Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:16:02.012Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:17:02.034Z,2b3ab478-4a94-42a1-92f3-41d1215f3343,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:17:02.033Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:17:02.034Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:18:02.145Z,7fa07211-6c84-4947-92f8-148276067fc8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:18:02.143Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:18:02.145Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:19:02.210Z,0ad151e5-4bcd-4010-a7ed-ba832690d50e,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:19:02.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:19:02.210Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,10a17226-099c-47cc-860c-b2238c057efb,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600004,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:20:02.342Z,23dd4b4c-8eeb-4d09-9561-110735a0f520,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,3,,3,,4,4,,,,BeginRequest=2023-02-08T00:20:02.338Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:20:02.342Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:21:02.492Z,fbf93ace-a18a-4964-9f4b-f7dc57c55cff,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,11,0,,,,,,,,,0,0,4,,4,,5,5,,,,BeginRequest=2023-02-08T00:21:02.487Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:21:02.492Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:22:02.569Z,2dd48b8e-b46f-4a97-84c5-f829bdaddf20,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:22:02.568Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:22:02.569Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:23:02.575Z,aaf9cc0f-2628-4cd9-af2e-db2c85467d55,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,15,0,,,,,,,,,0,0,11,,11,,12,12,,,,BeginRequest=2023-02-08T00:23:02.563Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:23:02.575Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:24:02.680Z,7c900c10-ab63-43f4-b53d-9a3274447f44,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,2,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:24:02.679Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:24:02.680Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:20:02.342Z,23dd4b4c-8eeb-4d09-9561-110735a0f520,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,3,,3,,4,4,,,,BeginRequest=2023-08-27T00:20:02.338Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:20:02.342Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:21:02.492Z,fbf93ace-a18a-4964-9f4b-f7dc57c55cff,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,11,0,,,,,,,,,0,0,4,,4,,5,5,,,,BeginRequest=2023-08-27T00:21:02.487Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:21:02.492Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:22:02.569Z,2dd48b8e-b46f-4a97-84c5-f829bdaddf20,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:22:02.568Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:22:02.569Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:23:02.575Z,aaf9cc0f-2628-4cd9-af2e-db2c85467d55,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,15,0,,,,,,,,,0,0,11,,11,,12,12,,,,BeginRequest=2023-08-27T00:23:02.563Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:23:02.575Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:24:02.680Z,7c900c10-ab63-43f4-b53d-9a3274447f44,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,2,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:24:02.679Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:24:02.680Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,518864e1-3bf4-421f-af20-0c81cb5a6f62,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600018,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:25:02.793Z,30b16933-fcd7-4e01-815a-bb21cd0a133f,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,8,0,,,,,,,,,0,0,5,,5,,6,6,,,,BeginRequest=2023-02-08T00:25:02.787Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:25:02.793Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:26:02.796Z,d2b47954-c3ea-49cb-90ef-2984dab2b466,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:26:02.794Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:26:02.796Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:27:02.832Z,33516636-4baa-4b6c-b51a-ec52de98e21e,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:27:02.831Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:27:02.832Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:28:02.834Z,4dbca35d-091a-4d8d-8108-0dce06091ab0,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:28:02.832Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:28:02.834Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:29:02.936Z,d9d432b8-0dcd-44fb-a618-e5bcb954f4f0,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:29:02.934Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:29:02.936Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:25:02.793Z,30b16933-fcd7-4e01-815a-bb21cd0a133f,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,8,0,,,,,,,,,0,0,5,,5,,6,6,,,,BeginRequest=2023-08-27T00:25:02.787Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:25:02.793Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:26:02.796Z,d2b47954-c3ea-49cb-90ef-2984dab2b466,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:26:02.794Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:26:02.796Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:27:02.832Z,33516636-4baa-4b6c-b51a-ec52de98e21e,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:27:02.831Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:27:02.832Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:28:02.834Z,4dbca35d-091a-4d8d-8108-0dce06091ab0,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:28:02.832Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:28:02.834Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:29:02.936Z,d9d432b8-0dcd-44fb-a618-e5bcb954f4f0,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:29:02.934Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:29:02.936Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
 ,65a6c42d-ba8a-4268-9040-065943db0052,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600029,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:30:03.045Z,04202d92-0581-4a40-891e-6480e4964b05,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,26,0,,,,,,,,,0,0,23,,23,,24,24,,,,BeginRequest=2023-02-08T00:30:03.019Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:30:03.045Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:31:03.033Z,ffea0894-d7ea-459a-89bc-760929d955cf,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,1,,1,,2,2,,,,BeginRequest=2023-02-08T00:31:03.031Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:31:03.033Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:32:06.250Z,6e3a889e-ff21-4e2d-a293-cfafb96816a1,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,66,0,,0,,0,,0,0,,0,121,0,,,,,,,,,0,1,50,,51,,117,117,,,,BeginRequest=2023-02-08T00:32:06.132Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:32:06.250Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=29.1567;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.57895,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:33:06.956Z,c06fb72f-5a7d-4003-b2b8-b58ad07a88bb,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:33:06.954Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:33:06.956Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:34:03.313Z,097f004b-a78e-4c02-bd3f-b552acbdfd01,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,1,,,,,,,,,0,0,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:34:03.312Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:34:03.313Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:30:03.045Z,04202d92-0581-4a40-891e-6480e4964b05,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,26,0,,,,,,,,,0,0,23,,23,,24,24,,,,BeginRequest=2023-08-27T00:30:03.019Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:30:03.045Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:31:03.033Z,ffea0894-d7ea-459a-89bc-760929d955cf,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,1,,1,,2,2,,,,BeginRequest=2023-08-27T00:31:03.031Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:31:03.033Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:32:06.250Z,6e3a889e-ff21-4e2d-a293-cfafb96816a1,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,66,0,,0,,0,,0,0,,0,121,0,,,,,,,,,0,1,50,,51,,117,117,,,,BeginRequest=2023-08-27T00:32:06.132Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:32:06.250Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=29.1567;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.57895,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:33:06.956Z,c06fb72f-5a7d-4003-b2b8-b58ad07a88bb,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:33:06.954Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:33:06.956Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:34:03.313Z,097f004b-a78e-4c02-bd3f-b552acbdfd01,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,1,,,,,,,,,0,0,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:34:03.312Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:34:03.313Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
 ,7930a14a-a763-4bbe-95ef-4e80fef3d84a,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600027,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:35:03.429Z,c1dd2aea-2c60-4d03-a38c-e7d0666a5436,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,1,,1,,2,2,,,,BeginRequest=2023-02-08T00:35:03.427Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:35:03.429Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:36:08.784Z,ad9a9e62-2dc7-41e1-a5e6-068dccdf19bd,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:36:08.782Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:36:08.784Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:37:03.673Z,55314d35-66fe-4a8c-995c-4073fe06b772,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,5,0,,,,,,,,,0,1,3,,4,,4,4,,,,BeginRequest=2023-02-08T00:37:03.669Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:37:03.673Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:38:03.820Z,3a134800-ebc8-45e9-aa51-30536b3b2dd8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,3,,3,,4,4,,,,BeginRequest=2023-02-08T00:38:03.815Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:38:03.820Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:39:04.039Z,097a4925-5435-45be-949d-a129db4ea981,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,11,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:39:04.037Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/8/2023 12:09:01 AM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:39:04.039Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:35:03.429Z,c1dd2aea-2c60-4d03-a38c-e7d0666a5436,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,1,,1,,2,2,,,,BeginRequest=2023-08-27T00:35:03.427Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:35:03.429Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:36:08.784Z,ad9a9e62-2dc7-41e1-a5e6-068dccdf19bd,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:36:08.782Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:36:08.784Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:37:03.673Z,55314d35-66fe-4a8c-995c-4073fe06b772,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,5,0,,,,,,,,,0,1,3,,4,,4,4,,,,BeginRequest=2023-08-27T00:37:03.669Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:37:03.673Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:38:03.820Z,3a134800-ebc8-45e9-aa51-30536b3b2dd8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,3,,3,,4,4,,,,BeginRequest=2023-08-27T00:38:03.815Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:38:03.820Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:39:04.039Z,097a4925-5435-45be-949d-a129db4ea981,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,11,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:39:04.037Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/8/2023 12:09:01 AM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:39:04.039Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,5d43735e-cdf0-42a7-b8a3-8e20507dfb56,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600014,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:40:04.089Z,2170c32d-d255-47e5-a81d-e8e0d8972f14,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:40:04.087Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:40:04.089Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:41:04.232Z,18cd7599-91d2-45ba-b8e2-7eec5f351902,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,4,,5,,5,5,,,,BeginRequest=2023-02-08T00:41:04.226Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:41:04.232Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:42:04.297Z,4604aaed-c132-4b23-9064-5fc013ce2360,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,11,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:42:04.296Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:42:04.297Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:43:04.417Z,ae2ea565-895b-44ba-ab66-f8e1b9d48315,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,14,0,,,,,,,,,0,0,10,,10,,11,11,,,,BeginRequest=2023-02-08T00:43:04.405Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:43:04.417Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:44:04.467Z,cef0b519-76b7-4553-a410-127ea6e7dde8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:44:04.466Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:44:04.467Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:40:04.089Z,2170c32d-d255-47e5-a81d-e8e0d8972f14,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:40:04.087Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:40:04.089Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:41:04.232Z,18cd7599-91d2-45ba-b8e2-7eec5f351902,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,4,,5,,5,5,,,,BeginRequest=2023-08-27T00:41:04.226Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:41:04.232Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:42:04.297Z,4604aaed-c132-4b23-9064-5fc013ce2360,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,11,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:42:04.296Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:42:04.297Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:43:04.417Z,ae2ea565-895b-44ba-ab66-f8e1b9d48315,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,14,0,,,,,,,,,0,0,10,,10,,11,11,,,,BeginRequest=2023-08-27T00:43:04.405Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:43:04.417Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:44:04.467Z,cef0b519-76b7-4553-a410-127ea6e7dde8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,4,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:44:04.466Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:44:04.467Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
 ,31775000-b4b7-4568-9e5e-e99787284538,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600013,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity;I32:ATE.C[MISSED]=3;F:ATE.AL[MISSED]=0;I32:ADR.C[MISSED]=2;F:ADR.AL[MISSED]=1.83505;I32:ADS.C[MISSED]=1;F:ADS.AL[MISSED]=1.7742,,,,,,
-2023-02-08T00:45:06.687Z,b239c01b-9204-4d3b-a978-04a0162bab02,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,33,0,,0,,0,,0,0,,0,290,0,,,,,,,,,0,0,195,,195,,228,228,,,,BeginRequest=2023-02-08T00:45:06.458Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:45:06.687Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:46:04.982Z,9c3576a5-79a8-4a79-b24b-8a8e10668e4e,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:46:04.980Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:46:04.982Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:47:05.063Z,e48a1f91-8ed1-438a-8adc-6ef8e9a18481,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,6,0,,,,,,,,,0,1,3,,4,,4,4,,,,BeginRequest=2023-02-08T00:47:05.059Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:47:05.063Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:48:05.258Z,fe01b58c-8365-48fb-8518-57f9736dca46,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:48:05.257Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:48:05.258Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:49:05.363Z,12f49f0c-cdda-41e9-bcae-5f700894b6fe,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,27,0,,0,,0,,0,0,,0,30,0,,,,,,,,,0,0,2,,2,,29,29,,,,BeginRequest=2023-02-08T00:49:05.334Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:49:05.363Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=10.2332;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.4776,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:45:06.687Z,b239c01b-9204-4d3b-a978-04a0162bab02,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,33,0,,0,,0,,0,0,,0,290,0,,,,,,,,,0,0,195,,195,,228,228,,,,BeginRequest=2023-08-27T00:45:06.458Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:45:06.687Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:46:04.982Z,9c3576a5-79a8-4a79-b24b-8a8e10668e4e,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:46:04.980Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:46:04.982Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:47:05.063Z,e48a1f91-8ed1-438a-8adc-6ef8e9a18481,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,6,0,,,,,,,,,0,1,3,,4,,4,4,,,,BeginRequest=2023-08-27T00:47:05.059Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:47:05.063Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:48:05.258Z,fe01b58c-8365-48fb-8518-57f9736dca46,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:48:05.257Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:48:05.258Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:49:05.363Z,12f49f0c-cdda-41e9-bcae-5f700894b6fe,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,27,0,,0,,0,,0,0,,0,30,0,,,,,,,,,0,0,2,,2,,29,29,,,,BeginRequest=2023-08-27T00:49:05.334Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:49:05.363Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=10.2332;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.4776,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
 ,cc9a4f2f-a620-499f-ac30-37c5cce7b14b,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600017,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:50:05.358Z,1fc176f4-aee6-4060-9f85-d4f5cbe6063b,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:50:05.356Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:50:05.358Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:51:05.601Z,89d77b02-676e-43cf-a8e5-bf3c05861e1d,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,12,0,,0,,0,,0,0,,0,14,0,,,,,,,,,0,0,2,,2,,14,14,,,,BeginRequest=2023-02-08T00:51:05.587Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:51:05.601Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=2.35695;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0.25;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.64625,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:52:05.615Z,77dbe4aa-898f-413b-9795-79979bee1004,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,2,,2,,2,2,,,,BeginRequest=2023-02-08T00:52:05.613Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:52:05.615Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:53:05.707Z,27656f4a-cc74-4961-bfc9-0fa69d85c7ec,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,2,0,,0,,0,,0,0,,0,17,0,,,,,,,,,1,1,10,,11,,13,13,,,,BeginRequest=2023-02-08T00:53:05.693Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:53:05.707Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
-2023-02-08T00:54:05.742Z,da8e552e-018b-44a9-8a30-279fd0a009ef,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,4,,4,,5,5,,,,BeginRequest=2023-02-08T00:54:05.737Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:54:05.742Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:50:05.358Z,1fc176f4-aee6-4060-9f85-d4f5cbe6063b,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:50:05.356Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:50:05.358Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:51:05.601Z,89d77b02-676e-43cf-a8e5-bf3c05861e1d,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,12,0,,0,,0,,0,0,,0,14,0,,,,,,,,,0,0,2,,2,,14,14,,,,BeginRequest=2023-08-27T00:51:05.587Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:51:05.601Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=2.35695;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0.25;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.64625,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:52:05.615Z,77dbe4aa-898f-413b-9795-79979bee1004,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,0,,0,,0,,0,0,,0,2,0,,,,,,,,,0,0,2,,2,,2,2,,,,BeginRequest=2023-08-27T00:52:05.613Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:52:05.615Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:53:05.707Z,27656f4a-cc74-4961-bfc9-0fa69d85c7ec,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox96881f2,,Sid~S-1-5-21-434387928-2799628836-4171586136-1618,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-03.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,2,0,,0,,0,,0,0,,0,17,0,,,,,,,,,1,1,10,,11,,13,13,,,,BeginRequest=2023-08-27T00:53:05.693Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:53:05.707Z;,,,|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a,,,CafeV1
+2023-08-27T00:54:05.742Z,da8e552e-018b-44a9-8a30-279fd0a009ef,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,4,,4,,5,5,,,,BeginRequest=2023-08-27T00:54:05.737Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:54:05.742Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,0b45e021-fa38-4184-8c0d-fa0e993b7067,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600021,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity,,,,,,
-2023-02-08T00:55:05.741Z,1cfd7927-5849-4742-a5ba-d52552accec4,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,2,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,0,,0,,2,2,,,,BeginRequest=2023-02-08T00:55:05.739Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:55:05.741Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:56:08.212Z,22e7e005-57db-4ce8-aa72-ff272602fcc8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,2,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,1,,1,,3,3,,,,BeginRequest=2023-02-08T00:56:08.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:56:08.212Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
-2023-02-08T00:57:05.890Z,d624163b-ed94-45b1-9166-39f7ffeaf86d,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,6,0,,,,,,,,,0,0,4,,4,,5,5,,,,BeginRequest=2023-02-08T00:57:05.885Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:57:05.890Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
-2023-02-08T00:58:07.835Z,581c859d-a6d4-42ef-ac0d-24ed56450308,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-02-08T00:58:07.833Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:58:07.835Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
-2023-02-08T00:59:06.021Z,a9a2ca55-125e-4a67-a81d-2fad7ab464a2,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,4,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-02-08T00:59:06.020Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:59:06.021Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:55:05.741Z,1cfd7927-5849-4742-a5ba-d52552accec4,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,2,0,,0,,0,,0,0,,0,3,0,,,,,,,,,0,0,0,,0,,2,2,,,,BeginRequest=2023-08-27T00:55:05.739Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:55:05.741Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:56:08.212Z,22e7e005-57db-4ce8-aa72-ff272602fcc8,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox866bb29,,Sid~S-1-5-21-434387928-2799628836-4171586136-1129,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-02.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,2,0,,0,,0,,0,0,,0,5,0,,,,,,,,,0,0,1,,1,,3,3,,,,BeginRequest=2023-08-27T00:56:08.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:56:08.212Z;,,,|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059,,,CafeV1
+2023-08-27T00:57:05.890Z,d624163b-ed94-45b1-9166-39f7ffeaf86d,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox501a219,,Sid~S-1-5-21-434387928-2799628836-4171586136-1619,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-04.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,6,0,,,,,,,,,0,0,4,,4,,5,5,,,,BeginRequest=2023-08-27T00:57:05.885Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:57:05.890Z;,,,|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040,,,CafeV1
+2023-08-27T00:58:07.835Z,581c859d-a6d4-42ef-ac0d-24ed56450308,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,127.0.0.1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,1,0,,0,,0,,0,0,,0,7,0,,,,,,,,,0,0,0,,0,,1,1,,,,BeginRequest=2023-08-27T00:58:07.833Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:58:07.835Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
+2023-08-27T00:59:06.021Z,a9a2ca55-125e-4a67-a81d-2fad7ab464a2,15,2,1118,20,,Autodiscover,localhost,/AutoDiscover/,,Negotiate,true,RES\HealthMailbox356d248,,Sid~S-1-5-21-434387928-2799628836-4171586136-1617,AMProbe/Local/ClientAccess,::1,TS-EX19-04,200,,,GET,Proxy,TS-EX19-01.res.contoso.com,15.02.1118.000,IntraForest,WindowsIdentity,,,,0,,,,0,1,,0,,0,,0,0,,0,4,0,,,,,,,,,0,1,0,,1,,1,1,,,,BeginRequest=2023-08-27T00:59:06.020Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:59:06.021Z;,,,|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8,,,CafeV1
 ,1beb289b-b8a7-4a14-8b29-9a5fd6d4f1cb,15,2,1118,20,,,,,,,,,,,,,TS-EX19-04,,,,,,,,,,,,,,,,,,,,,,,,,,,,600016,,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity;Dbl:ADB.T[UNINSTR]=5;I32:ADS.C[UNINSTR]=1;F:ADS.AL[UNINSTR]=1.2815,,,,,,
diff --git a/Sample Data/Custom/ESI-HttpProxyLogs.json b/Sample Data/Custom/ESI-HttpProxyLogs.json
index b7eb3ab9ed5..f412a1e4334 100644
--- a/Sample Data/Custom/ESI-HttpProxyLogs.json	
+++ b/Sample Data/Custom/ESI-HttpProxyLogs.json	
@@ -1,6 +1,6 @@
 [
   {
-    "DateTime": "2023-02-08T00:00:03.324Z",
+    "DateTime": "2023-08-27T00:00:03.324Z",
     "RequestId": "26dd3d37-651e-43e9-a928-fad7f55eec30",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -67,7 +67,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:00:03.323Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:00:03.324Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:00:03.323Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:00:03.324Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -76,7 +76,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:01:04.313Z",
+    "DateTime": "2023-08-27T00:01:04.313Z",
     "RequestId": "2a5d89d4-d393-4bab-8a42-c634dde3f7d1",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -143,7 +143,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:01:04.311Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:01:04.313Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:01:04.311Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:01:04.313Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -152,7 +152,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:02:01.046Z",
+    "DateTime": "2023-08-27T00:02:01.046Z",
     "RequestId": "caf00545-8fcd-4a89-ad02-3815f2051fc6",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -219,7 +219,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:02:01.045Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:02:01.046Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:02:01.045Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:02:01.046Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -228,7 +228,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:03:01.052Z",
+    "DateTime": "2023-08-27T00:03:01.052Z",
     "RequestId": "dfc399e6-b77c-4b82-9f55-bd6c22d3400b",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -295,7 +295,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:03:01.049Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:03:01.052Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:03:01.049Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:03:01.052Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -304,7 +304,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:04:01.176Z",
+    "DateTime": "2023-08-27T00:04:01.176Z",
     "RequestId": "1c86edef-7196-49cb-829b-f6af9346ea81",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -371,7 +371,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:04:01.173Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:04:01.176Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:04:01.173Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:04:01.176Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -456,7 +456,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:05:01.204Z",
+    "DateTime": "2023-08-27T00:05:01.204Z",
     "RequestId": "d91edba7-e75c-4cf8-b371-d11938acea46",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -523,7 +523,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:05:01.202Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:05:01.204Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:05:01.202Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:05:01.204Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -532,7 +532,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:06:01.186Z",
+    "DateTime": "2023-08-27T00:06:01.186Z",
     "RequestId": "7904232f-acc3-4765-83c8-d21e464ad802",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -599,7 +599,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:06:01.183Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:06:01.186Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:06:01.183Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:06:01.186Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -608,7 +608,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:07:01.222Z",
+    "DateTime": "2023-08-27T00:07:01.222Z",
     "RequestId": "f8049135-10a6-4d6d-b62b-a1eff1e1dfc7",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -675,7 +675,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:07:01.220Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:07:01.222Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:07:01.220Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:07:01.222Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -684,7 +684,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:08:01.372Z",
+    "DateTime": "2023-08-27T00:08:01.372Z",
     "RequestId": "7fc0bf66-8944-4072-93b5-2ec4f2288670",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -751,7 +751,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:08:01.371Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:08:01.372Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:08:01.371Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:08:01.372Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -760,7 +760,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:09:01.470Z",
+    "DateTime": "2023-08-27T00:09:01.470Z",
     "RequestId": "93456641-1baa-4963-a654-09211f129a56",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -827,7 +827,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:09:01.465Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/7/2023 11:38:59 PM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:09:01.470Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:09:01.465Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/7/2023 11:38:59 PM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:09:01.470Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -912,7 +912,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:10:01.631Z",
+    "DateTime": "2023-08-27T00:10:01.631Z",
     "RequestId": "7cc9b8d0-21ce-40cc-973f-bb65ec17507c",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -979,7 +979,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:10:01.629Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:10:01.631Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:10:01.629Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:10:01.631Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -988,7 +988,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:11:01.525Z",
+    "DateTime": "2023-08-27T00:11:01.525Z",
     "RequestId": "b32ced2d-ca79-4294-a075-b13999c3f268",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1055,7 +1055,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:11:01.523Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:11:01.525Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:11:01.523Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:11:01.525Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -1064,7 +1064,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:12:01.673Z",
+    "DateTime": "2023-08-27T00:12:01.673Z",
     "RequestId": "3c3d928d-4774-4857-89a4-343e84abb108",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1131,7 +1131,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:12:01.672Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:12:01.673Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:12:01.672Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:12:01.673Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -1140,7 +1140,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:13:01.807Z",
+    "DateTime": "2023-08-27T00:13:01.807Z",
     "RequestId": "32c63760-6e2d-4465-b980-9a3dcfd60b29",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1207,7 +1207,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:13:01.804Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:13:01.807Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:13:01.804Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:13:01.807Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -1216,7 +1216,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:14:01.820Z",
+    "DateTime": "2023-08-27T00:14:01.820Z",
     "RequestId": "463cee32-6387-4a39-b42f-be767939435a",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1283,7 +1283,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:14:01.819Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:14:01.820Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:14:01.819Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:14:01.820Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -1368,7 +1368,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:15:01.888Z",
+    "DateTime": "2023-08-27T00:15:01.888Z",
     "RequestId": "e757ef0e-6e63-4cb0-b94c-e4e353321c76",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1435,7 +1435,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:15:01.887Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:15:01.888Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:15:01.887Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:15:01.888Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -1444,7 +1444,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:16:02.012Z",
+    "DateTime": "2023-08-27T00:16:02.012Z",
     "RequestId": "ff3b24c2-bf07-4df9-ac83-4ba00c1479a3",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1511,7 +1511,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:16:02.009Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:16:02.012Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:16:02.009Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:16:02.012Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -1520,7 +1520,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:17:02.034Z",
+    "DateTime": "2023-08-27T00:17:02.034Z",
     "RequestId": "2b3ab478-4a94-42a1-92f3-41d1215f3343",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1587,7 +1587,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:17:02.033Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:17:02.034Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:17:02.033Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:17:02.034Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -1596,7 +1596,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:18:02.145Z",
+    "DateTime": "2023-08-27T00:18:02.145Z",
     "RequestId": "7fa07211-6c84-4947-92f8-148276067fc8",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1663,7 +1663,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:18:02.143Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:18:02.145Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:18:02.143Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:18:02.145Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -1672,7 +1672,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:19:02.210Z",
+    "DateTime": "2023-08-27T00:19:02.210Z",
     "RequestId": "0ad151e5-4bcd-4010-a7ed-ba832690d50e",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1739,7 +1739,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:19:02.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:19:02.210Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:19:02.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:19:02.210Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -1824,7 +1824,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:20:02.342Z",
+    "DateTime": "2023-08-27T00:20:02.342Z",
     "RequestId": "23dd4b4c-8eeb-4d09-9561-110735a0f520",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1891,7 +1891,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:20:02.338Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:20:02.342Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:20:02.338Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:20:02.342Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -1900,7 +1900,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:21:02.492Z",
+    "DateTime": "2023-08-27T00:21:02.492Z",
     "RequestId": "fbf93ace-a18a-4964-9f4b-f7dc57c55cff",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -1967,7 +1967,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:21:02.487Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:21:02.492Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:21:02.487Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:21:02.492Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -1976,7 +1976,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:22:02.569Z",
+    "DateTime": "2023-08-27T00:22:02.569Z",
     "RequestId": "2dd48b8e-b46f-4a97-84c5-f829bdaddf20",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2043,7 +2043,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:22:02.568Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:22:02.569Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:22:02.568Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:22:02.569Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -2052,7 +2052,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:23:02.575Z",
+    "DateTime": "2023-08-27T00:23:02.575Z",
     "RequestId": "aaf9cc0f-2628-4cd9-af2e-db2c85467d55",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2119,7 +2119,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:23:02.563Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:23:02.575Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:23:02.563Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:23:02.575Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -2128,7 +2128,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:24:02.680Z",
+    "DateTime": "2023-08-27T00:24:02.680Z",
     "RequestId": "7c900c10-ab63-43f4-b53d-9a3274447f44",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2195,7 +2195,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:24:02.679Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:24:02.680Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:24:02.679Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:24:02.680Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -2280,7 +2280,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:25:02.793Z",
+    "DateTime": "2023-08-27T00:25:02.793Z",
     "RequestId": "30b16933-fcd7-4e01-815a-bb21cd0a133f",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2347,7 +2347,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:25:02.787Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:25:02.793Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:25:02.787Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:25:02.793Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -2356,7 +2356,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:26:02.796Z",
+    "DateTime": "2023-08-27T00:26:02.796Z",
     "RequestId": "d2b47954-c3ea-49cb-90ef-2984dab2b466",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2423,7 +2423,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:26:02.794Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:26:02.796Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:26:02.794Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:26:02.796Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -2432,7 +2432,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:27:02.832Z",
+    "DateTime": "2023-08-27T00:27:02.832Z",
     "RequestId": "33516636-4baa-4b6c-b51a-ec52de98e21e",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2499,7 +2499,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:27:02.831Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:27:02.832Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:27:02.831Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:27:02.832Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -2508,7 +2508,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:28:02.834Z",
+    "DateTime": "2023-08-27T00:28:02.834Z",
     "RequestId": "4dbca35d-091a-4d8d-8108-0dce06091ab0",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2575,7 +2575,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:28:02.832Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:28:02.834Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:28:02.832Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:28:02.834Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -2584,7 +2584,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:29:02.936Z",
+    "DateTime": "2023-08-27T00:29:02.936Z",
     "RequestId": "d9d432b8-0dcd-44fb-a618-e5bcb954f4f0",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2651,7 +2651,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:29:02.934Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:29:02.936Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:29:02.934Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:29:02.936Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -2736,7 +2736,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:30:03.045Z",
+    "DateTime": "2023-08-27T00:30:03.045Z",
     "RequestId": "04202d92-0581-4a40-891e-6480e4964b05",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2803,7 +2803,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:30:03.019Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:30:03.045Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:30:03.019Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:30:03.045Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -2812,7 +2812,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:31:03.033Z",
+    "DateTime": "2023-08-27T00:31:03.033Z",
     "RequestId": "ffea0894-d7ea-459a-89bc-760929d955cf",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2879,7 +2879,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:31:03.031Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:31:03.033Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:31:03.031Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:31:03.033Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -2888,7 +2888,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:32:06.250Z",
+    "DateTime": "2023-08-27T00:32:06.250Z",
     "RequestId": "6e3a889e-ff21-4e2d-a293-cfafb96816a1",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -2955,7 +2955,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:32:06.132Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:32:06.250Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=29.1567;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.57895",
+    "GenericInfo": "BeginRequest=2023-08-27T00:32:06.132Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:32:06.250Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=29.1567;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.57895",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -2964,7 +2964,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:33:06.956Z",
+    "DateTime": "2023-08-27T00:33:06.956Z",
     "RequestId": "c06fb72f-5a7d-4003-b2b8-b58ad07a88bb",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3031,7 +3031,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:33:06.954Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:33:06.956Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:33:06.954Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:33:06.956Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -3040,7 +3040,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:34:03.313Z",
+    "DateTime": "2023-08-27T00:34:03.313Z",
     "RequestId": "097f004b-a78e-4c02-bd3f-b552acbdfd01",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3107,7 +3107,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:34:03.312Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:34:03.313Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:34:03.312Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:34:03.313Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -3192,7 +3192,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:35:03.429Z",
+    "DateTime": "2023-08-27T00:35:03.429Z",
     "RequestId": "c1dd2aea-2c60-4d03-a38c-e7d0666a5436",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3259,7 +3259,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:35:03.427Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:35:03.429Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:35:03.427Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:35:03.429Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -3268,7 +3268,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:36:08.784Z",
+    "DateTime": "2023-08-27T00:36:08.784Z",
     "RequestId": "ad9a9e62-2dc7-41e1-a5e6-068dccdf19bd",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3335,7 +3335,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:36:08.782Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:36:08.784Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:36:08.782Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:36:08.784Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -3344,7 +3344,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:37:03.673Z",
+    "DateTime": "2023-08-27T00:37:03.673Z",
     "RequestId": "55314d35-66fe-4a8c-995c-4073fe06b772",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3411,7 +3411,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:37:03.669Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:37:03.673Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:37:03.669Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:37:03.673Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -3420,7 +3420,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:38:03.820Z",
+    "DateTime": "2023-08-27T00:38:03.820Z",
     "RequestId": "3a134800-ebc8-45e9-aa51-30536b3b2dd8",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3487,7 +3487,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:38:03.815Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:38:03.820Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:38:03.815Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:38:03.820Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -3496,7 +3496,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:39:04.039Z",
+    "DateTime": "2023-08-27T00:39:04.039Z",
     "RequestId": "097a4925-5435-45be-949d-a129db4ea981",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3563,7 +3563,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:39:04.037Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/8/2023 12:09:01 AM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:39:04.039Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:39:04.037Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=399bc9b2-7312-46e0-8181-fee7a0ffeaf8;RefreshingCacheEntry=CacheEntry(BackEndServer TS-EX19-01.RES.contoso.com~1942127710|ResourceForest contoso.com|FailoverSequenceNumber 638113239236337077|LastRefreshTime 2/8/2023 12:09:01 AM);FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:39:04.039Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -3648,7 +3648,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:40:04.089Z",
+    "DateTime": "2023-08-27T00:40:04.089Z",
     "RequestId": "2170c32d-d255-47e5-a81d-e8e0d8972f14",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3715,7 +3715,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:40:04.087Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:40:04.089Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:40:04.087Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:40:04.089Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -3724,7 +3724,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:41:04.232Z",
+    "DateTime": "2023-08-27T00:41:04.232Z",
     "RequestId": "18cd7599-91d2-45ba-b8e2-7eec5f351902",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3791,7 +3791,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:41:04.226Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:41:04.232Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:41:04.226Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:41:04.232Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -3800,7 +3800,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:42:04.297Z",
+    "DateTime": "2023-08-27T00:42:04.297Z",
     "RequestId": "4604aaed-c132-4b23-9064-5fc013ce2360",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3867,7 +3867,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:42:04.296Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:42:04.297Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:42:04.296Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:42:04.297Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -3876,7 +3876,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:43:04.417Z",
+    "DateTime": "2023-08-27T00:43:04.417Z",
     "RequestId": "ae2ea565-895b-44ba-ab66-f8e1b9d48315",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -3943,7 +3943,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:43:04.405Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:43:04.417Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:43:04.405Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:43:04.417Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -3952,7 +3952,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:44:04.467Z",
+    "DateTime": "2023-08-27T00:44:04.467Z",
     "RequestId": "cef0b519-76b7-4553-a410-127ea6e7dde8",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4019,7 +4019,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:44:04.466Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:44:04.467Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:44:04.466Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:44:04.467Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -4104,7 +4104,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:45:06.687Z",
+    "DateTime": "2023-08-27T00:45:06.687Z",
     "RequestId": "b239c01b-9204-4d3b-a978-04a0162bab02",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4171,7 +4171,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:45:06.458Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:45:06.687Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:45:06.458Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:45:06.687Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -4180,7 +4180,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:46:04.982Z",
+    "DateTime": "2023-08-27T00:46:04.982Z",
     "RequestId": "9c3576a5-79a8-4a79-b24b-8a8e10668e4e",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4247,7 +4247,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:46:04.980Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:46:04.982Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:46:04.980Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:46:04.982Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -4256,7 +4256,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:47:05.063Z",
+    "DateTime": "2023-08-27T00:47:05.063Z",
     "RequestId": "e48a1f91-8ed1-438a-8adc-6ef8e9a18481",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4323,7 +4323,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:47:05.059Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:47:05.063Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:47:05.059Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:47:05.063Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -4332,7 +4332,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:48:05.258Z",
+    "DateTime": "2023-08-27T00:48:05.258Z",
     "RequestId": "fe01b58c-8365-48fb-8518-57f9736dca46",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4399,7 +4399,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:48:05.257Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:48:05.258Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:48:05.257Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:48:05.258Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -4408,7 +4408,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:49:05.363Z",
+    "DateTime": "2023-08-27T00:49:05.363Z",
     "RequestId": "12f49f0c-cdda-41e9-bcae-5f700894b6fe",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4475,7 +4475,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:49:05.334Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:49:05.363Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=10.2332;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.4776",
+    "GenericInfo": "BeginRequest=2023-08-27T00:49:05.334Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:49:05.363Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=10.2332;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.4776",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -4560,7 +4560,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:50:05.358Z",
+    "DateTime": "2023-08-27T00:50:05.358Z",
     "RequestId": "1fc176f4-aee6-4060-9f85-d4f5cbe6063b",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4627,7 +4627,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:50:05.356Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:50:05.358Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:50:05.356Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:50:05.358Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -4636,7 +4636,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:51:05.601Z",
+    "DateTime": "2023-08-27T00:51:05.601Z",
     "RequestId": "89d77b02-676e-43cf-a8e5-bf3c05861e1d",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4703,7 +4703,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:51:05.587Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:51:05.601Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=2.35695;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0.25;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.64625",
+    "GenericInfo": "BeginRequest=2023-08-27T00:51:05.587Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:51:05.601Z;I32:ADS.C[BR-DC-02]=2;F:ADS.AL[BR-DC-02]=2.35695;I32:ATE.C[BR-DC-02.RES.contoso.com]=4;F:ATE.AL[BR-DC-02.RES.contoso.com]=0.25;I32:ADR.C[BR-DC-02]=2;F:ADR.AL[BR-DC-02]=1.64625",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -4712,7 +4712,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:52:05.615Z",
+    "DateTime": "2023-08-27T00:52:05.615Z",
     "RequestId": "77dbe4aa-898f-413b-9795-79979bee1004",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4779,7 +4779,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:52:05.613Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:52:05.615Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:52:05.613Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:52:05.615Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -4788,7 +4788,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:53:05.707Z",
+    "DateTime": "2023-08-27T00:53:05.707Z",
     "RequestId": "27656f4a-cc74-4961-bfc9-0fa69d85c7ec",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4855,7 +4855,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:53:05.693Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:53:05.707Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:53:05.693Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:53:05.707Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:7b922fbc-5b8f-496b-be13-ccc0a9fd6a7a",
@@ -4864,7 +4864,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:54:05.742Z",
+    "DateTime": "2023-08-27T00:54:05.742Z",
     "RequestId": "da8e552e-018b-44a9-8a30-279fd0a009ef",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -4931,7 +4931,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:54:05.737Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:54:05.742Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:54:05.737Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:54:05.742Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -5016,7 +5016,7 @@
     "RoutingStatus": ""
   },
   {
-    "DateTime": "2023-02-08T00:55:05.741Z",
+    "DateTime": "2023-08-27T00:55:05.741Z",
     "RequestId": "1cfd7927-5849-4742-a5ba-d52552accec4",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -5083,7 +5083,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:55:05.739Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:55:05.741Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:55:05.739Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:55:05.741Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -5092,7 +5092,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:56:08.212Z",
+    "DateTime": "2023-08-27T00:56:08.212Z",
     "RequestId": "22e7e005-57db-4ce8-aa72-ff272602fcc8",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -5159,7 +5159,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:56:08.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:56:08.212Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:56:08.209Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:56:08.212Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ee8ad99c-fbcb-45c2-939e-81869b5ee059",
@@ -5168,7 +5168,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:57:05.890Z",
+    "DateTime": "2023-08-27T00:57:05.890Z",
     "RequestId": "d624163b-ed94-45b1-9166-39f7ffeaf86d",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -5235,7 +5235,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:57:05.885Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:57:05.890Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:57:05.885Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:57:05.890Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:ea58efbd-ca6c-4d7d-b738-383065284040",
@@ -5244,7 +5244,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:58:07.835Z",
+    "DateTime": "2023-08-27T00:58:07.835Z",
     "RequestId": "581c859d-a6d4-42ef-ac0d-24ed56450308",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -5311,7 +5311,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:58:07.833Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:58:07.835Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:58:07.833Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:58:07.835Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
@@ -5320,7 +5320,7 @@
     "RoutingStatus": "CafeV1"
   },
   {
-    "DateTime": "2023-02-08T00:59:06.021Z",
+    "DateTime": "2023-08-27T00:59:06.021Z",
     "RequestId": "a9a2ca55-125e-4a67-a81d-2fad7ab464a2",
     "MajorVersion": "15",
     "MinorVersion": "2",
@@ -5387,7 +5387,7 @@
     "RouteRefresherLatency": "",
     "UrlQuery": "",
     "BackEndGenericInfo": "",
-    "GenericInfo": "BeginRequest=2023-02-08T00:59:06.020Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-02-08T00:59:06.021Z;",
+    "GenericInfo": "BeginRequest=2023-08-27T00:59:06.020Z;CorrelationID=<empty>;ProxyState-Run=None;FEAuth=BEVersion-1942127710;ProxyState-Complete=PrepareServerRequest;SharedCacheGuard=0;EndRequest=2023-08-27T00:59:06.021Z;",
     "GenericErrors": "",
     "EdgeTraceId": "",
     "DatabaseGuid": "|RoutingDB:399bc9b2-7312-46e0-8181-fee7a0ffeaf8",
diff --git a/Sample Data/Custom/ESI-MessageTrackingLogs-CSV.txt b/Sample Data/Custom/ESI-MessageTrackingLogs-CSV.txt
index 0d878a84b4f..321a3e68a52 100644
--- a/Sample Data/Custom/ESI-MessageTrackingLogs-CSV.txt	
+++ b/Sample Data/Custom/ESI-MessageTrackingLogs-CSV.txt	
@@ -1,10 +1,10 @@
 date-time,client-ip,client-hostname,server-ip,server-hostname,source-context,connector-id,source,event-id,internal-message-id,message-id,network-message-id,recipient-address,recipient-status,total-bytes,recipient-count,related-recipient-address,reference,message-subject,sender-address,return-path,message-info,directionality,tenant-id,original-client-ip,original-server-ip,custom-data,transport-traffic-type,log-id,schema-version
-2023-02-26T02:40:03.005Z,,,,TS-EX19-04,"TS-EX19-03.RES.contoso.com=250 2.6.0 <1116-23956-1677379188@hz-fw-01.contoso1.com> [InternalId=48112223649793, Hostname=TS-EX19-03.RES.contoso.com] Queued mail for redundancy",,SMTP,HAREDIRECT,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,fw-admin@contoso1.com,,410220,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,,,S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,3c34a0be-9d67-48c7-4c26-08db17a2c332,15.02.1118.021
-2023-02-26T02:40:03.008Z,10.1.2.24,TS-EX19-04.RES.contoso.com,10.1.2.24,TS-EX19-04,08DB0F5DBC3D2C80;2023-02-26T02:40:02.669Z;0,TS-EX19-04\Default TS-EX19-04,SMTP,RECEIVE,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,fw-admin@contoso1.com,,410220,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,0cA: ,Incoming,,10.0.0.254,10.1.2.24,S:ProxyHop1=TS-EX19-04.RES.contoso.com(10.1.2.24);S:MessageValue=MediumHigh;S:Replication=TS-EX19-03;S:FirstForestHop=TS-EX19-04.RES.contoso.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.0.0.254;S:ProxiedClientHostname=hz-fw-01.contoso1.com;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,79bb9b0f-120c-4e8d-c05f-08db17a2c332,15.02.1118.021
-2023-02-26T02:40:03.817Z,,,,TS-EX19-04,/o=B13/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=c30973bf62e34d558eebb7c307232e31-Gilbert,,ROUTING,RESOLVE,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com,,410449,1,fw-admin@contoso1.com,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,,,S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,a79f3963-b134-4ada-4b9e-08db17a2c3ae,15.02.1118.021
-2023-02-26T02:40:03.841Z,,TS-EX19-04,,,Transport Rule Agent,,AGENT,RECEIVE,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,5jxp9m4hOc6q@7UGApwbvQ.com,,410613,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,,,S:RecipientType=Bcc;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,4554d722-52f0-46e0-f4d3-08db17a2c3b1,15.02.1118.021
-2023-02-26T02:40:03.844Z,,TS-EX19-04,,,AgentDefer,,AGENT,AGENTINFO,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com;5jxp9m4hOc6q@7UGApwbvQ.com,,410613,2,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,10.0.0.254,10.1.2.24,"S:AMA=SUM|v=0|action=|error=|atch=25;S:AMA=EV|engine=M|v=0|sig=1.383.650.0|name=|file=;S:TRA=ETR|ruleId=f124891a-6a94-466a-95d6-82b59a9f5b06|st=10/9/2022 12:48:38 AM|action=BlindCopyTo|sev=1|mode=Enforce;S:TRA=ETRP|ruleId=f124891a-6a94-466a-95d6-82b59a9f5b06|st=2022-10-09T00:48:38.0000000Z|ExecW=5|ExecC=0|Actions=AER,1|Conditions=CP,M.ER,0;S:CompCost=|AMA=0;S:DeliveryPriority=Normal;S:AccountForest=contoso.com",Email,58a5ace2-f2b5-4063-6a93-08db17a2c3b2,15.02.1118.021
-2023-02-26T02:40:03.845Z,,,,TS-EX19-04,Transport Rule Agent,,AGENT,RESUBMIT,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com;5jxp9m4hOc6q@7UGApwbvQ.com,;,410613,2,,48782238547969,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,,,,,S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,706bc799-bee7-44e1-902c-08db17a2c3b2,15.02.1118.021
-2023-02-26T02:40:04.681Z,,TS-EX19-04,,,CatContentConversion,,AGENT,AGENTINFO,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com;5jxp9m4hOc6q@7UGApwbvQ.com,,410705,2,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,10.0.0.254,10.1.2.24,S:AMA=SUM|action=p|error=|atch=0;S:TRA=ETRI|MsgType=Normal|Ex=|IsKnown=|FipsStatus=NoFips|AttchUns=|ceErr=|Synth=False-Na-;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,2e7f83ef-7fa6-49ae-18eb-08db17a2c432,15.02.1118.021
-2023-02-26T02:40:06.426Z,10.1.2.24,TS-EX19-04,10.1.2.24,TS-EX19-04.RES.contoso.com,;250 2.0.0 OK <1116-23956-1677379188@hz-fw-01.contoso1.com> [Hostname=TS-EX19-04.RES.contoso.com];ClientSubmitTime:,Intra-Organization SMTP Send Connector,SMTP,SEND,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com,250 2.1.5 Recipient OK,419612,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,2023-02-26T02:40:02.316Z;LSRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=3.694|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.002|QDM=0.041|SMSC=0.158(X-SMSDR=0.039)|SMS=1.536(SMSMBXD=1.458)|UNK=0.002,Incoming,,,,S:E2ELatency=4.110;S:MsgRecipCount=1;S:IncludeInSla=True;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=Opportunistic;S:IsSmtpResponseFromExternalServer=False;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,958a7ce6-0dfb-4302-62aa-08db17a2c53c,15.02.1118.021
-2023-02-26T02:40:07.103Z,10.1.2.24,TS-EX19-04,104.47.22.138,contoso1.com.mail.protection.outlook.com,";250 2.6.0 <1116-23956-1677379188@hz-fw-01.contoso1.com> [InternalId=4015794426053, Hostname=DU0PR08MB8231.eurprd08.prod.outlook.com] 418235 bytes in 0.233, 1747.513 KB/sec Queued mail for delivery;ClientSubmitTime:",Internet B1129E5 to Office 365,SMTP,SENDEXTERNAL,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,5jxp9m4hOc6q@7UGApwbvQ.com,250 2.1.5 Recipient OK,419612,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,2023-02-26T02:40:02.316Z;SRV=TS-EX19-04.RES.contoso.com:TOTAL-FE=0.416|SMR=0.125(SMRRC=0.002|SMREH=0.001|SMRPI=0.054(SMRPI-FrontendProxyAgent=0.053))|SMS=0.289;SRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=4.371|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.001|QDE=0.610|SMSC=1.138(X-SMSDR=0.609)|SMS=0.667,Incoming,,,,S:E2ELatency=4.788;S:ExternalSendLatency=2.371;S:ToEntity=Internet;S:FromEntity=Internet;S:MsgRecipCount=1;S:IncludeInSla=True;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=CertificateValidation;S:Microsoft.Exchange.Transport.MailRecipient.EffectiveTlsAuthLevel=CertificateValidation;S:IsSmtpResponseFromExternalServer=True;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,c89f66d8-95d5-46a7-ba78-08db17a2c5a3,15.02.1118.021
+2023-08-27T02:40:03.005Z,,,,TS-EX19-04,"TS-EX19-03.RES.contoso.com=250 2.6.0 <1116-23956-1677379188@hz-fw-01.contoso1.com> [InternalId=48112223649793, Hostname=TS-EX19-03.RES.contoso.com] Queued mail for redundancy",,SMTP,HAREDIRECT,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,fw-admin@contoso1.com,,410220,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,,,S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,3c34a0be-9d67-48c7-4c26-08db17a2c332,15.02.1118.021
+2023-08-27T02:40:03.008Z,10.1.2.24,TS-EX19-04.RES.contoso.com,10.1.2.24,TS-EX19-04,08DB0F5DBC3D2C80;2023-08-27T02:40:02.669Z;0,TS-EX19-04\Default TS-EX19-04,SMTP,RECEIVE,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,fw-admin@contoso1.com,,410220,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,0cA: ,Incoming,,10.0.0.254,10.1.2.24,S:ProxyHop1=TS-EX19-04.RES.contoso.com(10.1.2.24);S:MessageValue=MediumHigh;S:Replication=TS-EX19-03;S:FirstForestHop=TS-EX19-04.RES.contoso.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.0.0.254;S:ProxiedClientHostname=hz-fw-01.contoso1.com;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,79bb9b0f-120c-4e8d-c05f-08db17a2c332,15.02.1118.021
+2023-08-27T02:40:03.817Z,,,,TS-EX19-04,/o=B13/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=c30973bf62e34d558eebb7c307232e31-Gilbert,,ROUTING,RESOLVE,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com,,410449,1,fw-admin@contoso1.com,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,,,S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,a79f3963-b134-4ada-4b9e-08db17a2c3ae,15.02.1118.021
+2023-08-27T02:40:03.841Z,,TS-EX19-04,,,Transport Rule Agent,,AGENT,RECEIVE,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,5jxp9m4hOc6q@7UGApwbvQ.com,,410613,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,,,S:RecipientType=Bcc;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,4554d722-52f0-46e0-f4d3-08db17a2c3b1,15.02.1118.021
+2023-08-27T02:40:03.844Z,,TS-EX19-04,,,AgentDefer,,AGENT,AGENTINFO,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com;5jxp9m4hOc6q@7UGApwbvQ.com,,410613,2,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,10.0.0.254,10.1.2.24,"S:AMA=SUM|v=0|action=|error=|atch=25;S:AMA=EV|engine=M|v=0|sig=1.383.650.0|name=|file=;S:TRA=ETR|ruleId=f124891a-6a94-466a-95d6-82b59a9f5b06|st=10/9/2022 12:48:38 AM|action=BlindCopyTo|sev=1|mode=Enforce;S:TRA=ETRP|ruleId=f124891a-6a94-466a-95d6-82b59a9f5b06|st=2022-10-09T00:48:38.0000000Z|ExecW=5|ExecC=0|Actions=AER,1|Conditions=CP,M.ER,0;S:CompCost=|AMA=0;S:DeliveryPriority=Normal;S:AccountForest=contoso.com",Email,58a5ace2-f2b5-4063-6a93-08db17a2c3b2,15.02.1118.021
+2023-08-27T02:40:03.845Z,,,,TS-EX19-04,Transport Rule Agent,,AGENT,RESUBMIT,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com;5jxp9m4hOc6q@7UGApwbvQ.com,;,410613,2,,48782238547969,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,,,,,S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,706bc799-bee7-44e1-902c-08db17a2c3b2,15.02.1118.021
+2023-08-27T02:40:04.681Z,,TS-EX19-04,,,CatContentConversion,,AGENT,AGENTINFO,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com;5jxp9m4hOc6q@7UGApwbvQ.com,,410705,2,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,,Incoming,,10.0.0.254,10.1.2.24,S:AMA=SUM|action=p|error=|atch=0;S:TRA=ETRI|MsgType=Normal|Ex=|IsKnown=|FipsStatus=NoFips|AttchUns=|ceErr=|Synth=False-Na-;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,2e7f83ef-7fa6-49ae-18eb-08db17a2c432,15.02.1118.021
+2023-08-27T02:40:06.426Z,10.1.2.24,TS-EX19-04,10.1.2.24,TS-EX19-04.RES.contoso.com,;250 2.0.0 OK <1116-23956-1677379188@hz-fw-01.contoso1.com> [Hostname=TS-EX19-04.RES.contoso.com];ClientSubmitTime:,Intra-Organization SMTP Send Connector,SMTP,SEND,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,Gilbert@contoso1.com,250 2.1.5 Recipient OK,419612,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,2023-08-27T02:40:02.316Z;LSRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=3.694|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.002|QDM=0.041|SMSC=0.158(X-SMSDR=0.039)|SMS=1.536(SMSMBXD=1.458)|UNK=0.002,Incoming,,,,S:E2ELatency=4.110;S:MsgRecipCount=1;S:IncludeInSla=True;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=Opportunistic;S:IsSmtpResponseFromExternalServer=False;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,958a7ce6-0dfb-4302-62aa-08db17a2c53c,15.02.1118.021
+2023-08-27T02:40:07.103Z,10.1.2.24,TS-EX19-04,104.47.22.138,contoso1.com.mail.protection.outlook.com,";250 2.6.0 <1116-23956-1677379188@hz-fw-01.contoso1.com> [InternalId=4015794426053, Hostname=DU0PR08MB8231.eurprd08.prod.outlook.com] 418235 bytes in 0.233, 1747.513 KB/sec Queued mail for delivery;ClientSubmitTime:",Internet B1129E5 to Office 365,SMTP,SENDEXTERNAL,48782238547969,<1116-23956-1677379188@hz-fw-01.contoso1.com>,65b0ed59-64ad-42ab-ba15-08db17a2c2d1,5jxp9m4hOc6q@7UGApwbvQ.com,250 2.1.5 Recipient OK,419612,1,,,[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report,do-not-reply@fw-notify.net,do-not-reply@fw-notify.net,2023-08-27T02:40:02.316Z;SRV=TS-EX19-04.RES.contoso.com:TOTAL-FE=0.416|SMR=0.125(SMRRC=0.002|SMREH=0.001|SMRPI=0.054(SMRPI-FrontendProxyAgent=0.053))|SMS=0.289;SRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=4.371|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.001|QDE=0.610|SMSC=1.138(X-SMSDR=0.609)|SMS=0.667,Incoming,,,,S:E2ELatency=4.788;S:ExternalSendLatency=2.371;S:ToEntity=Internet;S:FromEntity=Internet;S:MsgRecipCount=1;S:IncludeInSla=True;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=CertificateValidation;S:Microsoft.Exchange.Transport.MailRecipient.EffectiveTlsAuthLevel=CertificateValidation;S:IsSmtpResponseFromExternalServer=True;S:DeliveryPriority=Normal;S:AccountForest=contoso.com,Email,c89f66d8-95d5-46a7-ba78-08db17a2c5a3,15.02.1118.021
diff --git a/Sample Data/Custom/ESI-MessageTrackingLogs.json b/Sample Data/Custom/ESI-MessageTrackingLogs.json
index 9a42169dace..520174eae78 100644
--- a/Sample Data/Custom/ESI-MessageTrackingLogs.json	
+++ b/Sample Data/Custom/ESI-MessageTrackingLogs.json	
@@ -1,6 +1,6 @@
 [
   {
-    "date-time": "2023-02-26T02:40:03.005Z",
+    "date-time": "2023-08-27T02:40:03.005Z",
     "client-ip": "",
     "client-hostname": "",
     "server-ip": "",
@@ -32,12 +32,12 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:03.008Z",
+    "date-time": "2023-08-27T02:40:03.008Z",
     "client-ip": "10.1.2.24",
     "client-hostname": "TS-EX19-04.RES.contoso.com",
     "server-ip": "10.1.2.24",
     "server-hostname": "TS-EX19-04",
-    "source-context": "08DB0F5DBC3D2C80;2023-02-26T02:40:02.669Z;0",
+    "source-context": "08DB0F5DBC3D2C80;2023-08-27T02:40:02.669Z;0",
     "connector-id": "TS-EX19-04\\Default TS-EX19-04",
     "source": "SMTP",
     "event-id": "RECEIVE",
@@ -64,7 +64,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:03.817Z",
+    "date-time": "2023-08-27T02:40:03.817Z",
     "client-ip": "",
     "client-hostname": "",
     "server-ip": "",
@@ -96,7 +96,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:03.841Z",
+    "date-time": "2023-08-27T02:40:03.841Z",
     "client-ip": "",
     "client-hostname": "TS-EX19-04",
     "server-ip": "",
@@ -128,7 +128,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:03.844Z",
+    "date-time": "2023-08-27T02:40:03.844Z",
     "client-ip": "",
     "client-hostname": "TS-EX19-04",
     "server-ip": "",
@@ -160,7 +160,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:03.845Z",
+    "date-time": "2023-08-27T02:40:03.845Z",
     "client-ip": "",
     "client-hostname": "",
     "server-ip": "",
@@ -192,7 +192,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:04.681Z",
+    "date-time": "2023-08-27T02:40:04.681Z",
     "client-ip": "",
     "client-hostname": "TS-EX19-04",
     "server-ip": "",
@@ -224,7 +224,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:06.426Z",
+    "date-time": "2023-08-27T02:40:06.426Z",
     "client-ip": "10.1.2.24",
     "client-hostname": "TS-EX19-04",
     "server-ip": "10.1.2.24",
@@ -245,7 +245,7 @@
     "message-subject": "[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report",
     "sender-address": "sanitized@sanitized.com",
     "return-path": "sanitized@sanitized.com",
-    "message-info": "2023-02-26T02:40:02.316Z;LSRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=3.694|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.002|QDM=0.041|SMSC=0.158(X-SMSDR=0.039)|SMS=1.536(SMSMBXD=1.458)|UNK=0.002",
+    "message-info": "2023-08-27T02:40:02.316Z;LSRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=3.694|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.002|QDM=0.041|SMSC=0.158(X-SMSDR=0.039)|SMS=1.536(SMSMBXD=1.458)|UNK=0.002",
     "directionality": "Incoming",
     "tenant-id": "",
     "original-client-ip": "",
@@ -256,7 +256,7 @@
     "schema-version": "15.02.1118.021"
   },
   {
-    "date-time": "2023-02-26T02:40:07.103Z",
+    "date-time": "2023-08-27T02:40:07.103Z",
     "client-ip": "10.1.2.24",
     "client-hostname": "TS-EX19-04",
     "server-ip": "104.47.22.138",
@@ -277,7 +277,7 @@
     "message-subject": "[hz-fw-01.contoso1.com][INFO-721] Weekly Executive Report",
     "sender-address": "sanitized@sanitized.com",
     "return-path": "sanitized@sanitized.com",
-    "message-info": "2023-02-26T02:40:02.316Z;SRV=TS-EX19-04.RES.contoso.com:TOTAL-FE=0.416|SMR=0.125(SMRRC=0.002|SMREH=0.001|SMRPI=0.054(SMRPI-FrontendProxyAgent=0.053))|SMS=0.289;SRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=4.371|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.001|QDE=0.610|SMSC=1.138(X-SMSDR=0.609)|SMS=0.667",
+    "message-info": "2023-08-27T02:40:02.316Z;SRV=TS-EX19-04.RES.contoso.com:TOTAL-FE=0.416|SMR=0.125(SMRRC=0.002|SMREH=0.001|SMRPI=0.054(SMRPI-FrontendProxyAgent=0.053))|SMS=0.289;SRV=TS-EX19-04.RES.contoso.com:TOTAL-HUB=4.371|SMR=0.275(SMRDE=0.121|SMRC=0.152(SMRCL=0.136|X-SMRCR=0.150))|UNK=0.014|PSC=0.006|UNK=0.003|CAT=0.812(CATMS=0.043|CATOS=0.668(CATSM=0.666(CATSM-Interceptor Routing Agent=0.003|CATSM-Malware Agent=0.637|CATSM-Text Messaging Routing Agent=0.003|CATSM-RMS Encryption Agent=0.014|CATSM-Journal Agent=0.006))|CATRESL=0.079|CATORES-INC=0.016(CATRS=0.016(CATRS-Transport Rule Agent=0.015(X-ETRLD=0.002|X-ETREX=0.008))))|UNK=0.002|CAT=0.838(CATRESL=0.004|CATORES=0.012(CATRS-INC=0.012(CATRS-Transport Rule Agent=0.008(X-ETREX=0.008)|CATRS-DLP Policy Agent-INC=0.003))|CATRS-Retention Policy Agent=0.003|CATRS-Supervisory Review Agent=0.002|CATRS-Index Routing Agent=0.447|CATROUT=0.001|CATORT=0.347(CATRT=0.347(CATRT-RMS Encryption Agent=0.011|CATRT-Journal Agent=0.334))|CATFIN=0.003(OMDSN=0.001))|UNK=0.001|QDE=0.610|SMSC=1.138(X-SMSDR=0.609)|SMS=0.667",
     "directionality": "Incoming",
     "tenant-id": "",
     "original-client-ip": "",
diff --git a/Sample Data/MailGuard365_Threats_CL.csv b/Sample Data/MailGuard365_Threats_CL.csv
new file mode 100644
index 00000000000..ff02dee2c3f
--- /dev/null
+++ b/Sample Data/MailGuard365_Threats_CL.csv	
@@ -0,0 +1,160 @@
+TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"MessageId_s","HeaderMessageId_s","UserId_g","CustomerTenantId_g","Score_d","Virus_b",Category,"Attachments_s","Sender_Email_s","Sender_Domain_s","Recipients_s","ReceivedHeaders_s","SenderHeader_s","ToHeader_s","CcHeader_s","Subject_s","OriginCountry_s","MessageDate_t [UTC]","MessageSize_d","Action_s","ReceivedDateTime_d","ForefrontAntiSpam_s","MicrosoftAntiSpam_s","IsInWhiteList_b","IsInBlackList_b","Email_s","HasAttachment_b","HasImage_b",Type,"_ResourceId","MailMessage_0_NetworkMessageId","MailMessage_0_Recipient"
+"e51bd602-0194-11ee-be56-0242ac120002",RestAPI,,,"5/30/2023, 2:30:00.000 PM",,,"c17d72c2-0195-11ee-be56-0242ac120002","<f81fe5f8787371d246fc46de9@bad-domain.com>","1bff3a60-0195-11ee-be56-0242ac120002","21979fe4-0195-11ee-be56-0242ac120002","30.1",false,Phishing,"[]","bounce@bad-domain.com","bad-domain.com","[
+  {
+    ""Email"": ""usera@mailguard.com.au"",
+    ""Domain"": ""mailguard.com.au""
+  }
+]","[
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:59 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:59"",
+    ""DnsHost"": null,
+    ""Helo"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:1111:111:111::11"",
+    ""Mta"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:59+00:00""
+  },
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:56 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:56"",
+    ""DnsHost"": null,
+    ""Helo"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:10c6:10:5::31"",
+    ""Mta"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:56+00:00""
+  }
+]","Admin-Reset <info@bad-domain.com>","<usera@mailguard.com.au>",,"Forgot your password",US,"5/30/2023, 2:29:59.000 PM",86592,Moved,1685457000,"CIP:198.11.111.111;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:bad-domain.com;PTR:bad-domain.com;CAT:NONE;SFS:(13230028)(966005)(26005)(559001)(579004);DIR:INB;","BCL:5;",false,false,"usera@mailguard.com.au",false,false,"MailGuard365_Threats_CL",,"74971cc8-0196-11ee-be56-0242ac120002","usera@mailguard.com.au"
+"e51bd602-0194-11ee-be56-0242ac120002",RestAPI,,,"5/30/2023, 2:30:00.000 PM",,,"c17d72c2-0195-11ee-be56-0242ac120002","<f81fe5f8787371d246fc46de9@bad-domain.com>","1bff3a60-0195-11ee-be56-0242ac120002","21979fe4-0195-11ee-be56-0242ac120002","20.1",false,"Malicious Attachment","[
+  {
+    ""FileName"": ""VoiceMail.html"",
+    ""FileType"": ""html"",
+    ""FileSize"": 3265,
+    ""ProcessedDate"": 0
+  }
+]","bounce@bad-domain.com","bad-domain.com","[
+  {
+    ""Email"": ""usera@mailguard.com.au"",
+    ""Domain"": ""mailguard.com.au""
+  }
+]","[
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:59 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:59"",
+    ""DnsHost"": null,
+    ""Helo"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:1111:111:111::11"",
+    ""Mta"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:59+00:00""
+  },
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:56 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:56"",
+    ""DnsHost"": null,
+    ""Helo"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:10c6:10:5::31"",
+    ""Mta"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:56+00:00""
+  }
+]","VoiceMail <info@bad-domain.com>","<usera@mailguard.com.au>",,"You have a new voicemail",US,"5/30/2023, 2:29:59.000 PM",86592,Moved,1685457000,"CIP:198.11.111.111;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:bad-domain.com;PTR:bad-domain.com;CAT:NONE;SFS:(13230028)(966005)(26005)(559001)(579004);DIR:INB;","BCL:5;",false,false,"usera@mailguard.com.au",false,false,"MailGuard365_Threats_CL",,"74971cc8-0196-11ee-be56-0242ac120002","usera@mailguard.com.au"
+"e51bd602-0194-11ee-be56-0242ac120002",RestAPI,,,"5/30/2023, 2:30:00.000 PM",,,"c17d72c2-0195-11ee-be56-0242ac120002","<f81fe5f8787371d246fc46de9@bad-domain.com>","1bff3a60-0195-11ee-be56-0242ac120002","21979fe4-0195-11ee-be56-0242ac120002","22.4",false,"Malicious Attachment","[
+  {
+    ""FileName"": ""Invoice#2345.html"",
+    ""FileType"": ""html"",
+    ""FileSize"": 3265,
+    ""ProcessedDate"": 0
+  }
+]","bounce@bad-domain.com","bad-domain.com","[
+  {
+    ""Email"": ""usera@mailguard.com.au"",
+    ""Domain"": ""mailguard.com.au""
+  }
+]","[
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:59 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:59"",
+    ""DnsHost"": null,
+    ""Helo"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:1111:111:111::11"",
+    ""Mta"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:59+00:00""
+  },
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:56 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:56"",
+    ""DnsHost"": null,
+    ""Helo"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:10c6:10:5::31"",
+    ""Mta"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:56+00:00""
+  }
+]","Invoice Mailer <info@bad-domain.com>","<usera@mailguard.com.au>",,"Pay your Invoice",US,"5/30/2023, 2:29:59.000 PM",86592,Moved,1685457000,"CIP:198.11.111.111;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:bad-domain.com;PTR:bad-domain.com;CAT:NONE;SFS:(13230028)(966005)(26005)(559001)(579004);DIR:INB;","BCL:5;",false,false,"usera@mailguard.com.au",false,false,"MailGuard365_Threats_CL",,"74971cc8-0196-11ee-be56-0242ac120002","usera@mailguard.com.au"
+"e51bd602-0194-11ee-be56-0242ac120002",RestAPI,,,"5/30/2023, 2:30:00.000 PM",,,"c17d72c2-0195-11ee-be56-0242ac120002","<f81fe5f8787371d246fc46de9@bad-domain.com>","1bff3a60-0195-11ee-be56-0242ac120002","21979fe4-0195-11ee-be56-0242ac120002","34.2",false,Phishing,"[]","bounce@bad-domain.com","bad-domain.com","[
+  {
+    ""Email"": ""usera@mailguard.com.au"",
+    ""Domain"": ""mailguard.com.au""
+  }
+]","[
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:59 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:59"",
+    ""DnsHost"": null,
+    ""Helo"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:1111:111:111::11"",
+    ""Mta"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:59+00:00""
+  },
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:56 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:56"",
+    ""DnsHost"": null,
+    ""Helo"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:10c6:10:5::31"",
+    ""Mta"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:56+00:00""
+  }
+]","Admin <info@bad-domain.com>","<usera@mailguard.com.au>",,"Reset your password",US,"5/30/2023, 2:29:59.000 PM",86592,Moved,1685457000,"CIP:198.11.111.111;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:bad-domain.com;PTR:bad-domain.com;CAT:NONE;SFS:(13230028)(966005)(26005)(559001)(579004);DIR:INB;","BCL:5;",false,false,"usera@mailguard.com.au",false,false,"MailGuard365_Threats_CL",,"74971cc8-0196-11ee-be56-0242ac120002","usera@mailguard.com.au"
+"e51bd602-0194-11ee-be56-0242ac120002",RestAPI,,,"5/30/2023, 2:30:00.000 PM",,,"c17d72c2-0195-11ee-be56-0242ac120002","<f81fe5f8787371d246fc46de9@bad-domain.com>","1bff3a60-0195-11ee-be56-0242ac120002","21979fe4-0195-11ee-be56-0242ac120002","10.1",false,Spam,"[]","bounce@bad-domain.com","bad-domain.com","[
+  {
+    ""Email"": ""usera@mailguard.com.au"",
+    ""Domain"": ""mailguard.com.au""
+  }
+]","[
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:59 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:59"",
+    ""DnsHost"": null,
+    ""Helo"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:1111:111:111::11"",
+    ""Mta"": ""ME3PR0QBE0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:59+00:00""
+  },
+  {
+    ""Time"": ""Tue, 30 May 2023 14:29:56 +0000"",
+    ""TimeUtc"": ""2023-05-30 14:29:56"",
+    ""DnsHost"": null,
+    ""Helo"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""Host"": null,
+    ""Ip"": ""2603:10c6:10:5::31"",
+    ""Mta"": ""SYBPR0HGF0000.ausprd01.prod.outlook.com"",
+    ""GeoIp"": null,
+    ""ReceivedDateTime"": ""2023-05-30T14:29:56+00:00""
+  }
+]","Insurance <info@bad-domain.com>","<usera@mailguard.com.au>",,"Your options",US,"5/30/2023, 2:29:59.000 PM",86592,Moved,1685457000,"CIP:198.11.111.111;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:bad-domain.com;PTR:bad-domain.com;CAT:NONE;SFS:(13230028)(966005)(26005)(559001)(579004);DIR:INB;","BCL:5;",false,false,"usera@mailguard.com.au",false,false,"MailGuard365_Threats_CL",,"74971cc8-0196-11ee-be56-0242ac120002","usera@mailguard.com.au"
\ No newline at end of file
diff --git a/Solutions/Azure Active Directory/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml b/Solutions/Azure Active Directory/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml
index 7e9ba0f2dc3..c6c923a9161 100644
--- a/Solutions/Azure Active Directory/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml	
+++ b/Solutions/Azure Active Directory/Analytic Rules/MFASpammingfollowedbySuccessfullogin.yaml	
@@ -1,9 +1,9 @@
 id: a8cc6d5c-4e7e-4b48-b4ac-d8a116c62a8b
 name: MFA Spamming followed by Successful login
 description: |
-  'Identifies MFA Spamming followed by Successful logins and by a successful authentication within a given time window, 
+  'Identifies MFA Spamming followed by Successful logins and by a successful authentication within a given time window,
   Default Failure count is 10 and 1 successful login with default Time Window is 5 minutes.'
-severity: high
+severity: High
 requiredDataConnectors:
   - connectorId: AzureActiveDirectory
     dataTypes:
@@ -55,5 +55,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPAddress
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml
new file mode 100644
index 00000000000..d60c63c3b9a
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Analytic Rules/Data_Alert.yaml	
@@ -0,0 +1,31 @@
+id: 1d2c3da7-60ec-40be-9c14-bade6eaf3c49
+name: Data Alert
+description: |
+  'This query identifies clients or servers whose data has been compromised.'
+severity: Medium
+status: Available
+requiredDataConnectors: []
+queryFrequency: 5m
+queryPeriod: 5m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - Impact
+
+relevantTechniques:
+  - T1578
+  - T1531
+tags:
+  - Commvault
+  - Metallic
+  - Threat Intelligence
+  - Ransomware
+query: |
+    SecurityIncident
+    | where Title has "Cvlt Alert" and Description has "Client" and Description has "Compromised" and Status has "New"
+    | extend extracted_word = extract("Client\\s(.*?)\\sCompromised", 1, Description)
+    | project TimeGenerated, Title, Description, Status
+entityMappings: null
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml
new file mode 100644
index 00000000000..9731f6f85ae
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Analytic Rules/IDP_Alert.yaml	
@@ -0,0 +1,28 @@
+id: c982bcc1-ef73-485b-80d5-2a637ce4ab2b
+name: IDP Alert
+description: |
+  'This query identifies indications of a potential security breach or unauthorized access to the systems and data of the Identity Provider.'
+severity: Medium
+status: Available
+requiredDataConnectors: []
+queryFrequency: 5m
+queryPeriod: 5m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - Impact
+relevantTechniques:
+  - T1578
+  - T1531
+tags:
+  - Commvault
+  - Metallic
+  - Threat Intelligence
+  - Ransomware
+query: |
+    SecurityIncident
+    | where Title has "Cvlt Alert" and Description == "IDP Compromised" and Status has "New"
+entityMappings: null
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml
new file mode 100644
index 00000000000..0b360719c7a
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Analytic Rules/User_Alert.yaml	
@@ -0,0 +1,30 @@
+id: 29e0767c-80ac-4689-9a2e-b25b9fc88fce
+name: User Alert
+description: |
+  'This query identifies users whose user account or credentials have been compromised.'
+severity: Medium
+status: Available
+requiredDataConnectors: []
+queryFrequency: 5m
+queryPeriod: 5m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - Impact
+relevantTechniques:
+  - T1578
+  - T1531
+tags:
+  - Commvault
+  - Metallic
+  - Threat Intelligence
+  - Ransomware
+query: |
+    SecurityIncident
+    | where Title has "Cvlt Alert" and Description has "User" and Description has "Compromised" and Status has "New"
+    | extend extracted_word = extract("User\\s(.*?)\\sCompromised", 1, Description)
+    | project TimeGenerated, Title, Description, Status
+entityMappings: null
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json b/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json
new file mode 100644
index 00000000000..ec10f6d5109
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Data/Solution_Commvault Security IQ.json	
@@ -0,0 +1,19 @@
+{
+  "Name": "Commvault Security IQ",
+  "Author": "svc.cv-securityiq@commvault.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Commvault-Logo.svg\" width=\"75px\"height=\"75px\">",
+  "Description": "This Microsoft Sentinel integration enables Commvault users to ingest alerts and other data into their Microsoft Sentinel instance. With Analytic Rules, Microsoft Sentinel can automatically create Microsoft Sentinel incidents",
+  "Analytic Rules": [
+	  "Analytic Rules/Data_Alert.yaml",
+	  "Analytic Rules/IDP_Alert.yaml",
+	  "Analytic Rules/User_Alert.yaml"
+  ],
+  "Playbooks": [
+        "Playbooks/CommvaultLogicApp/azuredeploy.json"
+    ],
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Commvault Security IQ",
+  "Version": "3.0.0",
+  "TemplateSpec": true,
+	"Is1Pconnector": false
+}
\ No newline at end of file
diff --git a/Solutions/Commvault Security IQ/Package/3.0.0.zip b/Solutions/Commvault Security IQ/Package/3.0.0.zip
new file mode 100644
index 00000000000..a05bf905d71
Binary files /dev/null and b/Solutions/Commvault Security IQ/Package/3.0.0.zip differ
diff --git a/Solutions/Commvault Security IQ/Package/createUiDefinition.json b/Solutions/Commvault Security IQ/Package/createUiDefinition.json
new file mode 100644
index 00000000000..b535b6301ee
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Package/createUiDefinition.json	
@@ -0,0 +1,159 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Commvault-Logo.svg\" width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThis Microsoft Sentinel integration enables Commvault users to ingest alerts and other data into their Microsoft Sentinel instance. With Analytic Rules, Microsoft Sentinel can automatically create Microsoft Sentinel incidents\n\n**Analytic Rules:** 3, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "analytics",
+        "label": "Analytics",
+        "subLabel": {
+          "preValidation": "Configure the analytics",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Analytics",
+        "elements": [
+          {
+            "name": "analytics-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
+            }
+          },
+          {
+            "name": "analytics-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          },
+          {
+            "name": "analytic1",
+            "type": "Microsoft.Common.Section",
+            "label": "Data Alert",
+            "elements": [
+              {
+                "name": "analytic1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "This query identifies clients or servers whose data has been compromised."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic2",
+            "type": "Microsoft.Common.Section",
+            "label": "IDP Alert",
+            "elements": [
+              {
+                "name": "analytic2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "This query identifies indications of a potential security breach or unauthorized access to the systems and data of the Identity Provider."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic3",
+            "type": "Microsoft.Common.Section",
+            "label": "User Alert",
+            "elements": [
+              {
+                "name": "analytic3-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "This query identifies users whose user account or credentials have been compromised."
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
diff --git a/Solutions/Commvault Security IQ/Package/mainTemplate.json b/Solutions/Commvault Security IQ/Package/mainTemplate.json
new file mode 100644
index 00000000000..853fd63499b
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Package/mainTemplate.json	
@@ -0,0 +1,874 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "svc.cv-securityiq@commvault.com",
+    "comments": "Solution template for Commvault Security IQ"
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+      }
+    },
+    "workspace-location": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+      }
+    },
+    "workspace": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    }
+  },
+  "variables": {
+    "_solutionName": "Commvault Security IQ",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "commvaultsecurityiq.azure-sentinel-solution-commvaultsecurityiq",
+    "_solutionId": "[variables('solutionId')]",
+    "analyticRuleVersion1": "1.0.0",
+    "analyticRulecontentId1": "1d2c3da7-60ec-40be-9c14-bade6eaf3c49",
+    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
+    "TemplateEmptyArray": "[json('[]')]",
+    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "analyticRuleVersion2": "1.0.0",
+    "analyticRulecontentId2": "c982bcc1-ef73-485b-80d5-2a637ce4ab2b",
+    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
+    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
+    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
+    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
+    "analyticRuleVersion3": "1.0.0",
+    "analyticRulecontentId3": "29e0767c-80ac-4689-9a2e-b25b9fc88fce",
+    "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
+    "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
+    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
+    "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
+    "CommvaultLogicApp": "CommvaultLogicApp",
+    "_CommvaultLogicApp": "[variables('CommvaultLogicApp')]",
+    "playbookVersion1": "1.0",
+    "playbookContentId1": "CommvaultLogicApp",
+    "_playbookContentId1": "[variables('playbookContentId1')]",
+    "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
+    "blanks": "[replace('b', 'b', '')]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Data_Alert_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "This query identifies clients or servers whose data has been compromised.",
+                "displayName": "Data Alert",
+                "enabled": false,
+                "query": "SecurityIncident\n| where Title has \"Cvlt Alert\" and Description has \"Client\" and Description has \"Compromised\" and Status has \"New\"\n| extend extracted_word = extract(\"Client\\\\s(.*?)\\\\sCompromised\", 1, Description)\n| project TimeGenerated, Title, Description, Status\n",
+                "queryFrequency": "PT5M",
+                "queryPeriod": "PT5M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
+                "tactics": [
+                  "DefenseEvasion",
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1578",
+                  "T1531"
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "properties": {
+                "description": "Commvault Security IQ Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Commvault Security IQ",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "svc.cv-securityiq@commvault.com"
+                },
+                "support": {
+                  "tier": "Partner",
+                  "name": "Commvault",
+                  "email": "support@commvault.com",
+                  "link": "https://www.commvault.com/support"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Data Alert",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "IDP_Alert_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId2')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "This query identifies indications of a potential security breach or unauthorized access to the systems and data of the Identity Provider.",
+                "displayName": "IDP Alert",
+                "enabled": false,
+                "query": "SecurityIncident\n| where Title has \"Cvlt Alert\" and Description == \"IDP Compromised\" and Status has \"New\"\n",
+                "queryFrequency": "PT5M",
+                "queryPeriod": "PT5M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
+                "tactics": [
+                  "DefenseEvasion",
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1578",
+                  "T1531"
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
+              "properties": {
+                "description": "Commvault Security IQ Analytics Rule 2",
+                "parentId": "[variables('analyticRuleId2')]",
+                "contentId": "[variables('_analyticRulecontentId2')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Commvault Security IQ",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "svc.cv-securityiq@commvault.com"
+                },
+                "support": {
+                  "tier": "Partner",
+                  "name": "Commvault",
+                  "email": "support@commvault.com",
+                  "link": "https://www.commvault.com/support"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "IDP Alert",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "User_Alert_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion3')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId3')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "This query identifies users whose user account or credentials have been compromised.",
+                "displayName": "User Alert",
+                "enabled": false,
+                "query": "SecurityIncident\n| where Title has \"Cvlt Alert\" and Description has \"User\" and Description has \"Compromised\" and Status has \"New\"\n| extend extracted_word = extract(\"User\\\\s(.*?)\\\\sCompromised\", 1, Description)\n| project TimeGenerated, Title, Description, Status\n",
+                "queryFrequency": "PT5M",
+                "queryPeriod": "PT5M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
+                "tactics": [
+                  "DefenseEvasion",
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1578",
+                  "T1531"
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
+              "properties": {
+                "description": "Commvault Security IQ Analytics Rule 3",
+                "parentId": "[variables('analyticRuleId3')]",
+                "contentId": "[variables('_analyticRulecontentId3')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Commvault Security IQ",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "svc.cv-securityiq@commvault.com"
+                },
+                "support": {
+                  "tier": "Partner",
+                  "name": "Commvault",
+                  "email": "support@commvault.com",
+                  "link": "https://www.commvault.com/support"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId3')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "User Alert",
+        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
+        "id": "[variables('_analyticRulecontentProductId3')]",
+        "version": "[variables('analyticRuleVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Commvault-Logic-App10 Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion1')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Commvault-Logic-App10",
+              "type": "string"
+            },
+            "Automation-Account": {
+              "defaultValue": "Commvault-Automation-Account",
+              "type": "string"
+            },
+            "keyvaultName": {
+              "type": "string"
+            }
+          },
+          "variables": {
+            "location": "[parameters('workspace-location')]",
+            "subscriptionId": "[[subscription().subscriptionId]",
+            "tenantId": "[[subscription().tenantId]",
+            "keyvaultApiId": "[[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
+            "AzureautomationConnectionName": "[[concat('Azureautomation-', parameters('PlaybookName'))]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "KeyvaultConnectionName": "[[concat('Keyvault-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureautomation')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "connection-4": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Keyvault')]",
+            "_connection-4": "[[variables('connection-4')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Access_Token": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['keyvault']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/secrets/@{encodeURIComponent('access-token')}/value"
+                      }
+                    },
+                    "Disable_Data_Aging": {
+                      "actions": {
+                        "Disable_Data_Aging_Job": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "properties": {
+                                "parameters": {
+                                  "ClientName": "@triggerBody()?['object']?['properties']?['description']",
+                                  "EnvironmentEndpointURL": "@body('Environment_Endpoint_URL')?['value']",
+                                  "apiAccessToken": "@body('Access_Token')?['value']"
+                                }
+                              }
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azureautomation']['connectionId']"
+                              }
+                            },
+                            "method": "put",
+                            "path": "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs",
+                            "queries": {
+                              "runbookName": "Commvault_Disable_Data_Aging",
+                              "wait": true,
+                              "x-ms-api-version": "2015-10-31"
+                            }
+                          }
+                        },
+                        "Disable_Data_Aging_Job_Output": {
+                          "runAfter": {
+                            "Disable_Data_Aging_Job": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azureautomation']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs/@{encodeURIComponent(body('Disable_Data_Aging_Job')?['properties']?['jobId'])}/output",
+                            "queries": {
+                              "x-ms-api-version": "2015-10-31"
+                            }
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Environment_Endpoint_URL": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "startsWith": [
+                              "@triggerBody()?['object']?['properties']?['description']",
+                              "Data"
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "Disable_IDP": {
+                      "actions": {
+                        "Disable_IDP_Job": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "properties": {
+                                "parameters": {
+                                  "EnvironmentEndpointURL": "@body('Environment_Endpoint_URL')?['value']",
+                                  "apiAccessToken": "@body('Access_Token')?['value']"
+                                }
+                              }
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azureautomation']['connectionId']"
+                              }
+                            },
+                            "method": "put",
+                            "path": "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs",
+                            "queries": {
+                              "runbookName": "Commvault_Disable_IDP",
+                              "wait": true,
+                              "x-ms-api-version": "2015-10-31"
+                            }
+                          }
+                        },
+                        "Disable_IDP_Job_Output": {
+                          "runAfter": {
+                            "Disable_IDP_Job": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azureautomation']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs/@{encodeURIComponent(body('Disable_IDP_Job')?['properties']?['jobId'])}/output",
+                            "queries": {
+                              "x-ms-api-version": "2015-10-31"
+                            }
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Environment_Endpoint_URL": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "startsWith": [
+                              "@triggerBody()?['object']?['properties']?['description']",
+                              "IDP"
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "Disable_User": {
+                      "actions": {
+                        "Disable_User_Job": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "properties": {
+                                "parameters": {
+                                  "EnvironmentEndpointURL": "@body('Environment_Endpoint_URL')?['value']",
+                                  "UserIdentity": "@triggerBody()?['object']?['properties']?['description']",
+                                  "apiAccessToken": "@body('Access_Token')?['value']"
+                                }
+                              }
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azureautomation']['connectionId']"
+                              }
+                            },
+                            "method": "put",
+                            "path": "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs",
+                            "queries": {
+                              "runbookName": "Commvault_Disable_User",
+                              "wait": true,
+                              "x-ms-api-version": "2015-10-31"
+                            }
+                          }
+                        },
+                        "Disable_User_Job_Output": {
+                          "runAfter": {
+                            "Disable_User_Job": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azureautomation']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs/@{encodeURIComponent(body('Disable_User_Job')?['properties']?['jobId'])}/output",
+                            "queries": {
+                              "x-ms-api-version": "2015-10-31"
+                            }
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Environment_Endpoint_URL": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "startsWith": [
+                              "@triggerBody()?['object']?['properties']?['description']",
+                              "User"
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "Environment_Endpoint_URL": {
+                      "runAfter": {
+                        "Access_Token": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['keyvault']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/secrets/@{encodeURIComponent('environment-endpoint-url')}/value"
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azureautomation": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureautomationConnectionName'))]",
+                        "connectionName": "[[variables('AzureautomationConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azureautomation')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "keyvault": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
+                        "connectionName": "[[variables('KeyvaultConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Keyvault')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Commvault-Logic-App1",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureautomationConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureautomationConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureautomationConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('KeyvaultConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('KeyvaultConnectionName')]",
+                "parameterValueType": "Alternative",
+                "alternativeParameterValues": {
+                  "token:TenantId": "[[variables('tenantId')]",
+                  "token:grantType": "code",
+                  "vaultName": "[[parameters('keyvaultName')]"
+                },
+                "api": {
+                  "id": "[[variables('_connection-4')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId1')]",
+                "contentId": "[variables('_playbookContentId1')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Commvault Security IQ",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "svc.cv-securityiq@commvault.com"
+                },
+                "support": {
+                  "tier": "Partner",
+                  "name": "Commvault",
+                  "email": "support@commvault.com",
+                  "link": "https://www.commvault.com/support"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Commvault Logic App Playbook",
+            "description": "This Logic App executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve various credentials, it executes a specific runbook depending on the use case.",
+            "prerequisites": [
+              "1. Administrative access to your Commvault/Metallic environment.",
+              "2. Administrative access to your Azure Resource Group and Subscription.",
+              "3. An Azure Sentinel instance in the aforementioned Azure Resource Group.",
+              "4. A Keyvault and an Automation Account configured as mentioned in the documentation here :- (https://github.com/Cv-securityIQ/Azure-Integration/blob/Commvault/Solutions/Commvault%20Security%20IQ/README.md)"
+            ],
+            "postDeployment": [
+              "1. Steps to follow the instructions are mentioned here :- (https://github.com/Cv-securityIQ/Azure-Integration/blob/Commvault/Solutions/Commvault%20Security%20IQ/README.md)",
+              "2. Give the required permissions to the logic app to get the secrets from the keyvault.",
+              "3. Setup the Managed Identity"
+            ],
+            "lastUpdateTime": "2023-08-24T00:00:00Z",
+            "tags": [
+              "Commvault",
+              "Metallic",
+              "Threat Intelligence",
+              "Ransomware",
+              "Security - Automation (SOAR)"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId1')]",
+        "contentKind": "Playbook",
+        "displayName": "Commvault-Logic-App10",
+        "contentProductId": "[variables('_playbookcontentProductId1')]",
+        "id": "[variables('_playbookcontentProductId1')]",
+        "version": "[variables('playbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.0",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Commvault Security IQ",
+        "publisherDisplayName": "Commvault",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>This Microsoft Sentinel integration enables Commvault users to ingest alerts and other data into their Microsoft Sentinel instance. With Analytic Rules, Microsoft Sentinel can automatically create Microsoft Sentinel incidents</p>\n<p><strong>Analytic Rules:</strong> 3, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Commvault-Logo.svg\" width=\"75px\"height=\"75px\">",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Commvault Security IQ",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "svc.cv-securityiq@commvault.com"
+        },
+        "support": {
+          "name": "Commvault",
+          "email": "support@commvault.com",
+          "tier": "Partner",
+          "link": "https://www.commvault.com/support"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId1')]",
+              "version": "[variables('analyticRuleVersion1')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId2')]",
+              "version": "[variables('analyticRuleVersion2')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId3')]",
+              "version": "[variables('analyticRuleVersion3')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_CommvaultLogicApp')]",
+              "version": "[variables('playbookVersion1')]"
+            }
+          ]
+        },
+        "firstPublishDate": "2023-08-17",
+        "providers": [
+          "Commvault"
+        ],
+        "categories": {
+          "domains": [
+            "Security - Automation (SOAR)"
+          ]
+        }
+      },
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
+    }
+  ],
+  "outputs": {}
+}
diff --git a/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app1.png b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app1.png
new file mode 100644
index 00000000000..0aaa7d968cf
Binary files /dev/null and b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app1.png differ
diff --git a/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app2.png b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app2.png
new file mode 100644
index 00000000000..b834e1140bd
Binary files /dev/null and b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app2.png differ
diff --git a/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app3.png b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app3.png
new file mode 100644
index 00000000000..e8b19100bfc
Binary files /dev/null and b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app3.png differ
diff --git a/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app4.png b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app4.png
new file mode 100644
index 00000000000..bcd081ad2c7
Binary files /dev/null and b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/Images/Playbook_commvault_logic_app4.png differ
diff --git a/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/azuredeploy.json b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/azuredeploy.json
new file mode 100644
index 00000000000..2f2976753a8
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/azuredeploy.json	
@@ -0,0 +1,428 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Commvault Logic App Playbook",
+        "description":  "This Logic App executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve various credentials, it executes a specific runbook depending on the use case.",
+        "prerequisites":  ["1. Administrative access to your Commvault/Metallic environment.",
+        "2. Administrative access to your Azure Resource Group and Subscription.",
+        "3. An Azure Sentinel instance in the aforementioned Azure Resource Group.",
+        "4. A Keyvault and an Automation Account configured as mentioned in the documentation here :- (https://github.com/Cv-securityIQ/Azure-Integration/blob/Commvault/Solutions/Commvault%20Security%20IQ/README.md)"],
+        "postDeployment":  ["1. Steps to follow the instructions are mentioned here :- (https://github.com/Cv-securityIQ/Azure-Integration/blob/Commvault/Solutions/Commvault%20Security%20IQ/README.md)",
+        "2. Give the required permissions to the logic app to get the secrets from the keyvault.",
+        "3. Setup the Managed Identity"        
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-24T00:00:00.000Z",
+        "entities":  [],
+        "tags":  [ "Commvault", "Metallic", "Threat Intelligence", "Ransomware", "Security - Automation (SOAR)"
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "microsoft"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Commvault-Logic-App10",
+            "type":  "string"
+        },
+        "Automation-Account": {
+			"defaultValue": "Commvault-Automation-Account",
+			"type": "string"
+		},
+        "keyvaultName": {
+            "type": "string"
+        }
+    },
+    "variables":  {
+        "location": "[resourceGroup().location]",
+        "subscriptionId": "[subscription().subscriptionId]",
+        "tenantId": "[subscription().tenantId]",
+        "keyvaultApiId": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
+        "AzureautomationConnectionName":  "[concat('Azureautomation-', parameters('PlaybookName'))]",
+        "MicrosoftSentinelConnectionName":  "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+        "KeyvaultConnectionName":  "[concat('Keyvault-', parameters('PlaybookName'))]"
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Enabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "$connections":  {
+                            "defaultValue":  {
+                            },
+                            "type":  "Object"
+                        }
+                    },
+                    "triggers":  {
+                        "Microsoft_Sentinel_incident":  {
+                            "type":  "ApiConnectionWebhook",
+                            "inputs":  {
+                                "body":  {
+                                    "callback_url":  "@{listCallbackUrl()}"
+                                },
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                },
+                                "path":  "/incident-creation"
+                            }
+                        }
+                    },
+                    "actions":  {
+                        "Access_Token":  {
+                            "runAfter":  {
+                            },
+                            "type":  "ApiConnection",
+                            "inputs":  {
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['keyvault']['connectionId']"
+                                    }
+                                },
+                                "method":  "get",
+                                "path":  "/secrets/@{encodeURIComponent('access-token')}/value"
+                            }
+                        },
+                        "Disable_Data_Aging":  {
+                            "actions":  {
+                                "Disable_Data_Aging_Job":  {
+                                    "runAfter":  {
+                                    },
+                                    "type":  "ApiConnection",
+                                    "inputs":  {
+                                        "body":  {
+                                            "properties":  {
+                                                "parameters":  {
+                                                    "ClientName":  "@triggerBody()?['object']?['properties']?['description']",
+                                                    "EnvironmentEndpointURL":  "@body('Environment_Endpoint_URL')?['value']",
+                                                    "apiAccessToken":  "@body('Access_Token')?['value']"
+                                                }
+                                            }
+                                        },
+                                        "host":  {
+                                            "connection":  {
+                                                "name":  "@parameters('$connections')['azureautomation']['connectionId']"
+                                            }
+                                        },
+                                        "method":  "put",
+                                        "path":  "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs",
+                                        "queries":  {
+                                            "runbookName":  "Commvault_Disable_Data_Aging",
+                                            "wait":  true,
+                                            "x-ms-api-version":  "2015-10-31"
+                                        }
+                                    }
+                                },
+                                "Disable_Data_Aging_Job_Output":  {
+                                    "runAfter":  {
+                                        "Disable_Data_Aging_Job":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "ApiConnection",
+                                    "inputs":  {
+                                        "host":  {
+                                            "connection":  {
+                                                "name":  "@parameters('$connections')['azureautomation']['connectionId']"
+                                            }
+                                        },
+                                        "method":  "get",
+                                        "path":  "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs/@{encodeURIComponent(body('Disable_Data_Aging_Job')?['properties']?['jobId'])}/output",
+                                        "queries":  {
+                                            "x-ms-api-version":  "2015-10-31"
+                                        }
+                                    }
+                                }
+                            },
+                            "runAfter":  {
+                                "Environment_Endpoint_URL":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "expression":  {
+                                "and":  [
+                                    {
+                                        "startsWith":  [
+                                            "@triggerBody()?['object']?['properties']?['description']",
+                                            "Data"
+                                        ]
+                                    }
+                                ]
+                            },
+                            "type":  "If"
+                        },
+                        "Disable_IDP":  {
+                            "actions":  {
+                                "Disable_IDP_Job":  {
+                                    "runAfter":  {
+                                    },
+                                    "type":  "ApiConnection",
+                                    "inputs":  {
+                                        "body":  {
+                                            "properties":  {
+                                                "parameters":  {
+                                                    "EnvironmentEndpointURL":  "@body('Environment_Endpoint_URL')?['value']",
+                                                    "apiAccessToken":  "@body('Access_Token')?['value']"
+                                                }
+                                            }
+                                        },
+                                        "host":  {
+                                            "connection":  {
+                                                "name":  "@parameters('$connections')['azureautomation']['connectionId']"
+                                            }
+                                        },
+                                        "method":  "put",
+                                        "path":  "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs",
+                                        "queries":  {
+                                            "runbookName":  "Commvault_Disable_IDP",
+                                            "wait":  true,
+                                            "x-ms-api-version":  "2015-10-31"
+                                        }
+                                    }
+                                },
+                                "Disable_IDP_Job_Output":  {
+                                    "runAfter":  {
+                                        "Disable_IDP_Job":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "ApiConnection",
+                                    "inputs":  {
+                                        "host":  {
+                                            "connection":  {
+                                                "name":  "@parameters('$connections')['azureautomation']['connectionId']"
+                                            }
+                                        },
+                                        "method":  "get",
+                                        "path":  "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs/@{encodeURIComponent(body('Disable_IDP_Job')?['properties']?['jobId'])}/output",
+                                        "queries":  {
+                                            "x-ms-api-version":  "2015-10-31"
+                                        }
+                                    }
+                                }
+                            },
+                            "runAfter":  {
+                                "Environment_Endpoint_URL":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "expression":  {
+                                "and":  [
+                                    {
+                                        "startsWith":  [
+                                            "@triggerBody()?['object']?['properties']?['description']",
+                                            "IDP"
+                                        ]
+                                    }
+                                ]
+                            },
+                            "type":  "If"
+                        },
+                        "Disable_User":  {
+                            "actions":  {
+                                "Disable_User_Job":  {
+                                    "runAfter":  {
+                                    },
+                                    "type":  "ApiConnection",
+                                    "inputs":  {
+                                        "body":  {
+                                            "properties":  {
+                                                "parameters":  {
+                                                    "EnvironmentEndpointURL":  "@body('Environment_Endpoint_URL')?['value']",
+                                                    "UserIdentity":  "@triggerBody()?['object']?['properties']?['description']",
+                                                    "apiAccessToken":  "@body('Access_Token')?['value']"
+                                                }
+                                            }
+                                        },
+                                        "host":  {
+                                            "connection":  {
+                                                "name":  "@parameters('$connections')['azureautomation']['connectionId']"
+                                            }
+                                        },
+                                        "method":  "put",
+                                        "path":  "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs",
+                                        "queries":  {
+                                            "runbookName":  "Commvault_Disable_User",
+                                            "wait":  true,
+                                            "x-ms-api-version":  "2015-10-31"
+                                        }
+                                    }
+                                },
+                                "Disable_User_Job_Output":  {
+                                    "runAfter":  {
+                                        "Disable_User_Job":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "ApiConnection",
+                                    "inputs":  {
+                                        "host":  {
+                                            "connection":  {
+                                                "name":  "@parameters('$connections')['azureautomation']['connectionId']"
+                                            }
+                                        },
+                                        "method":  "get",
+                                        "path":  "/subscriptions/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['SubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['workspaceInfo']?['ResourceGroupName'])}/providers/Microsoft.Automation/automationAccounts/@{encodeURIComponent('Commvault-Automation-Account')}/jobs/@{encodeURIComponent(body('Disable_User_Job')?['properties']?['jobId'])}/output",
+                                        "queries":  {
+                                            "x-ms-api-version":  "2015-10-31"
+                                        }
+                                    }
+                                }
+                            },
+                            "runAfter":  {
+                                "Environment_Endpoint_URL":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "expression":  {
+                                "and":  [
+                                    {
+                                        "startsWith":  [
+                                            "@triggerBody()?['object']?['properties']?['description']",
+                                            "User"
+                                        ]
+                                    }
+                                ]
+                            },
+                            "type":  "If"
+                        },
+                        "Environment_Endpoint_URL":  {
+                            "runAfter":  {
+                                "Access_Token":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ApiConnection",
+                            "inputs":  {
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['keyvault']['connectionId']"
+                                    }
+                                },
+                                "method":  "get",
+                                "path":  "/secrets/@{encodeURIComponent('environment-endpoint-url')}/value"
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                    "$connections":  {
+                        "value":  {
+                            "azureautomation":  {
+                                "connectionId":  "[resourceId('Microsoft.Web/connections', variables('AzureautomationConnectionName'))]",
+                                "connectionName":  "[variables('AzureautomationConnectionName')]",
+                                "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azureautomation')]",
+                                "connectionProperties":  {
+                                    "authentication":  {
+                                        "type":  "ManagedServiceIdentity"
+                                    }
+                                }
+                            },
+                            "azuresentinel":  {
+                                "connectionId":  "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                                "connectionName":  "[variables('MicrosoftSentinelConnectionName')]",
+                                "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]",
+                                "connectionProperties":  {
+                                    "authentication":  {
+                                        "type":  "ManagedServiceIdentity"
+                                    }
+                                }
+                            },
+                            "keyvault":  {
+                                "connectionId":  "[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
+                                "connectionName":  "[variables('KeyvaultConnectionName')]",
+                                "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Keyvault')]",
+                                "connectionProperties":  {
+                                    "authentication":  {
+                                        "type":  "ManagedServiceIdentity"
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Commvault-Logic-App1",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+                "[resourceId('Microsoft.Web/connections', variables('AzureautomationConnectionName'))]",
+                "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]"
+            ]
+        },
+        {
+            "type":  "Microsoft.Web/connections",
+            "apiVersion":  "2016-06-01",
+            "name":  "[variables('AzureautomationConnectionName')]",
+            "location":  "[resourceGroup().location]",
+            "kind":  "V1",
+            "properties":  {
+                "displayName":  "[variables('AzureautomationConnectionName')]",
+                "customParameterValues":  {
+                },
+                "parameterValueType":  "Alternative",
+                "api":  {
+                    "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azureautomation')]"
+                }
+            }
+        },
+        {
+            "type":  "Microsoft.Web/connections",
+            "apiVersion":  "2016-06-01",
+            "name":  "[variables('MicrosoftSentinelConnectionName')]",
+            "location":  "[resourceGroup().location]",
+            "kind":  "V1",
+            "properties":  {
+                "displayName":  "[variables('MicrosoftSentinelConnectionName')]",
+                "customParameterValues":  {
+                },
+                "parameterValueType":  "Alternative",
+                "api":  {
+                    "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]"
+                }
+            }
+        },
+        {
+            "type":  "Microsoft.Web/connections",
+            "apiVersion":  "2016-06-01",
+            "name":  "[variables('KeyvaultConnectionName')]",
+            "location":  "[resourceGroup().location]",
+            "kind":  "V1",
+            "properties":  {
+                "displayName":  "[variables('KeyvaultConnectionName')]",
+                "customParameterValues":  {
+                },
+                "parameterValueType":  "Alternative",
+                "alternativeParameterValues": {
+                    "token:TenantId": "[variables('tenantId')]",
+                    "token:grantType": "code",
+                    "vaultName": "[parameters('keyvaultName')]"
+            },
+                "api":  {
+                    "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Keyvault')]"
+                }
+            }
+        }
+    ]
+}
diff --git a/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/readme.md b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/readme.md
new file mode 100644
index 00000000000..33e6d0d99a8
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Playbooks/CommvaultLogicApp/readme.md	
@@ -0,0 +1,26 @@
+# Commvault Logic App Playbook
+## Summary
+This Logic App executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve various credentials, it executes a specific runbook depending on the use case. 
+
+## Prerequisites
+- Administrative access to your Commvault/Metallic environment.
+- Administrative access to your Azure Resource Group and Subscription.
+- An Azure Sentinel instance in the aforementioned Azure Resource Group.
+- A Keyvault and an Automation Account configured as mentioned in the documentation here :- (https://github.com/Cv-securityIQ/Azure-Integration/blob/Commvault/Solutions/Commvault%20Security%20IQ/README.md)
+
+## Deployment Instructions
+Deploy the playbook by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2Commvault%20Security%20IQ%2FPlaybooks%2CommvaultLogicApp%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2Commvault%20Security%20IQ%2FPlaybooks%2CommvaultLogicApp%2Fazuredeploy.json)
+
+Alternatively:-
+1. To import the logic app from the azure portal go to "Custom Deployment"
+2. "Build your own template in the editor"
+3. "Load File" -> Use the json present under **Playbooks/CommvaultLogicApp/azuredeploy.json**.
+4. Enter in the required parameters
+
+## Post-deployment Instructions
+Steps to follow the instructions are mentioned here :- (https://github.com/Cv-securityIQ/Azure-Integration/blob/Commvault/Solutions/Commvault%20Security%20IQ/README.md)
+1. Give the required permissions to the logic app to get the secrets from the keyvault.
+2. Setup the Managed Identity
diff --git a/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Cycle_Token.ps1 b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Cycle_Token.ps1
new file mode 100644
index 00000000000..7b2089b6462
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Cycle_Token.ps1	
@@ -0,0 +1,81 @@
+<# Input Parameters #>
+Param(
+[Parameter(Mandatory = $true)]
+[String] $apiAccessToken,
+
+[Parameter(Mandatory = $true)]
+[String] $EnvironmentEndpointURL, 
+
+[Parameter(Mandatory = $true)]
+[String] $keyVaulturl,
+
+[Parameter(Mandatory = $true)]
+[String] $keyVaultTenantID,
+
+[Parameter(Mandatory = $true)]
+[String] $keyVaultClientID,
+
+[Parameter(Mandatory = $true)]
+[String] $keyVaultClientSecret
+)
+<# End Input Parameters #>
+
+<# Global Variables #>
+$headers = @{}
+$headers.add("Accept", "application/json")
+$headers.add("Content-Type", "application/json")
+$authToken = "QSDK " + $apiAccessToken
+$headers.add("Authtoken", $authToken) 
+<# End of Global Variables #>
+
+<# Get the current date and time as a Unix timestamp #>
+$currentUnixTime = [int][double]::Parse((Get-Date -UFormat %s))
+
+<# Add 7 days in seconds (7 * 24 * 60 * 60) #>
+$sevenDaysInSeconds = 604800
+
+<# Add 7 days to the current Unix timestamp #>
+$desiredTimeUNIXtimestamp = $currentUnixTime + $sevenDaysInSeconds
+
+<# Generate unique AccessToken name that contain creation and expiry timestamp #>
+$newTokenName = "soar-crt$currentUnixTime-exp$desiredTimeUNIXtimestamp"
+
+<# Create new API AccessToken #>
+$body = @{
+    tokenExpires = @{
+        time = $desiredTimeUNIXtimestamp
+    }
+    scope        = 2
+    tokenName    = $newTokenName
+} | ConvertTo-Json
+$generateAccessTokenURL = "https://$EnvironmentEndpointURL/commandcenter/api/ApiToken/User"
+$generateAccessTokenResult = Invoke-RestMethod $generateAccessTokenURL -Method POST -Headers $headers -Body $body
+
+<# If the new access token was generated, set it in KeyVault #>
+$newAccessToken = $null
+$newAccessToken = $generateAccessTokenResult.token
+if ($newAccessToken -ne $null) { 
+    $url = "https://login.microsoftonline.com/$keyVaultTenantId/oauth2/token"
+    $headers = @{
+        "Content-Type" = "application/x-www-form-urlencoded"
+    }
+    $data = @{
+        "grant_type" = "client_credentials"
+        "client_id" = $keyVaultClientID
+        "client_secret" = $keyVaultClientSecret
+        "resource" = "https://vault.azure.net"
+    }
+    $response = Invoke-RestMethod -Uri $url -Method POST -Body $data -Headers $headers
+    $keyvault_access_token = $response.access_token
+    $endpoint = "$keyVaultUrl/secrets/access-token?api-version=7.2"
+    $headers = @{
+        "Authorization" = "Bearer $keyvault_access_token"
+        "Content-Type" = "application/json"
+    }
+    $body = @{
+        "value" = $newAccessToken 
+    }
+    $response = Invoke-RestMethod -Uri $endpoint -Method PUT -Body ($body | ConvertTo-Json) -Headers $headers -ContentType 'application/json'
+    Write-Output $response.value
+}
+else { Write-Output "FAIL. Could not generate a new access token." }
\ No newline at end of file
diff --git a/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.ps1 b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.ps1
new file mode 100644
index 00000000000..b11f10846b4
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_Data_Aging.ps1	
@@ -0,0 +1,103 @@
+<# Input Variables #>
+<# $EnvironmentEndpointURL = Read-Host -Prompt 'Input Metallic RingURL / Commvault endpoint URL / examples: m102.metallic.io | 10.0.0.5' #>
+<# $apiAccessToken = Read-Host -Prompt 'Input Commvault RestAPI user AccessToken' #>
+<# $clientName = Read-Host -Prompt 'Input Server Hostname or ClientName' #> 
+
+Param(
+[Parameter(Mandatory = $true)]
+[String] $apiAccessToken,
+
+[Parameter(Mandatory = $true)]
+[String] $EnvironmentEndpointURL,
+
+[Parameter(Mandatory = $true)]
+[String] $clientName
+)
+
+
+<# End of Input Variables #>
+
+<# Global Variables #>
+$headers = @{}
+$headers.add("Accept", "application/json")
+$headers.add("Content-Type","application/json")
+$authToken = "QSDK "+$apiAccessToken
+$headers.add("Authtoken",$authToken) 
+<# End of Global Variables #>
+
+<# Get all Tenant Clients #>
+$getClientsURL = "https://$EnvironmentEndpointURL/commandcenter/api/client"
+$getClientsResult = Invoke-RestMethod $getClientsURL -Method GET -Headers $headers
+ 
+<# End of Get all Tenant Clients #>
+
+<# Add wildcard (on the end) to Server Input to address scenario that server short name would be given and we have full FQDN or if there is additon on our ClientName like (1) #>
+$clientName = $clientName + "*"
+<# Select all Clients that match Input Server Hostname or ClientName #>
+$selectedClients = @()
+foreach ($client in $getClientsResult.clientProperties.client.clientEntity | Where-Object { $_.hostname -like $clientName -or $_.clientName -like $clientName}) {
+    $selectedClients += New-Object PSObject -Property @{
+        ClientName = $client.clientName
+        ClientHostname = $client.hostname
+        ClientID = $client.ClientId
+        }
+}
+
+<# Check if Clients array is not empty | if anything was matched in previous step #>
+if ($selectedClients -ne "") {
+
+    <# Print matched Clients for referance #>
+    Write-Output "Following Client(s) were found that match input Server Hostname or ClientName"
+    Write-Output $selectedClients
+    Write-Output "------------------------------"
+
+<# Start flow for each matched Client in array #>
+foreach ($selectedclient in $selectedClients) {
+    <# Get attributes as ID, ClientName and Hostname from matched Clients array for current Client #>
+    $selectedclientId = $selectedclient.ClientId
+    $selectedclientName = $selectedclient.ClientName
+    $selectedclientHostname = $selectedclient.ClientHostname
+    <# Get Client Properties and Archive Pruning Status #>
+    $getClientPropURL = "https://$EnvironmentEndpointURL/commandcenter/api/client/$selectedclientId"
+    $getClientPropResult = Invoke-RestMethod $getClientPropURL -Method GET -Headers $headers
+    $getClientActivityControlOptions = $getClientPropResult.clientProperties.clientProps.clientActivityControl.activityControlOptions
+    $getClientActivityType16ControlOptions = ($getClientActivityControlOptions | Where-Object { $_.activityType -eq 16 })
+    $clientArchivePruningStatus = $getClientActivityType16ControlOptions.enableActivityType
+
+    <# Check what is Archive Pruning Status and perform relevant action #>
+    <# First check if Archive Pruning Status is Enabled and then Disable it #>
+    if ($clientArchivePruningStatus -eq $true) {
+
+        $body = "{
+            `n    `"clientProperties`": {
+            `n        `"clientProps`": {
+            `n            `"clientActivityControl`": {
+            `n                `"activityControlOptions`": [
+            `n                    {
+            `n                        `"activityType`": 16,
+            `n                        `"enableAfterADelay`": false,
+            `n                        `"enableActivityType`": false
+            `n                    }
+            `n                ]
+            `n            }
+            `n        }
+            `n    }
+            `n}"
+        $disableClientArchivePruningURL = "https://$EnvironmentEndpointURL/commandcenter/api/client/$selectedclientId"
+        $disableClientArchivePruningResult = Invoke-RestMethod $getClientPropURL -Method POST -Headers $headers -Body $body
+        $disableClientArchivePruningResultErrorCode = $disableClientArchivePruningResult.response.errorCode
+        <# Check status of operation to Disable Archive Pruning Status and print relevant message #>
+        if ($disableClientArchivePruningResultErrorCode -eq 0) {
+            Write-Output "Archive Pruning succesfully Disabled for Client $selectedclientName (Hostname: $selectedclientHostname)"
+        } else {Write-Output "Something went wrong. Error code $disableClientArchivePruningResultErrorCode do not indicate success for disabling Archive Pruning on Client $selectedclientName (Hostname: $selectedclientHostname)"}
+    <# In case Archive Pruning Status is already Disabled print status #>
+    } elseif ($clientArchivePruningStatus -eq $false) {
+        Write-Output "Archive Pruning is already Disabled for Client $selectedclientName (Hostname: $selectedclientHostname). No further action taken."
+    <# In case there was a problem with getting Archive Pruning Status print error message #>
+    } else {Write-Output "Something went wrong. Unable to retrieve Archive Pruning status for Client $selectedclientName (Hostname: $selectedclientHostname)"}
+}
+
+<# In case Clients array is empty print eror message #>
+} else {
+    Write-Output "Something went wrong. No Client(s) found"
+}
\ No newline at end of file
diff --git a/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.ps1 b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.ps1
new file mode 100644
index 00000000000..253a7cb06f9
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_IDP.ps1	
@@ -0,0 +1,53 @@
+<# Input Variables #>
+<# $EnvironmentEndpointURL = Read-Host -Prompt 'Input Metallic RingURL / Commvault endpoint URL / examples: m102.metallic.io | 10.0.0.5' #>
+<# $apiAccessToken = Read-Host -Prompt 'Input Commvault RestAPI user AccessToken' #>
+
+Param(
+[Parameter(Mandatory = $true)]
+[String] $apiAccessToken,
+
+[Parameter(Mandatory = $true)]
+[String] $EnvironmentEndpointURL
+)
+
+<# Global Variables #>
+$headers = @{}
+$headers.add("Accept", "application/json")
+$headers.add("Content-Type","application/json")
+$authToken = "QSDK "+$apiAccessToken
+$headers.add("Authtoken",$authToken)
+<# End of Global Variables #>
+
+<# Get all Tenant Identity Servers #>
+$getIdentityServersURL = "https://$EnvironmentEndpointURL/commandcenter/api/IdentityServers"
+$getIdentityServersResult = Invoke-RestMethod $getIdentityServersURL -Method GET -Headers $headers
+<# End of Get all Tenant Identity Servers #>
+
+<# Filter Identity Servers that are SAML type #>
+$samlIdentityServers = $getIdentityServersResult.identityServers | Where-Object { $_.samlType -eq 1}
+<# For each SAML Identity Server go with steps to check it's state and take action #>
+foreach ($samlIdentityServer in $samlIdentityServers) {
+
+    <# Gets details of SAML Identity Server #>
+    $samlIdentityServerName = $samlIdentityServer.IdentityServerName
+    $getsamlIdentityServerPropURL = "https://$EnvironmentEndpointURL/commandcenter/api/V4/SAML/$samlIdentityServerName"
+    $getsamlIdentityServerPropResult = Invoke-RestMethod $getsamlIdentityServerPropURL -Method GET -Headers $headers
+
+    <# Check if SAML Identity Server is enabled or disabled and take action or give status #>
+    if ($getsamlIdentityServerPropResult.enabled -eq $true) {
+        Write-Output "Going to disable IDP server $samlIdentityServerName"
+        <# Disable SAML Identity Server if it is enabled #>
+        $body = "{`"enabled`": false, `"type`": `"SAML`"}"
+        $disablesamlIdentityServerURL = "https://$EnvironmentEndpointURL/commandcenter/api/V4/SAML/$samlIdentityServerName"
+        $disablesamlIdentityServerResult = Invoke-RestMethod $disablesamlIdentityServerURL -Method PUT -Headers $headers -Body $body
+        $disablesamlIdentityServerResulterrorCode = $disablesamlIdentityServerResult.errorCode
+        <# Based on response error code verify if action was succesfull and return status #>
+        if ($disablesamlIdentityServerResulterrorCode -eq 0) {
+        Write-Output "SAML IdentityProvider $samlIdentityServerName succesfully disabled"
+        } else {"Something went wrong. Error code $disablesamlIdentityServerResulterrorCode for disabling SAML IdentityProvider $samlIdentityServerName action do not indicate success"}
+    <# In case SAML Identity Server is alredy disabled return status #>
+    } elseif ($getsamlIdentityServerPropResult.enabled -eq $false) {
+        Write-Output "SAML IdentityProvider $samlIdentityServerName is already disabled. No action taken"
+    <# In case SAML Identity Server disabled/enabled state is not correctly retrieved return status #>
+    } else {Write-Output "Something went wrong. Unable to retrieve state for SAML IdentityProvider $samlIdentityServerName"}
+}
\ No newline at end of file
diff --git a/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_User.ps1 b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_User.ps1
new file mode 100644
index 00000000000..348aac93e6e
--- /dev/null
+++ b/Solutions/Commvault Security IQ/Playbooks/Runbooks/Commvault_Disable_User.ps1	
@@ -0,0 +1,66 @@
+<# Input Variables #>
+<# $EnvironmentEndpointURL = Read-Host -Prompt 'Input Metallic RingURL / Commvault endpoint URL / examples: m102.metallic.io | 10.0.0.5' #>
+<# $apiAccessToken = Read-Host -Prompt 'Input Commvault RestAPI user AccessToken' #>
+<# $userIdentity = Read-Host -Prompt 'Enter User email or UPN' #>
+
+Param(
+[Parameter(Mandatory = $true)]
+[String] $apiAccessToken,
+
+[Parameter(Mandatory = $true)]
+[String] $EnvironmentEndpointURL,
+
+[Parameter(Mandatory = $true)]
+[String] $userIdentity
+)
+
+<# End of Input Variables #>
+
+<# Extract the userIdentity from the given userIdentity string #>
+
+<# End of extraction #>
+
+<# Global Variables #>
+$headers = @{}
+$headers.add("Accept", "application/json")
+$headers.add("Content-Type","application/json")
+$authToken = "QSDK "+$apiAccessToken
+$headers.add("Authtoken",$authToken) 
+<# End of Global Variables #> 
+
+<# Get all Tenant Users #>
+$getUsersURL = "https://$EnvironmentEndpointURL/commandcenter/api/User?level=10"
+$getUsersResult = Invoke-RestMethod $getUsersURL -Method GET -Headers $headers
+<# End of Get all Tenant Users #>
+
+<# Select User based on email or UPN #>
+$selectedUserID = "Empty"
+$selectedUser = $getUsersResult.users | Where-Object { $_.email -eq $userIdentity -or $_.UPN -eq $userIdentity}
+if ($selectedUser.email -eq $userIdentity -or $selectedUser.UPN -eq $userIdentity){
+        $selectedUserID = $selectedUser.userEntity[0].userId
+} else {Write-Output "User $userIdentity was not found"; Exit}
+<# End of Select User based on email or UPN #>
+
+<# Get selected user details #>
+$getSelectedUserDetailsURL = "https://$EnvironmentEndpointURL/commandcenter/api/User/$selectedUserID"
+$getSelectedUserDetailsResult = Invoke-RestMethod $getSelectedUserDetailsURL -Method GET -Headers $headers
+<# End of Get selected user details #>
+
+<# Check user if user is enabled and take action #>
+if ($getSelectedUserDetailsResult.users.enableUser -eq $true) {
+    $disableUserURL = "https://$EnvironmentEndpointURL/commandcenter/api/User/$selectedUserID/Disable"
+    $disableUserResult = Invoke-RestMethod $disableUserURL -Method PUT -Headers $headers
+    $disableUserResulterrorCode = $disableUserResult.response.errorCode
+    if ($disableUserResulterrorCode -eq 0) {Write-Output "User $userIdentity was succesfully disabled"} else {
+        Write-Output "Something went wrong. Error code $disableUserResulterrorCode for disabling User account $userIdentity do not indicate success."
+    }
+} elseif ($getSelectedUserDetailsResult.users.enableUser -eq $false) {
+    Write-Output "User $userIdentity is already disabled. No action taken."
+    } else {Write-Output "Something went wrong. Cannot retrieve status for user $userIdentity"}
+<# End of Check user if user is enabled and take action #>
+
+<# Get Selected User Sessions #>
+$getSelectedUserSessionsURL = "https://$EnvironmentEndpointURL/commandcenter/api/Session?userId=$selectedUserID"
+$getSelectedUserSessionsResult = Invoke-RestMethod $getSelectedUserSessionsURL -Method GET -Headers $headers
+$expectedSelectedUserSessionsResult="*"
+<# End of Get Selected User Sessions #>
\ No newline at end of file
diff --git a/Solutions/Commvault Security IQ/README.md b/Solutions/Commvault Security IQ/README.md
new file mode 100644
index 00000000000..34be44e0938
--- /dev/null
+++ b/Solutions/Commvault Security IQ/README.md	
@@ -0,0 +1,604 @@
+# Commvault -- Sentinel Integration
+This Sentinel integration enables Commvault users to ingest alerts and other data into their Sentinel instance. With Analytic Rules, Sentinel can automatically create Sentinel incidents from incoming Commvault syslogs. 
+
+### Key Features
+- Using Azure KeyVault, Commvault access tokens are automatically rotated, providing enhanced security. 
+- Perform automated actions such as disabling IDP, specific users, or data aging on your Commvault/Metallic environment from inside Sentinel.
+
+## Prerequisites
+- Administrative access to your Commvault/Metallic environment.
+- Administrative access to your Azure Resource Group and Subscription.
+- An Azure Sentinel instance in the aforementioned Azure Resource Group.
+- An Azure Log Analytic Workspace in the aformentioned Azure Resource Group.
+
+## Inventory of Required Assets
+The following Azure assets need to all be created in order for this integration to function properly. In addition to these assets, proper permissions need to be granted. When following the installation instructions, please use the same asset names to ensure compatibility.
+### Automation Account
+- **Commvault-Automation-Account:** This is where the runbooks are stored.
+### Runbooks
+All runbooks are stored in the Automation Account *Commvault-Automation-Account*.
+- **Commvault_Cycle_Token:** Used in the *CommvaultTokenCycle* Logic App to execute the API calls that generate a new Commvault/Metallic access token.
+- **Commvault_Disable_Data_Aging:** Used in the *Commvault-Logic-App* Logic App to execute the API calls that disable data aging for a specific client. 
+- **Commvault_Disable_IDP:** Used in the *Commvault-Logic-App* Logic App to execute the API calls that disable the IDP in your environment.
+- **Commvault_Disable_User:** Used in the *Commvault-Logic-App* Logic App to execute the API calls that disable a specific user given their email address.
+### Logic Apps
+- **Commvault-Logic-App:** This Logic App (also referred to as a *Playbook*) executes when called upon by an Automation Rule. Accessing the KeyVault to retrieve various credentials, it executes a specific runbook depending on the use case.
+- **CommvaultTokenCycle:** This Logic App (also referred to as a *Playbook*) executes periodically to generate a new Commvault/Metallic access token and securely overwrites the old access token in your KeyVault.
+### KeyVaults
+- **Commvault-Integration-KV:** This KeyVault stores all required credentials as *secrets*.
+### KeyVault Secrets
+All of these secrets are stored in the *Commvault-IntegrationKV* KeyVault. For the first time setup, their values need to be manually retrieved.
+- **access-token:** The access token for Commvault/Metallic.
+- **environment-endpoint-url:** The URL of your Commvault/Metallic endpoint.
+- **keyvault-url:** The URL of your Azure KeyVault. 
+- **client-id:** The ID of the Azure App Registration client.
+- **tenant-id:** The ID of your Azure Tenant.
+- **secret-id:** The ID of your Azure App Registration client secret. 
+- **keyvaultsecret:** The value of your Azure App Registration client secret. 
+### App Registrations
+- **Commvault_Token_Cycle_App:** An Azure Active Directory App Registration used for authorized KeyVault access. 
+### Sentinel Analytic Rules
+Each of these Analytic Rules run on a continuous basis and are querying for the manually triggered Sentinel incident. Once it discovers a specific incident, a new incident is created that triggers the corresponding Automation Rule. 
+- **IDP Compromised:** The Sentinel Analytic Rule that continuously searches for a manually created Sentinel Incident pertaining to a compromised Commvault/Metallic IDP. 
+- **User Compromised:** The Sentinel Analytic Rule that continuously searches for a manually created Sentinel Incident pertaining to a compromised Commvault/Metallic user. 
+- **Data Aging:** The Sentinel Analytic Rule that continuously searches for a manually created Sentinel Incident pertaining to a request to disable data aging on a specific Commvault/Metallic client. 
+
+## Installation
+### Create the Runbooks
+* Go to Automation Accounts -> Create 
+  * Basics:
+    * Select the correct subscription and resource group 
+    * Name it “Commvault-Automation-Account" 
+  * Click “Create” 
+* Go to “Commvault-Automation-Account" ->  Runbooks (under “Process Automation”) -> Create a Runbook 
+  * Name =  
+    * Commvault_Disable_IDP
+  * Runbook Type =  
+    * Powershell 
+  * Runtime Version =  
+    * 5.1 
+  * Click “Create” 
+  * Edit Powershell Runbook =
+    * Use the content in this file: **Runbooks/Commvault_Disable_IDP.ps1**
+    * Click "Publish"
+  * Click "Save"
+* Go to “Commvault-Automation-Account" ->  Runbooks (under “Process Automation”) -> Create a Runbook 
+  * Name = 
+    * Commvault_Disable_User
+  * Runbook Type = 
+    * Powershell
+  * Runtime Version = 
+    * 5.1
+  * Click "Create"
+  * Edit Powershell Runbook = 
+    * Use the content in this file: **Runbooks/Commvault_Disable_Users.ps1**
+    * Click "Publish"
+  * Click "Save"
+* Go to “Commvault-Automation-Account" ->  Runbooks (under “Process Automation”) -> Create a Runbook 
+  * Name = 
+    * Commvault_Disable_Data_Aging
+  * Runbook Type =
+    * Powershell
+  * Runtime Version = 
+    * 5.1
+  * Click "Create"
+  * Edit Powershell Runbook = 
+    * Use the content in this file: **Runbooks/Commvault_Disable_Data_Aging.ps1**
+    * Click "Publish"
+  * Click "Save"
+    
+### Create The KeyVault:
+* Go to KeyVault -> Create
+  * Basics:
+    * Select the correct subscription and resource group
+    * KeyVault name = 
+      * Commvault-Integration-KV
+  
+### Create the KeyVault Secrets:
+* Go to KeyVault -> "Commvault-Integration-KV" -> Secrets (Under "Objects") -> "Generate/Import"
+  * Upload Options:
+    * Manual
+  * Name: 
+    * access-token
+  * Secret Value:
+    * (Your Commvault/Metallic access token)
+  * Enabled:
+    * Yes
+  * Click "Create"
+* Go to KeyVault -> "Commvault-Integration-KV" -> Secrets (Under "Objects") -> "Generate/Import"
+  * Upload Options: 
+    * Manual
+  * Name: 
+    * environment-endpoint-url
+  * Secret Value:
+    * (Your Commvault/Metallic endpoint's URL)
+  * Enabled:
+    * Yes
+  * Click "Create"
+  
+### Initialize the Logic App (*Playbook*):
+* Go to "Custom Deployment" -> "Build your own template in the editor" -> "Load File" -> Use the json present under **Playbooks/CommvaultLogicApp/azuredeploy.json**.
+	* Save 
+	* Enter the resource group, subscription, automation account and keyvault name
+	* In the playbook name field use "Commvault-Logic-App"
+* Go to KeyVault -> Commvault-Integration-KV
+* Access Configuration:
+    * Permission Model = 
+      * Vault Access Policy
+    * Go to "Access Policies" -> "Create"
+      * Under "Permissions" -> "Secret Permissions"
+        * Select "Get", "List", and "Set"
+        * Click "Next"
+      * Under "Principal"
+        * Search for "Commvault-Logic-App"
+          * Select "Commvault-Logic-App from the search results
+        * Click "Next"
+      * Under "Application (Optional)"
+        * Do nothing here except click "Next"
+      * Under "Review + Create"
+        * Click "Create"
+  * Click "Review + Create"
+  * Click "Create"
+
+### Setup the Managed Identity
+* Go to Automation Accounts -> "Commvault-Sandbox-Automation-Account" -> "Access Control (IAM)" -> "Add" -> "Add Role Assignment
+  * In "Job function roles" under "role":
+    * Click on "Automation Contributor" so that it is highlighted in grey
+  * Click "Next"
+  * Assign Access To:
+    * Select "Managed Identity"
+  * Members:
+    * Select "Select Members"
+      * Select the correct subscription
+      * For Managed Identity, select "Logic App"
+      * Select "Commvault-Logic-App" form the list
+      * Click the blue "select" button
+  * Go to the "Review + Assign" tab
+    * Click the blue "Review + Assign" button
+* Go to your resource group -> "Access Control (IAM)" -> "Add" -> "Add Role Assignment"
+  * In "Job Function Roles" under "Role"
+    * Find "Microsoft Sentinel Automation Contributor" and click it so that it is highlighted in grey
+  * Under the "Members" tab
+    * Assign access to: 
+      * Managed Identity
+    * Click "+ Select Members"
+      * Select the correct subscription
+      * Managed Identity:
+        * Logic App
+      * From the list, select "Commvault-Logic-App"
+      * Click the blue "Select" button
+  * Under "Review + Assign" tab
+    * Click the blue "Review + Assign" button
+* Go to "Logic Apps" -> "Commvault-Logic-App" -> "Identity" (under "Settings") -> "System Assigned" tab -> "Azure Role Assignments"
+  * Add Role Assignment
+    * Scope: 
+      * KeyVault
+    * Resource:
+      * Commvault-Integration-KV
+    * Role:
+      * KeyVault Secrets Officer
+    * Click the blue "Save" button
+
+### Create the Analytic Rules:
+* Go to Sentinel -> (The name of your Sentinel instance) -> Analytics (located under “Configuration”) -> Create -> Scheduled Query Rule 
+  * General: 
+    * Name: 
+      * IDP Alert
+    * Description:
+      * IDP Compromised
+  * Set Rule Logic:
+    * Rule Query:
+      SecurityIncident  
+      | where Title has "Cvlt Alert"   
+      and Description == "IDP Compromised"   
+      and Status has "New" 
+    * Run Query Every:
+      * 5 minutes
+    * Lookup data from the last:
+      * 5 minutes
+  * Incident Settings:
+    * Alert Grouping:
+      * Enabled
+  * Review and Create:
+    * Create
+* Go to Sentinel -> (The name of your Sentinel instance) -> Analytics (located under “Configuration”) -> Create -> Scheduled Query Rule 
+  * General: 
+    * Name: 
+      * Data Alert
+    * Description: 
+      * Data Compromised
+  * Set Rule Logic: 
+    * Rule Query: 
+      SecurityIncident  
+      | where Title has "Cvlt Alert" and Description has "Client" and Description has "Compromised" and Status has "New" 
+      | extend extracted_word = extract("Client\\s(.*?)\\sCompromised", 1, Description) 
+      | project TimeGenerated, 
+        Title, 
+        Description, 
+        Status, 
+        CustomDetails = extracted_word
+    * Alert Details:
+      * Alert Name Format: 
+        * User Alert
+      * Alert Description Format:
+      * {{Custom Details}}
+    * Run Query Every: 
+      * 5 minutes
+    * Lookup data from the last:
+      * 5 minutes
+  * Incident Settings: 
+    * Alert Grouping: 
+      * Enabled
+  * Review and Create:
+    * Create
+* Go to Sentinel -> (The name of your Sentinel instance) -> Analytics (located under “Configuration”) -> Create -> Scheduled Query Rule 
+  * General:
+    * Name: 
+      * User Alert
+    * Description: 
+      * User Compromised
+  * Set Rule Logic:
+    * Rule Query:
+      SecurityIncident  
+      | where Title has "Cvlt Alert" and Description has "User" and Description has "Compromised" and Status has "New" 
+      | extend extracted_word = extract("User\\s(.*?)\\sCompromised", 1, Description) 
+      | project TimeGenerated, 
+        Title, 
+        Description, 
+        Status, 
+        CustomDetails = extracted_word 
+    * Alert Details:
+      * Alert Format:
+        * User Alert
+      * Alert Description Format:
+        * {{CustomDetails}}
+    * Run Query Every:
+      * 5 minutes
+    * Lookup data from the last:
+      * 5 minutes
+  * Incident Settings:
+    * Alert Grouping:
+      * Enabled
+  * Review and Create
+    * Create
+### Create The Automation Rules
+* Go to Sentinel -> (The name of your Sentinel instance) -> Automation (located under “Configuration”) -> Create -> Automation Rule 
+  * Automation Rule Name: 
+    * Commvault-Disable-Data-Aging-Rule
+  * Trigger: 
+    * When incident is created
+  * Conditions: 
+    * If incident provider:
+      * Equals
+      * Microsoft Sentinel
+    * Analytic Rule Name: 
+      * Contains
+      * Data Alert
+  * In the box in the "Actions" section, select "Change Status"
+  * In the box below "Change Status" in the "Actions" section, select "Closed"
+  * In the box below that, select "True Positive - Suspicious Activity"
+  * At the bottom of the "Actions" section, click "+ Add Action"
+  * As an owner of the resource group, click the blue "Manage Playbook Permissions" text
+    * Select your resource group
+    * Click "Apply"
+  * Click the box below "Run Playbook" in the "Actions" section
+    * Select "Commvault-Logic-App"
+  * Order: 
+    * 1
+  * Click "Apply"
+* Go to Sentinel -> (The name of your Sentinel instance) -> Automation (located under “Configuration”) -> Create -> Automation Rule 
+  * Automation Rule Name: 
+    * Commvault-Disable-IDP-Automation-Rule
+  * Trigger:
+    * When incident is created
+  * Conditions: 
+    * If incident provider: 
+      * Equals 
+      * Microsoft Sentinel 
+    * Analytic Rule Name: 
+      * Contains 
+      * IDP Alert
+  * In the box in the "Actions" section, select "Change Status"
+  * In the box below "Change Status" in the "Actions" section, select "Closed"
+  * In the box below that, select "True Positive - Suspicious Activity"
+  * At the bottom of the "Actions" section, click "+ Add Action"
+  * Click the box below "Run Playbook" in the "Actions" section
+    * Select "Commvault-Logic-App"
+  * Order:
+    * 2
+  * Click "Apply"
+* Go to Sentinel -> (The name of your Sentinel instance) -> Automation (located under “Configuration”) -> Create -> Automation Rule 
+  * Automation Rule Name: 
+    * Commvault-Disable-User-Automation-Rule
+  * Trigger:
+    * When incident is created
+  * Conditions: 
+    * If incident provider: 
+      * Equals
+      * Microsoft Sentinel 
+    * Analytic Rule Name: 
+      * Contains
+      * User Alert
+  * In the box in the "Actions" section, select "Change Status"
+  * In the box below "Change Status" in the "Actions" section, select "Closed"
+  * In the box below that, select "True Positive - Suspicious Activity"
+  * At the bottom of the "Actions" section, click "+ Add Action"
+  * Click the box below "Run Playbook" in the "Actions" section 
+    * Select "Commvault-Logic-App"
+  * Order: 
+    * 3
+  * Click "Apply"
+### Create the Active Directory App Registration: 
+* From Home, go to Azure Active Directory -> App Registrations (under “Manage”) 
+* In the top left corner, click “+ New Registration” 
+  * Name: 
+    * Commvault_Token_Cycle_App
+  * Click the blue "Register" button 
+* From Home, go to Azure Active Directory -> App Registrations (under “Manage”) 
+* Under “Owned Applications”, click on “Commvault_Token_Cycle_App” 
+  * In the middle of the screen (under “Essentials”): 
+    * Copy the “Application (client) ID” to another document. Hereon, this value will be referenced to as the App Registration Client ID.
+    * Copy the “Directory (tenant) ID” to another document. Hereon, this value will be referenced to as the Tenant ID.  
+  * On the left (under “Manage”), click “API Permissions” 
+    * In the middle of the screen, click “+ Add A Permission” 
+      * In the right window that just popped open, select “Azure Key Vault” 
+        * Under “Permissions”, select “user_impersonation” 
+        * On the bottom of the screen, click the blue “Add Permissions” button 
+  * On the left (under “Manage”), click “Certificates & Secrets” 
+    * In the middle of the screen under “Client Secrets”, click “+ New Client Secret” 
+      * Description: 
+        * TokenCycle
+      * On the bottom of the screen, click the blue "Add" button
+    * In the table in the middle of the screen, copy the “Value” of the client secret “TokenCycle”. Copy this value to another document. Hereon, this value will be referenced to as the App Registration Client Secret.  
+### Define more KeyVault secrets:
+* From Home, go to Key Vaults -> Commvault-Integration-KV 
+* In the middle of the screen, copy the “Vault URI” to another document. Hereon, this value will be referenced to as the KeyVault URL. 
+* Under “Objects” on the left, click “Secrets” 
+  * On the top, click "+ Generate/Import"
+    * Name: 
+      * client-id
+    * For "Secret Value", paste in the value of the App Registration Client ID
+  * On the top, click "+ Generate/Import"
+    * Name: 
+      * keyvault-url 
+    * For "Secret Value", paste in the KeyVault URL
+  * On the top, click "+ Generate/Import"
+    * Name: 
+      * keyvaultsecret
+    * For "Secret Value", paste in the App Registration Client Secret
+  * On the top, click "+ Generate/Import"
+    * Name: 
+      * tenant-id
+    * For "Secret Value", paste in the Tenant ID.
+### Token Rotation Logic App: 
+* From Home, go to Logic Apps
+* In the top left corner, click "+ Add"
+  * Basics: 
+    * Project Details: 
+      * Select your subscription and resource group 
+    * Instance Details: 
+      * Logic App Name: 
+        * CommvaultTokenCycle
+    * Play Type: 
+      * Consumption 
+  * In the bottom left corner, click the blue "Review + Create" button
+* In the "Logic App Designer" popup menu, select "Recurrence" Under "Start with a common trigger"
+* In the "Recurrence" block:
+  * Interval: 
+    * 5
+  * Frequency: 
+    * Days
+* Save this by clicking the "Save" button in the top left corner. We will return to this later. 
+### Token Rotation Logic App Permissions:
+* From Home, go to Logic Apps -> CommvaultTokenCycle
+  * On the left side, click on "Identity" (under "Settings")
+    * Under "System Assigned", switch "Status" to "On"
+    * Click "Save" (located just above the "Status" switch)
+    * If prompted, click "Yes"
+    * There should now be a blue "Azure Role Assignments" button. Click it. 
+      * In the new page named "Azure Role Assignments", click "+ Add Role Assignment"
+        * Scope:
+          * KeyVault
+        * Subscription: 
+          * (Your subscription)
+        * Resource:
+          * Commvault-Integration-KV
+        * Role:
+          * Key Vault Secrets Officer
+        * Click the blue "Save" button
+      * Click "+ Add Role Assignment"
+        * Scope:
+          * Resource Group
+        * Subscription: 
+          * (Your subscription)
+        * Resource Group:
+          * (Your resource group)
+        * Role: 
+          * Automation Runbook Operator
+        * Click the blue "Save" button
+      * Click "+ Add Role Assignment"
+        * Scope: 
+          * Resource Group
+        * Subscription: 
+          * (Your subscription)
+        * Resource Group:
+          * (Your resource group)
+        * Role: 
+          * Microsoft Sentinel Contributor
+        * Click the blue "Save" button
+      * Click "+ Add Role Assignment"
+        * Scope: 
+          * Resource Group
+        * Subscription: 
+          * (Your subscription)
+        * Resource Group:
+          * (Your resource group)
+        * Role: 
+          * Automation Contributor
+        * Click the blue "Save" button
+### More KeyVault Permissions:
+* From Home, go to KeyVaults -> Commvault-Integration-KV
+  * On the left pane, click "Access Policies"
+    * On the top left, click "+ Create"
+      * Permissions: 
+        * Secret Permissions:
+          * Select "Get", "List", and "Set"
+      * Principal:
+        * Commvault_Token_Cycle_App
+      * Review + Create:
+        * Click the blue "Create" button on the bottom left
+    * On the top left, click "+ Create"
+      * Permissions: 
+        * Secret Permissions:
+          * Select "Get", "List", and "Set"
+      * Principal: 
+        * CommvaultTokenCycle
+      * Review + Create:
+        * Click the blue "Create" button on the bottom left
+### Token Cycle Runbook:
+* From Home, go to Automation Accounts -> Commvault-Automation-Account 
+  * On the left pane, click “Runbooks” (under “Process Automation”)    
+    * In the top left corner, click "+ Create a Runbook"
+      * Name: 
+        * Commvault_Cycle_Token
+      * Runbook Type:
+        * PowerShell
+      * Runtime Version:
+        * 5.1 
+    * In the bottom left corner, click the blue "Create" button
+    * Copy and paste the content from **runbooks/Commvault_Cycle_Token.ps1** into the runbook editor
+    * In the top left, click "Save"
+    * In the top left, click "Publish"
+### Completing the Token Rotation Logic App: 
+* From Home, go to Logic Apps -> CommvaultTokenCycle
+  * On the left pane, click "Logic App Designer" (located under "Development Tools")
+    * In the center of the screen (under the "Recurrence" block), click "+ New Step"
+      * Search for "get secret"
+      * Under All -> Actions, select "Get Secret - Azure KeyVault"
+        * Name of Secret:
+          * access-token
+        * Rename this block to be "Access Token" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "Access Token" block), click "+ New Step"
+      * Search for "get secret"
+      * Under All -> Actions, select "Get Secret - Azure KeyVault"
+        * Name of the secret
+          * environment-endpoint-url
+        * Rename this block to be "Endpoint URL" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "Endpoint URL" block), click "+ New Step"
+      * Search for "get secret"
+      * Under All -> Actions, select "Get Secret - Azure KeyVault"
+        * Name of the Secret: 
+          * keyvault-url
+        * Rename this block to be "KeyVault URL" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "KeyVault URL" block), click "+ New Step"
+      * Search for "get secret"
+      * Under All -> Actions, select "Get Secret - Azure KeyVault"
+        * Name of the Secret
+          * tenant-id
+        * Rename this block to be "KeyVault Tenant ID" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "KeyVault Tenant ID" block), click "+ New Step"
+      * Search for "get secret"
+        * Under All -> Actions, select "Get Secret - Azure KeyVault"
+          * Name of the secret
+            * client-id
+          * Rename this block to be "KeyVault Client ID" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "KeyVault Client ID" block), click "+ New Step"
+      * Search for "get secret"
+      * Under All -> Actions, select "Get Secret - Azure KeyVault"
+        * Name of the Secret
+          * keyvaultsecret
+        * Rename this block to be "KeyVault Client Secret" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "KeyVault Client ID" block), click "+ New Step"
+      * Search for "create job"
+      * Under All -> Actions, select "Create Job - Azure Automation"
+        * Subscription: 
+          * (Your subscription)
+        * Resource Group:
+          * (Your resource group)
+        * Automation Account:
+          * Commvault-Automation-Account
+        * Runbook Name:
+          * Commvault_Cycle_Token
+        * Wait for Job:
+          * Yes
+        * Runbook Parameter keyvaulturl:
+          * (The value of the "KeyVault URL" block)
+        * Runbook Parameter apiAccessToken:
+          * (The value of the "Access Token" block)
+        * Runbook Parameter EnvironmentEndpointURL:
+          * (The value of the "Endpoint URL" block)
+        * Runbook Parameter KeyVaultClientID:
+          * (The value of the "KeyVault Client ID" block)
+        * Runbook Parameter KeyVaultTenantID:
+          * (The value of the "KeyVault Tenant ID" block)
+        * Runbook Parameter KeyVaultClientSecret:
+          * (The value of the "KeyVault Client Secret" block)
+      * Rename this block to be "Cycle Token Job" by clicking the three dots in the top right corner and selecting "Rename"
+    * In the center of the screen (under the "cycle token job" block), click "+ New Step"
+      * Search for "get job output"
+      * Under All -> Actions, select "Get Job Output - Azure KeyVault"
+        * Subscription:
+          * (Your subscription)
+        * Resource Group:
+          * (Your resource group)
+        * Automation Account:
+          * Commvault-Automation-Account
+        * Job ID:
+          * (The job ID of "Cycle Token Job")
+    * In the top left corner, click "Save"
+
+## Example Usage
+### Disable a compromised Commvault/Metallic IDP from Sentinel
+* Go to Sentinel -> (The name of your Sentinel instance) -> Incidents (under Threat Management) -> Create Incident
+  * Title:
+    * Cvlt Alert
+  * Description:
+    * IDP Compromised
+  * Severity:
+    * Medium
+  * Status:
+    * New
+  * Click "Create"
+* Wait 5-10 minutes for it to run
+* Check if it ran:
+  * Go to Logic Apps -> Commvault-Logic-App
+    * In the middle of the screen is a table with the column headers Status, Start Time, etc. 
+    * Sort the rows by start time by clicking the "Start Time" column header
+    * The latest run should say "Succeeded". Click it. 
+    * Check to see the result of the runbook at the end of the logic app chain.
+### Disable a compromised Commvault/Metallic User from Sentinel
+* Go to Sentinel -> (The name of your Sentinel instance) -> Incidents (under Threat Management) -> Create Incident
+  * Title:
+    * Cvlt Alert
+  * Description (Where "< user email >" is the email address of the user that is compromised):
+    * User < user email > Compromised
+  * Severity:
+    * Medium
+  * Status:
+    * New
+  * Click "Create"
+* Wait 5-10 minutes for it to run
+* Check if it ran:
+  * Go to Logic Apps -> Commvault-Logic-App
+    * In the middle of the screen is a table with the column headers Status, Start Time, etc. 
+    * Sort the rows by start time by clicking the "Start Time" column header
+    * The latest run should say "Succeeded". Click it. 
+    * Check to see the result of the runbook at the end of the logic app chain.
+### Disable Data Aging from Sentinel
+* Go to Sentinel -> (The name of your Sentinel instance) -> Incidents (under Threat Management) -> Create Incident
+  * Title:
+    * Cvlt Alert
+  * Description (Where "< client name >" is the name of the client that you would like to disable data aging on):
+    * Client < client name > Compromised
+  * Severity:
+    * Medium
+  * Status:
+    * New
+  * Click "Create"
+* Wait 5-10 minutes for it to run
+* Check if it ran:
+  * Go to Logic Apps -> Commvault-Logic-App
+    * In the middle of the screen is a table with the column headers Status, Start Time, etc. 
+    * Sort the rows by start time by clicking the "Start Time" column header
+    * The latest run should say "Succeeded". Click it. 
+    * Check to see the result of the runbook at the end of the logic app chain.
\ No newline at end of file
diff --git a/Solutions/Commvault Security IQ/ReleaseNotes.md b/Solutions/Commvault Security IQ/ReleaseNotes.md
new file mode 100644
index 00000000000..66c42b017a6
--- /dev/null
+++ b/Solutions/Commvault Security IQ/ReleaseNotes.md	
@@ -0,0 +1,3 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
+|-------------|--------------------------------|---------------------------------------------|
+| 3.0.0       | 21-08-2023                     | Initial solution release|
diff --git a/Solutions/Commvault Security IQ/SolutionMetadata.json b/Solutions/Commvault Security IQ/SolutionMetadata.json
new file mode 100644
index 00000000000..f5a5f12266d
--- /dev/null
+++ b/Solutions/Commvault Security IQ/SolutionMetadata.json	
@@ -0,0 +1,15 @@
+{
+    "publisherId": "commvaultsecurityiq",
+	"offerId": "azure-sentinel-solution-commvaultsecurityiq",
+	"firstPublishDate": "2023-08-17",
+	"providers": ["Commvault"],
+    "categories": {
+        "domains": ["Security - Automation (SOAR)"]
+    },
+    "support": {
+        "tier": "Partner",
+        "name": "Commvault",
+        "email": "support@commvault.com",
+        "link": "https://www.commvault.com/support"
+    }
+}
diff --git a/Solutions/FireEye Network Security/Data Connectors/Connector_FireEyeNX_CEF.json b/Solutions/FireEye Network Security/Data Connectors/Connector_FireEyeNX_CEF.json
index b14580e8450..a541fa60ba2 100644
--- a/Solutions/FireEye Network Security/Data Connectors/Connector_FireEyeNX_CEF.json	
+++ b/Solutions/FireEye Network Security/Data Connectors/Connector_FireEyeNX_CEF.json	
@@ -1,6 +1,6 @@
 {
     "id": "FireEyeNX",
-    "title": "FireEye Network Security (NX)",
+    "title": "[Deprecated] FireEye Network Security (NX) via Legacy Agent",
     "publisher": "FireEye",
     "descriptionMarkdown": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) data connector provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.",
     "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
diff --git a/Solutions/FireEye Network Security/Data Connectors/template_FireEyeNX_CEFAMA.json b/Solutions/FireEye Network Security/Data Connectors/template_FireEyeNX_CEFAMA.json
new file mode 100644
index 00000000000..3ae7af8b1e0
--- /dev/null
+++ b/Solutions/FireEye Network Security/Data Connectors/template_FireEyeNX_CEFAMA.json	
@@ -0,0 +1,115 @@
+{
+    "id": "FireEyeNXAma",
+    "title": "[Recommended] FireEye Network Security (NX) via AMA",
+    "publisher": "FireEye",
+    "descriptionMarkdown": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) data connector provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.",
+    "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "FireEyeNX",
+            "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "Top 10 Sources",
+            "query": "FireEyeNXEvent\n | where isnotempty(SrcIpAddr)\n    | summarize count() by SrcIpAddr\n | top 10 by count_"
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "CommonSecurityLog (FireEyeNX)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "write": true,
+                    "read": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ],
+		"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+    },
+    "instructionSteps": [
+        { 
+            "title": "", 
+            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
+            "instructions": [ 
+			  {
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B. Configure FireEye NX to send logs using CEF",
+                                "description": "Complete the following steps to send data using CEF:\n\n2.1. Log into the FireEye appliance with an administrator account\n\n2.2. Click **Settings**\n\n2.3. Click **Notifications**\n\nClick **rsyslog**\n\n2.4. Check the **Event type** check box\n\n2.5. Make sure Rsyslog settings are:\n\n- Default format: CEF\n\n- Default delivery: Per event\n\n- Default send as: Alert",
+                                "instructions": [
+                                ]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ]    
+        },
+        {
+            "title": "2. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ]
+}
diff --git a/Solutions/FireEye Network Security/Data/Solution_FireEye Network Security.json b/Solutions/FireEye Network Security/Data/Solution_FireEye Network Security.json
index 9fbe4d0d030..feaac297f04 100644
--- a/Solutions/FireEye Network Security/Data/Solution_FireEye Network Security.json	
+++ b/Solutions/FireEye Network Security/Data/Solution_FireEye Network Security.json	
@@ -2,15 +2,17 @@
   "Name": "FireEye Network Security",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) solution provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "Description": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) solution provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.\n\r\n1. **FireEye Network Security via AMA** - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **FireEye Network Security via Legacy Agent** - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of FireEye Network Security via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Data Connectors": [
-    "Data Connectors/Connector_FireEyeNX_CEF.json"
+    "Data Connectors/Connector_FireEyeNX_CEF.json",
+	"Data Connectors/template_FireEyeNX_CEFAMA.json"
+	
   ],
   "Parsers": [
-    "Parsers/FireEyeNXEvent.txt"
+    "Parsers/FireEyeNXEvent.yaml"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\FireEye Network Security",
-  "Version": "2.0.2",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/FireEye Network Security/Data/system_generated_metadata.json b/Solutions/FireEye Network Security/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..b7d0c77a414
--- /dev/null
+++ b/Solutions/FireEye Network Security/Data/system_generated_metadata.json	
@@ -0,0 +1,31 @@
+{
+  "Name": "FireEye Network Security",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) solution provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.\n\r\n1. **FireEye Network Security via AMA** - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **FireEye Network Security via Legacy Agent** - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of FireEye Network Security via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\FireEye Network Security",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-fireeyenx",
+  "providers": [
+    "Fireeye"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Network"
+    ],
+    "verticals": []
+  },
+  "firstPublishDate": "2022-06-01",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/Connector_FireEyeNX_CEF.json\",\n  \"Data Connectors/template_FireEyeNX_CEFAMA.json\"\n]",
+  "Parsers": "[\n  \"FireEyeNXEvent.yaml\"\n]"
+}
diff --git a/Solutions/FireEye Network Security/Package/3.0.0.zip b/Solutions/FireEye Network Security/Package/3.0.0.zip
new file mode 100644
index 00000000000..c3f57bfcd24
Binary files /dev/null and b/Solutions/FireEye Network Security/Package/3.0.0.zip differ
diff --git a/Solutions/FireEye Network Security/Package/createUiDefinition.json b/Solutions/FireEye Network Security/Package/createUiDefinition.json
index f52f71adeac..fb57b3754be 100644
--- a/Solutions/FireEye Network Security/Package/createUiDefinition.json	
+++ b/Solutions/FireEye Network Security/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) solution provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/FireEye%20Network%20Security/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) solution provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.\n\r\n1. **FireEye Network Security via AMA** - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **FireEye Network Security via Legacy Agent** - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of FireEye Network Security via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,14 +60,14 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector for ingesting FireEye Network Security Solution events in the CEF format into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for FireEye Network Security. You can get FireEye Network Security CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the FireEyeNXEvent Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
             }
           },
           {
@@ -80,6 +80,7 @@
               }
             }
           }
+        
         ]
       }
     ],
diff --git a/Solutions/FireEye Network Security/Package/mainTemplate.json b/Solutions/FireEye Network Security/Package/mainTemplate.json
index e896dabf98f..a8c0fc5f9df 100644
--- a/Solutions/FireEye Network Security/Package/mainTemplate.json	
+++ b/Solutions/FireEye Network Security/Package/mainTemplate.json	
@@ -30,57 +30,52 @@
     }
   },
   "variables": {
-    "solutionId": "azuresentinel.azure-sentinel-solution-fireeyenx",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "FireEye Network Security",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "azuresentinel.azure-sentinel-solution-fireeyenx",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "FireEyeNX",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "FireEyeNX",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "FireEyeNXEvent-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "FireEyeNXAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "FireEyeNXAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "parserName1": "FireEyeNXEvent",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]"
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "FireEyeNXEvent-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "FireEye Network Security data connector with template",
-        "displayName": "FireEye Network Security template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "FireEye Network Security data connector with template version 2.0.2",
+        "description": "FireEye Network Security data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -96,7 +91,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "FireEye Network Security (NX)",
+                  "title": "[Deprecated] FireEye Network Security (NX) via Legacy Agent",
                   "publisher": "FireEye",
                   "descriptionMarkdown": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) data connector provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.",
                   "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
@@ -219,7 +214,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -244,12 +239,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] FireEye Network Security (NX) via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -285,7 +291,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "FireEye Network Security (NX)",
+          "title": "[Deprecated] FireEye Network Security (NX) via Legacy Agent",
           "publisher": "FireEye",
           "descriptionMarkdown": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) data connector provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.",
           "graphQueries": [
@@ -408,33 +414,344 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
-      "name": "[variables('parserTemplateSpecName1')]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "description": "FireEyeNXEvent Data Parser with template",
-        "displayName": "FireEyeNXEvent Data Parser template"
+        "description": "FireEye Network Security data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] FireEye Network Security (NX) via AMA",
+                  "publisher": "FireEye",
+                  "descriptionMarkdown": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) data connector provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.",
+                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "FireEyeNX",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Top 10 Sources",
+                      "query": "FireEyeNXEvent\n | where isnotempty(SrcIpAddr)\n    | summarize count() by SrcIpAddr\n | top 10 by count_"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (FireEyeNX)",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                                
+                              },
+                              {
+                                "title": "Step B. Configure FireEye NX to send logs using CEF",
+                                "description": "Complete the following steps to send data using CEF:\n\n2.1. Log into the FireEye appliance with an administrator account\n\n2.2. Click **Settings**\n\n2.3. Click **Notifications**\n\nClick **rsyslog**\n\n2.4. Check the **Event type** check box\n\n2.5. Make sure Rsyslog settings are:\n\n- Default format: CEF\n\n- Default delivery: Per event\n\n- Default send as: Alert"
+                                
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "FireEye Network Security",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] FireEye Network Security (NX) via AMA",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId2')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion2')]",
+        "source": {
+          "kind": "Solution",
+          "name": "FireEye Network Security",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Microsoft Corporation",
+          "email": "support@microsoft.com",
+          "tier": "Microsoft",
+          "link": "https://support.microsoft.com"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "[Recommended] FireEye Network Security (NX) via AMA",
+          "publisher": "FireEye",
+          "descriptionMarkdown": "The [FireEye Network Security (NX)](https://www.fireeye.com/products/network-security.html) data connector provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "FireEyeNX",
+              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (FireEyeNX)",
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'FireEye'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Top 10 Sources",
+              "query": "FireEyeNXEvent\n | where isnotempty(SrcIpAddr)\n    | summarize count() by SrcIpAddr\n | top 10 by count_"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution.",
+              "instructions": [
+                {
+                  "parameters": {
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                        
+                      },
+                      {
+                        "title": "Step B. Configure FireEye NX to send logs using CEF",
+                        "description": "Complete the following steps to send data using CEF:\n\n2.1. Log into the FireEye appliance with an administrator account\n\n2.2. Click **Settings**\n\n2.3. Click **Notifications**\n\nClick **rsyslog**\n\n2.4. Check the **Event type** check box\n\n2.5. Make sure Rsyslog settings are:\n\n- Default format: CEF\n\n- Default delivery: Per event\n\n- Default send as: Alert"
+                        
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "2. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId2')]",
+          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**FireEyeNXEvent**](https://aka.ms/sentinel-FireEyeNX-parser) which is deployed with the Microsoft Sentinel Solution."
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "FireEyeNXEvent Data Parser with template version 2.0.2",
+        "description": "FireEyeNXEvent Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -443,20 +760,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
                 "displayName": "FireEyeNXEvent",
-                "category": "Samples",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "FireEyeNXEvent",
-                "query": "\nCommonSecurityLog\r\n| where DeviceVendor =~ 'FireEye'\r\n|extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\r\n\t\tDeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\r\n\t\tDeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3),\r\n        ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\r\n| extend packed = pack(DeviceCustomNumber1Label, DeviceCustomNumber1\r\n                     , DeviceCustomNumber2Label, DeviceCustomNumber2\r\n                     , DeviceCustomNumber3Label, DeviceCustomNumber3\r\n                     , DeviceCustomString1Label, DeviceCustomString1\r\n                     , DeviceCustomString2Label, DeviceCustomString2\r\n                     , DeviceCustomString3Label, DeviceCustomString3\r\n                     , DeviceCustomString4Label, DeviceCustomString4\r\n                     , DeviceCustomString5Label, DeviceCustomString5\r\n                     , DeviceCustomString6Label, DeviceCustomString6\r\n                     , DeviceCustomDate1Label, DeviceCustomDate1\r\n                     , DeviceCustomDate2Label, DeviceCustomDate2)\r\n| evaluate bag_unpack(packed)\r\n| project-rename EventVendor=DeviceVendor\r\n                , EventProduct=DeviceProduct\r\n                , EventProductVersion=DeviceVersion\r\n                , EventId=DeviceEventClassID\r\n                , EventSeverity=LogSeverity\r\n                , DstPortNumber=DestinationPort\r\n                , DstIpAddr=DestinationIP\r\n                , DvcIpAddr=DeviceAddress\r\n                , DvcHostname=DeviceName\r\n                , NetworkApplicationProtocol=Protocol\r\n                , SrcPortNumber=SourcePort\r\n                , SrcIpAddr=SourceIP\r\n                , DstMacAddr=DestinationMACAddress\r\n                , Id=ExternalID\r\n                , SrcDvcHostname=SourceHostName\r\n                , SrcMacAddr=SourceMACAddress\r\n| extend EventType=Activity\r\n| extend ThreatName = column_ifexists(\"anomaly\", \"\")\r\n         , OsInfo = column_ifexists(\"osinfo\", \"\")\r\n         , Malware = column_ifexists(\"osinfo\", \"\")\r\n         , Vlan = column_ifexists(\"osinfo\", \"\")\r\n         , IncidentUrl = column_ifexists(\"osinfo\", \"\")\r\n| extend EventTimeIngested=todatetime(ReceiptTime)\r\n| project-away Activity\r\n            , ReceiptTime\r\n            , DeviceCustomNumber1\r\n            , DeviceCustomNumber1Label\r\n            , DeviceCustomNumber2\r\n            , DeviceCustomNumber2Label\r\n            , DeviceCustomNumber3\r\n            , DeviceCustomNumber3Label\r\n            , DeviceCustomString1\r\n            , DeviceCustomString1Label\r\n            , DeviceCustomString2\r\n            , DeviceCustomString2Label\r\n            , DeviceCustomString3\r\n            , DeviceCustomString3Label\r\n            , DeviceCustomString4\r\n            , DeviceCustomString4Label\r\n            , DeviceCustomString5\r\n            , DeviceCustomString5Label\r\n            , DeviceCustomString6\r\n            , DeviceCustomString6Label",
-                "version": 1,
+                "query": "CommonSecurityLog\n| where DeviceVendor =~ 'FireEye'\n|extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n\t\tDeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\n\t\tDeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3),\n        ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\n| extend packed = pack(DeviceCustomNumber1Label, DeviceCustomNumber1\n                     , DeviceCustomNumber2Label, DeviceCustomNumber2\n                     , DeviceCustomNumber3Label, DeviceCustomNumber3\n                     , DeviceCustomString1Label, DeviceCustomString1\n                     , DeviceCustomString2Label, DeviceCustomString2\n                     , DeviceCustomString3Label, DeviceCustomString3\n                     , DeviceCustomString4Label, DeviceCustomString4\n                     , DeviceCustomString5Label, DeviceCustomString5\n                     , DeviceCustomString6Label, DeviceCustomString6\n                     , DeviceCustomDate1Label, DeviceCustomDate1\n                     , DeviceCustomDate2Label, DeviceCustomDate2)\n| evaluate bag_unpack(packed)\n| project-rename EventVendor=DeviceVendor\n                , EventProduct=DeviceProduct\n                , EventProductVersion=DeviceVersion\n                , EventId=DeviceEventClassID\n                , EventSeverity=LogSeverity\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DvcIpAddr=DeviceAddress\n                , DvcHostname=DeviceName\n                , NetworkApplicationProtocol=Protocol\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , DstMacAddr=DestinationMACAddress\n                , Id=ExternalID\n                , SrcDvcHostname=SourceHostName\n                , SrcMacAddr=SourceMACAddress\n| extend EventType=Activity\n| extend ThreatName = column_ifexists(\"anomaly\", \"\")\n         , OsInfo = column_ifexists(\"osinfo\", \"\")\n         , Malware = column_ifexists(\"osinfo\", \"\")\n         , Vlan = column_ifexists(\"osinfo\", \"\")\n         , IncidentUrl = column_ifexists(\"osinfo\", \"\")\n| extend EventTimeIngested=todatetime(ReceiptTime)\n| project-away Activity\n            , ReceiptTime\n            , DeviceCustomNumber1\n            , DeviceCustomNumber1Label\n            , DeviceCustomNumber2\n            , DeviceCustomNumber2Label\n            , DeviceCustomNumber3\n            , DeviceCustomNumber3Label\n            , DeviceCustomString1\n            , DeviceCustomString1Label\n            , DeviceCustomString2\n            , DeviceCustomString2Label\n            , DeviceCustomString3\n            , DeviceCustomString3Label\n            , DeviceCustomString4\n            , DeviceCustomString4Label\n            , DeviceCustomString5\n            , DeviceCustomString5Label\n            , DeviceCustomString6\n            , DeviceCustomString6Label\n",
+                "functionParameters": "",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "FireEyeNXEvent"
+                    "value": ""
                   }
                 ]
               }
@@ -491,21 +809,39 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "FireEyeNXEvent",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-      "apiVersion": "2021-06-01",
+      "apiVersion": "2022-10-01",
       "name": "[variables('_parserName1')]",
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
         "displayName": "FireEyeNXEvent",
-        "category": "Samples",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "FireEyeNXEvent",
-        "query": "\nCommonSecurityLog\r\n| where DeviceVendor =~ 'FireEye'\r\n|extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\r\n\t\tDeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\r\n\t\tDeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3),\r\n        ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\r\n| extend packed = pack(DeviceCustomNumber1Label, DeviceCustomNumber1\r\n                     , DeviceCustomNumber2Label, DeviceCustomNumber2\r\n                     , DeviceCustomNumber3Label, DeviceCustomNumber3\r\n                     , DeviceCustomString1Label, DeviceCustomString1\r\n                     , DeviceCustomString2Label, DeviceCustomString2\r\n                     , DeviceCustomString3Label, DeviceCustomString3\r\n                     , DeviceCustomString4Label, DeviceCustomString4\r\n                     , DeviceCustomString5Label, DeviceCustomString5\r\n                     , DeviceCustomString6Label, DeviceCustomString6\r\n                     , DeviceCustomDate1Label, DeviceCustomDate1\r\n                     , DeviceCustomDate2Label, DeviceCustomDate2)\r\n| evaluate bag_unpack(packed)\r\n| project-rename EventVendor=DeviceVendor\r\n                , EventProduct=DeviceProduct\r\n                , EventProductVersion=DeviceVersion\r\n                , EventId=DeviceEventClassID\r\n                , EventSeverity=LogSeverity\r\n                , DstPortNumber=DestinationPort\r\n                , DstIpAddr=DestinationIP\r\n                , DvcIpAddr=DeviceAddress\r\n                , DvcHostname=DeviceName\r\n                , NetworkApplicationProtocol=Protocol\r\n                , SrcPortNumber=SourcePort\r\n                , SrcIpAddr=SourceIP\r\n                , DstMacAddr=DestinationMACAddress\r\n                , Id=ExternalID\r\n                , SrcDvcHostname=SourceHostName\r\n                , SrcMacAddr=SourceMACAddress\r\n| extend EventType=Activity\r\n| extend ThreatName = column_ifexists(\"anomaly\", \"\")\r\n         , OsInfo = column_ifexists(\"osinfo\", \"\")\r\n         , Malware = column_ifexists(\"osinfo\", \"\")\r\n         , Vlan = column_ifexists(\"osinfo\", \"\")\r\n         , IncidentUrl = column_ifexists(\"osinfo\", \"\")\r\n| extend EventTimeIngested=todatetime(ReceiptTime)\r\n| project-away Activity\r\n            , ReceiptTime\r\n            , DeviceCustomNumber1\r\n            , DeviceCustomNumber1Label\r\n            , DeviceCustomNumber2\r\n            , DeviceCustomNumber2Label\r\n            , DeviceCustomNumber3\r\n            , DeviceCustomNumber3Label\r\n            , DeviceCustomString1\r\n            , DeviceCustomString1Label\r\n            , DeviceCustomString2\r\n            , DeviceCustomString2Label\r\n            , DeviceCustomString3\r\n            , DeviceCustomString3Label\r\n            , DeviceCustomString4\r\n            , DeviceCustomString4Label\r\n            , DeviceCustomString5\r\n            , DeviceCustomString5Label\r\n            , DeviceCustomString6\r\n            , DeviceCustomString6Label",
-        "version": 1
+        "query": "CommonSecurityLog\n| where DeviceVendor =~ 'FireEye'\n|extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n\t\tDeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\n\t\tDeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3),\n        ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\n| extend packed = pack(DeviceCustomNumber1Label, DeviceCustomNumber1\n                     , DeviceCustomNumber2Label, DeviceCustomNumber2\n                     , DeviceCustomNumber3Label, DeviceCustomNumber3\n                     , DeviceCustomString1Label, DeviceCustomString1\n                     , DeviceCustomString2Label, DeviceCustomString2\n                     , DeviceCustomString3Label, DeviceCustomString3\n                     , DeviceCustomString4Label, DeviceCustomString4\n                     , DeviceCustomString5Label, DeviceCustomString5\n                     , DeviceCustomString6Label, DeviceCustomString6\n                     , DeviceCustomDate1Label, DeviceCustomDate1\n                     , DeviceCustomDate2Label, DeviceCustomDate2)\n| evaluate bag_unpack(packed)\n| project-rename EventVendor=DeviceVendor\n                , EventProduct=DeviceProduct\n                , EventProductVersion=DeviceVersion\n                , EventId=DeviceEventClassID\n                , EventSeverity=LogSeverity\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DvcIpAddr=DeviceAddress\n                , DvcHostname=DeviceName\n                , NetworkApplicationProtocol=Protocol\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , DstMacAddr=DestinationMACAddress\n                , Id=ExternalID\n                , SrcDvcHostname=SourceHostName\n                , SrcMacAddr=SourceMACAddress\n| extend EventType=Activity\n| extend ThreatName = column_ifexists(\"anomaly\", \"\")\n         , OsInfo = column_ifexists(\"osinfo\", \"\")\n         , Malware = column_ifexists(\"osinfo\", \"\")\n         , Vlan = column_ifexists(\"osinfo\", \"\")\n         , IncidentUrl = column_ifexists(\"osinfo\", \"\")\n| extend EventTimeIngested=todatetime(ReceiptTime)\n| project-away Activity\n            , ReceiptTime\n            , DeviceCustomNumber1\n            , DeviceCustomNumber1Label\n            , DeviceCustomNumber2\n            , DeviceCustomNumber2Label\n            , DeviceCustomNumber3\n            , DeviceCustomNumber3Label\n            , DeviceCustomString1\n            , DeviceCustomString1Label\n            , DeviceCustomString2\n            , DeviceCustomString2Label\n            , DeviceCustomString3\n            , DeviceCustomString3Label\n            , DeviceCustomString4\n            , DeviceCustomString4Label\n            , DeviceCustomString5\n            , DeviceCustomString5Label\n            , DeviceCustomString6\n            , DeviceCustomString6Label\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -539,13 +875,20 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.2",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "FireEye Network Security",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.fireeye.com/products/network-security.html\">FireEye Network Security (NX)</a> solution provides the capability to ingest FireEye Network Security logs into Microsoft Sentinel.</p>\n<ol>\n<li><p><strong>FireEye Network Security via AMA</strong> - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>FireEye Network Security via Legacy Agent</strong> - This data connector helps in ingesting FireEye Network Security logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of FireEye Network Security via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -571,6 +914,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
+            },
             {
               "kind": "Parser",
               "contentId": "[variables('_parserContentId1')]",
diff --git a/Solutions/FireEye Network Security/ReleaseNotes.md b/Solutions/FireEye Network Security/ReleaseNotes.md
new file mode 100644
index 00000000000..15434339cfa
--- /dev/null
+++ b/Solutions/FireEye Network Security/ReleaseNotes.md	
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 01-09-2023                     |	Addition of new FireEye Network Security AMA **Data Connector** | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml
index 61639766c0f..710ff06ab9c 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml	
@@ -1,7 +1,7 @@
 id: dc7af829-d716-4774-9d6f-03d9aa7c27a4
 name: Infoblox - High Threat Level Query Not Blocked Detected
 description: |
-  'At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+  'At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -63,5 +63,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml
index 5fef11bdd9a..c56f9679f86 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml	
@@ -1,7 +1,7 @@
 id: 99278700-79ca-4b0f-b416-bf57ec699e1a
 name: Infoblox - Many High Threat Level Single Query Detected
 description: |
-  'Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+  'Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -47,5 +47,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml
index fd8489eb3ce..c49af07ada3 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml	
@@ -1,7 +1,7 @@
 id: 568730be-b39d-45e3-a392-941e00837d52
 name: Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains
 description: |
-  'InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+  'InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -75,5 +75,5 @@ eventGroupingSettings:
   aggregationKind: SingleAlert
 incidentConfiguration:
   createIncident: true
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Data Connectors/InfobloxCloudDataConnector.json b/Solutions/Infoblox Cloud Data Connector/Data Connectors/InfobloxCloudDataConnector.json
index aa6effa62c0..b769a0cf022 100644
--- a/Solutions/Infoblox Cloud Data Connector/Data Connectors/InfobloxCloudDataConnector.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Data Connectors/InfobloxCloudDataConnector.json	
@@ -123,7 +123,7 @@
         },
         {
             "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent",
-            "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Azure-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Azure-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate."
+            "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n1. Navigate to **Manage > Data Connector**.\n2. Click the **Destination Configuration** tab at the top.\n3. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Microsoft-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n4. Click the **Traffic Flow Configuration** tab at the top.\n5. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Microsoft-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **Service Instance** section. \n    - **Service Instance**: Select your desired Service Instance for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n6. Allow the configuration some time to activate."
         },
         {
             "title": "3. Validate connection",
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip b/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip
index fa819f766a6..f354f27d0c5 100644
Binary files a/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip and b/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip differ
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json b/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json
index d062e6418eb..a46f3200f1f 100644
--- a/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json	
@@ -1,302 +1,302 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
-  "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-  "parameters": {
-    "config": {
-      "isWizard": false,
-      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20Cloud%20Data%20Connector/ReleaseNotes.md)\r \n There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 8, **Playbooks:** 11\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
-        "subscription": {
-          "resourceProviders": [
-            "Microsoft.OperationsManagement/solutions",
-            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
-            "Microsoft.Insights/workbooks",
-            "Microsoft.Logic/workflows"
-          ]
-        },
-        "location": {
-          "metadata": {
-            "hidden": "Hiding location, we get it from the log analytics workspace"
+  {
+    "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+    "handler": "Microsoft.Azure.CreateUIDef",
+    "version": "0.1.2-preview",
+    "parameters": {
+      "config": {
+        "isWizard": false,
+        "basics": {
+          "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n **Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20Cloud%20Data%20Connector/ReleaseNotes.md). \r \n • Review the TIDE Threat Intelligence playbooks and their installation [here](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Playbooks). \r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution. \n\nThe [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 8, **Playbooks:** 11\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+          "subscription": {
+            "resourceProviders": [
+              "Microsoft.OperationsManagement/solutions",
+              "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+              "Microsoft.Insights/workbooks",
+              "Microsoft.Logic/workflows"
+            ]
           },
-          "visible": false
-        },
-        "resourceGroup": {
-          "allowExisting": true
-        }
-      }
-    },
-    "basics": [
-      {
-        "name": "getLAWorkspace",
-        "type": "Microsoft.Solutions.ArmApiControl",
-        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
-        "condition": "[greater(length(resourceGroup().name),0)]",
-        "request": {
-          "method": "GET",
-          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+          "location": {
+            "metadata": {
+              "hidden": "Hiding location, we get it from the log analytics workspace"
+            },
+            "visible": false
+          },
+          "resourceGroup": {
+            "allowExisting": true
+          }
         }
       },
-      {
-        "name": "workspace",
-        "type": "Microsoft.Common.DropDown",
-        "label": "Workspace",
-        "placeholder": "Select a workspace",
-        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
-        "constraints": {
-          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
-          "required": true
+      "basics": [
+        {
+          "name": "getLAWorkspace",
+          "type": "Microsoft.Solutions.ArmApiControl",
+          "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+          "condition": "[greater(length(resourceGroup().name),0)]",
+          "request": {
+            "method": "GET",
+            "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+          }
         },
-        "visible": true
-      }
-    ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Infoblox Cloud Data Connector. You can get Infoblox Cloud Data Connector CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
+        {
+          "name": "workspace",
+          "type": "Microsoft.Common.DropDown",
+          "label": "Workspace",
+          "placeholder": "Select a workspace",
+          "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+          "constraints": {
+            "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+            "required": true
           },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+          "visible": true
+        }
+      ],
+      "steps": [
+        {
+          "name": "dataconnectors",
+          "label": "Data Connectors",
+          "bladeTitle": "Data Connectors",
+          "elements": [
+            {
+              "name": "dataconnectors1-text",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "text": "This Solution installs the data connector for Infoblox Cloud Data Connector. You can get Infoblox Cloud Data Connector CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              }
+            },
+            {
+              "name": "dataconnectors-parser-text",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
+              }
+            },
+            {
+              "name": "dataconnectors-link2",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "link": {
+                  "label": "Learn more about connecting data sources",
+                  "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+                }
               }
             }
-          }
-        ]
-      },
-      {
-        "name": "workbooks",
-        "label": "Workbooks",
-        "subLabel": {
-          "preValidation": "Configure the workbooks",
-          "postValidation": "Done"
+          ]
         },
-        "bladeTitle": "Workbooks",
-        "elements": [
-          {
-            "name": "workbooks-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
-            }
+        {
+          "name": "workbooks",
+          "label": "Workbooks",
+          "subLabel": {
+            "preValidation": "Configure the workbooks",
+            "postValidation": "Done"
           },
-          {
-            "name": "workbooks-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
+          "bladeTitle": "Workbooks",
+          "elements": [
+            {
+              "name": "workbooks-text",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
               }
-            }
-          },
-          {
-            "name": "workbook1",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox Cloud Data Connector",
-            "elements": [
-              {
-                "name": "workbook1-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "Sets the time name for analysis"
+            },
+            {
+              "name": "workbooks-link",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "link": {
+                  "label": "Learn more",
+                  "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
                 }
               }
-            ]
-          }
-        ]
-      },
-      {
-        "name": "analytics",
-        "label": "Analytics",
-        "subLabel": {
-          "preValidation": "Configure the analytics",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Analytics",
-        "elements": [
-          {
-            "name": "analytics-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
+            },
+            {
+              "name": "workbook1",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox Cloud Data Connector Workbook",
+              "elements": [
+                {
+                  "name": "workbook1-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. This workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud solution. Drilldown your data and visualize events, trends, and anomalous changes over time."
+                  }
+                }
+              ]
             }
+          ]
+        },
+        {
+          "name": "analytics",
+          "label": "Analytics",
+          "subLabel": {
+            "preValidation": "Configure the analytics",
+            "postValidation": "Done"
           },
-          {
-            "name": "analytics-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+          "bladeTitle": "Analytics",
+          "elements": [
+            {
+              "name": "analytics-text",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
               }
-            }
-          },
-          {
-            "name": "analytic1",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - Data Exfiltration Attack",
-            "elements": [
-              {
-                "name": "analytic1-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
+            },
+            {
+              "name": "analytics-link",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "link": {
+                  "label": "Learn more",
+                  "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
                 }
               }
-            ]
-          },
-          {
-            "name": "analytic2",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - High Threat Level Query Not Blocked Detected",
-            "elements": [
-              {
-                "name": "analytic2-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+            },
+            {
+              "name": "analytic1",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - Data Exfiltration Attack",
+              "elements": [
+                {
+                  "name": "analytic1-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more."
+                  }
                 }
-              }
-            ]
-          },
-          {
-            "name": "analytic3",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - Many High Threat Level Queries From Single Host Detected",
-            "elements": [
-              {
-                "name": "analytic3-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
+              ]
+            },
+            {
+              "name": "analytic2",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - High Threat Level Query Not Blocked Detected",
+              "elements": [
+                {
+                  "name": "analytic2-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more."
+                  }
                 }
-              }
-            ]
-          },
-          {
-            "name": "analytic4",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - Many High Threat Level Single Query Detected",
-            "elements": [
-              {
-                "name": "analytic4-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+              ]
+            },
+            {
+              "name": "analytic3",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - Many High Threat Level Queries From Single Host Detected",
+              "elements": [
+                {
+                  "name": "analytic3-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more."
+                  }
                 }
-              }
-            ]
-          },
-          {
-            "name": "analytic5",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - Many NXDOMAIN DNS Responses Detected",
-            "elements": [
-              {
-                "name": "analytic5-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
+              ]
+            },
+            {
+              "name": "analytic4",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - Many High Threat Level Single Query Detected",
+              "elements": [
+                {
+                  "name": "analytic4-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more."
+                  }
                 }
-              }
-            ]
-          },
-          {
-            "name": "analytic6",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - TI - CommonSecurityLog Match Found - MalwareC2",
-            "elements": [
-              {
-                "name": "analytic6-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "CommonSecurityLog (CEF) MalwareC2/MalwareC2DGA match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+              ]
+            },
+            {
+              "name": "analytic5",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - Many NXDOMAIN DNS Responses Detected",
+              "elements": [
+                {
+                  "name": "analytic5-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more."
+                  }
                 }
-              }
-            ]
-          },
-          {
-            "name": "analytic7",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains",
-            "elements": [
-              {
-                "name": "analytic7-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+              ]
+            },
+            {
+              "name": "analytic6",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - TI - CommonSecurityLog Match Found - MalwareC2",
+              "elements": [
+                {
+                  "name": "analytic6-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "CommonSecurityLog (CEF) MalwareC2/MalwareC2DGA match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+                  }
                 }
-              }
-            ]
-          },
-          {
-            "name": "analytic8",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - TI - Syslog Match Found - URL",
-            "elements": [
-              {
-                "name": "analytic8-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "Syslog URL match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+              ]
+            },
+            {
+              "name": "analytic7",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains",
+              "elements": [
+                {
+                  "name": "analytic7-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+                  }
                 }
-              }
-            ]
-          }
-        ]
-      },
-      {
-        "name": "playbooks",
-        "label": "Playbooks",
-        "subLabel": {
-          "preValidation": "Configure the playbooks",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Playbooks",
-        "elements": [
-          {
-            "name": "playbooks-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+              ]
+            },
+            {
+              "name": "analytic8",
+              "type": "Microsoft.Common.Section",
+              "label": "Infoblox - TI - Syslog Match Found - URL",
+              "elements": [
+                {
+                  "name": "analytic8-text",
+                  "type": "Microsoft.Common.TextBlock",
+                  "options": {
+                    "text": "Syslog URL match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+                  }
+                }
+              ]
             }
+          ]
+        },
+        {
+          "name": "playbooks",
+          "label": "Playbooks",
+          "subLabel": {
+            "preValidation": "Configure the playbooks",
+            "postValidation": "Done"
           },
-          {
-            "name": "playbooks-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+          "bladeTitle": "Playbooks",
+          "elements": [
+            {
+              "name": "playbooks-text",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+              }
+            },
+            {
+              "name": "playbooks-link",
+              "type": "Microsoft.Common.TextBlock",
+              "options": {
+                "link": {
+                  "label": "Learn more",
+                  "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+                }
               }
             }
-          }
-        ]
+          ]
+        }
+      ],
+      "outputs": {
+        "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+        "location": "[location()]",
+        "workspace": "[basics('workspace')]"
       }
-    ],
-    "outputs": {
-      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
-      "location": "[location()]",
-      "workspace": "[basics('workspace')]"
     }
   }
-}
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json b/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json
index 77bf8454296..862fb88f735 100644
--- a/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json	
@@ -57,7 +57,7 @@
     "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
     "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
     "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
-    "analyticRuleVersion2": "1.0.0",
+    "analyticRuleVersion2": "1.0.1",
     "analyticRulecontentId2": "dc7af829-d716-4774-9d6f-03d9aa7c27a4",
     "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
     "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
@@ -69,7 +69,7 @@
     "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
     "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
     "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
-    "analyticRuleVersion4": "1.0.0",
+    "analyticRuleVersion4": "1.0.1",
     "analyticRulecontentId4": "99278700-79ca-4b0f-b416-bf57ec699e1a",
     "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]",
     "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]",
@@ -87,7 +87,7 @@
     "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId6'))]",
     "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId6'))))]",
     "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId6'),'-', variables('analyticRuleVersion6'))))]",
-    "analyticRuleVersion7": "1.0.0",
+    "analyticRuleVersion7": "1.0.1",
     "analyticRulecontentId7": "568730be-b39d-45e3-a392-941e00837d52",
     "_analyticRulecontentId7": "[variables('analyticRulecontentId7')]",
     "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId7'))]",
@@ -233,7 +233,7 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "Sets the time name for analysis"
+                "description": "Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. This workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud solution. Drilldown your data and visualize events, trends, and anomalous changes over time."
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
@@ -248,7 +248,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=InfobloxCDCB1TDWorkbook; logoFileName=infoblox_logo.svg; description=Sets the time name for analysis; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Infoblox Cloud Data Connector; templateRelativePath=InfobloxCDCB1TDWorkbook.json; subtitle=; provider=InfoBlox}.description",
+                "description": "@{workbookKey=InfobloxCDCB1TDWorkbook; logoFileName=infoblox_logo.svg; description=Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. This workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud solution. Drilldown your data and visualize events, trends, and anomalous changes over time.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Infoblox Cloud Data Connector; templateRelativePath=InfobloxCDCB1TDWorkbook.json; subtitle=; provider=InfoBlox}.description",
                 "parentId": "[variables('workbookId1')]",
                 "contentId": "[variables('_workbookContentId1')]",
                 "kind": "Workbook",
@@ -473,7 +473,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "description": "At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
                 "displayName": "Infoblox - High Threat Level Query Not Blocked Detected",
                 "enabled": false,
                 "query": "let threshold = 1;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >=80\n| where InfobloxB1PolicyAction == \"Log\" or SimplifiedDeviceAction == \"PASSTHRU\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where ThreatLevel_Score >=80\n  | where InfobloxB1PolicyAction == \"Log\" or SimplifiedDeviceAction == \"PASSTHRU\"\n  ) on SourceIP\n",
@@ -759,7 +759,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "description": "Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
                 "displayName": "Infoblox - Many High Threat Level Single Query Detected",
                 "enabled": false,
                 "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >= 80\n| summarize count() by DestinationDnsDomain\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where ThreatLevel_Score >= 80\n  ) on DestinationDnsDomain\n",
@@ -1158,7 +1158,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "description": "InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
                 "displayName": "Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains",
                 "enabled": false,
                 "query": "let dt_lookBack = 1h;\nlet ioc_lookBack = 14d;\nlet TI = ThreatIntelligenceIndicator\n| where TimeGenerated >= ago(ioc_lookBack)\n| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId\n| where Active == true and ExpirationDateTime > now()  \n| where Description == \"Infoblox - HOST - Policy\"\n| where Tags has_cs \"Property: Policy_LookalikeDomains\" \n| where isnotempty(DomainName)\n;\nlet Data = InfobloxCDC\n| extend HitTime = TimeGenerated\n| where TimeGenerated >= ago(dt_lookBack)\n| where isnotempty(DestinationDnsDomain)\n//Remove trailing period at end of domain\n| extend DestinationDnsDomain = trim_end(@\"\\.$\", DestinationDnsDomain)\n;\nTI | join kind=innerunique Data on $left.DomainName == $right.DestinationDnsDomain\n| where HitTime >= TimeGenerated and HitTime < ExpirationDateTime\n| project LatestIndicatorTime, HitTime, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested, \nAdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags\n",
@@ -1583,7 +1583,7 @@
                       "title": "1. Linux Syslog agent configuration"
                     },
                     {
-                      "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Azure-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Azure-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate.",
+                      "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n1. Navigate to **Manage > Data Connector**.\n2. Click the **Destination Configuration** tab at the top.\n3. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Microsoft-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n4. Click the **Traffic Flow Configuration** tab at the top.\n5. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Microsoft-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **Service Instance** section. \n    - **Service Instance**: Select your desired Service Instance for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n6. Allow the configuration some time to activate.",
                       "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent"
                     },
                     {
@@ -1804,7 +1804,7 @@
               "title": "1. Linux Syslog agent configuration"
             },
             {
-              "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Azure-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Azure-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate.",
+              "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n1. Navigate to **Manage > Data Connector**.\n2. Click the **Destination Configuration** tab at the top.\n3. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Microsoft-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n4. Click the **Traffic Flow Configuration** tab at the top.\n5. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Microsoft-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **Service Instance** section. \n    - **Service Instance**: Select your desired Service Instance for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n6. Allow the configuration some time to activate.",
               "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent"
             },
             {
diff --git a/Solutions/KasperskySecurityCenter/Data Connectors/Connector_KasperskySC_CEF.json b/Solutions/KasperskySecurityCenter/Data Connectors/Connector_KasperskySC_CEF.json
index 5ca934b065c..27dd2a384ab 100644
--- a/Solutions/KasperskySecurityCenter/Data Connectors/Connector_KasperskySC_CEF.json	
+++ b/Solutions/KasperskySecurityCenter/Data Connectors/Connector_KasperskySC_CEF.json	
@@ -1,6 +1,6 @@
 {
     "id": "KasperskySC",
-    "title": "Kaspersky Security Center",
+    "title": "[Deprecated] Kaspersky Security Center via Legacy Agent",
     "publisher": "KasperskyLab",
     "descriptionMarkdown": "The [Kaspersky Security Center](https://support.kaspersky.com/KSC/13/en-US/3396.htm) data connector provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.",
     "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
diff --git a/Solutions/KasperskySecurityCenter/Data Connectors/template_KasperskySCAMA.json b/Solutions/KasperskySecurityCenter/Data Connectors/template_KasperskySCAMA.json
new file mode 100644
index 00000000000..8e8f9a0232a
--- /dev/null
+++ b/Solutions/KasperskySecurityCenter/Data Connectors/template_KasperskySCAMA.json	
@@ -0,0 +1,119 @@
+{
+    "id": "KasperskySCAma",
+    "title": "[Recommended] Kaspersky Security Center via AMA",
+    "publisher": "KasperskyLab",
+    "descriptionMarkdown": "The [Kaspersky Security Center](https://support.kaspersky.com/KSC/13/en-US/3396.htm) data connector provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.",
+    "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "KasperskySC",
+            "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "Top 10 Destinations",
+            "query": "KasperskySCEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "CommonSecurityLog (KasperskySC)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "write": true,
+                    "read": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ],
+		"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+    },
+    "instructionSteps": [
+        { 
+            "title": "", 
+            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
+            "instructions": [ 
+			 {
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B.  Configure Kaspersky Security Center to send logs using CEF",
+                                "description": "[Follow the instructions](https://support.kaspersky.com/KSC/13/en-US/89277.htm) to configure event export from Kaspersky Security Center.",
+                                "instructions": [
+                                ]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ]    
+        },
+        
+    
+        
+        
+        {
+            "title": "2. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ]
+}
diff --git a/Solutions/KasperskySecurityCenter/Data/Solution_Kaspersky Security Center.json b/Solutions/KasperskySecurityCenter/Data/Solution_Kaspersky Security Center.json
index a9a4b6972bf..5a91eb30557 100644
--- a/Solutions/KasperskySecurityCenter/Data/Solution_Kaspersky Security Center.json	
+++ b/Solutions/KasperskySecurityCenter/Data/Solution_Kaspersky Security Center.json	
@@ -2,16 +2,17 @@
   "Name": "KasperskySecurityCenter",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Kaspersky Security Center](https://ksc.kaspersky.com/) solution provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.\r\n  \r\n **Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n  a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)",
+  "Description": "The [Kaspersky Security Center](https://ksc.kaspersky.com/) solution provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.\n\r\n1. **KasperskySecurityCenter via AMA** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **KasperskySecurityCenter via Legacy Agent** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of KasperskySecurityCenter via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Data Connectors": [
-    "Data Connectors/Connector_KasperskySC_CEF.json"
-  ],
+    "Data Connectors/Connector_KasperskySC_CEF.json",
+	"Data Connectors/template_KasperskySCAMA.json"
+	],
   "Parsers": [
-    "Parsers/KasperskySCEvent.txt"
+    "Parsers/KasperskySCEvent.yaml"
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\KasperskySecurityCenter",
-  "Version": "2.0.1",
+  "Version": "3.0.0",
   "TemplateSpec": true,
   "Is1PConnector": false
 }
\ No newline at end of file
diff --git a/Solutions/KasperskySecurityCenter/Data/system_generated_metadata.json b/Solutions/KasperskySecurityCenter/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..77945181dba
--- /dev/null
+++ b/Solutions/KasperskySecurityCenter/Data/system_generated_metadata.json
@@ -0,0 +1,30 @@
+{
+  "Name": "KasperskySecurityCenter",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [Kaspersky Security Center](https://ksc.kaspersky.com/) solution provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.\n\r\n1. **KasperskySecurityCenter via AMA** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **KasperskySecurityCenter via Legacy Agent** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of KasperskySecurityCenter via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\KasperskySecurityCenter",
+  "Version": "3.0.0",
+  "TemplateSpec": true,
+  "Is1PConnector": false,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-kasperskysc",
+  "providers": [
+    "Kaspersky"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Threat Protection"
+    ]
+  },
+  "firstPublishDate": "2021-09-28",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/Connector_KasperskySC_CEF.json\"\n]",
+  "Parsers": "[\n  \"KasperskySCEvent.yaml\"\n]"
+}
diff --git a/Solutions/KasperskySecurityCenter/Package/3.0.0.zip b/Solutions/KasperskySecurityCenter/Package/3.0.0.zip
new file mode 100644
index 00000000000..334fed5025b
Binary files /dev/null and b/Solutions/KasperskySecurityCenter/Package/3.0.0.zip differ
diff --git a/Solutions/KasperskySecurityCenter/Package/createUiDefinition.json b/Solutions/KasperskySecurityCenter/Package/createUiDefinition.json
index f14fe058817..bc7d892952f 100644
--- a/Solutions/KasperskySecurityCenter/Package/createUiDefinition.json
+++ b/Solutions/KasperskySecurityCenter/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Kaspersky Security Center](https://ksc.kaspersky.com/) solution provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.\r\n  \r\n **Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n  a. [Agent-based log collection (Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-syslog)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/KasperskySecurityCenter/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Kaspersky Security Center](https://ksc.kaspersky.com/) solution provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.\n\r\n1. **KasperskySecurityCenter via AMA** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **KasperskySecurityCenter via Legacy Agent** - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of KasperskySecurityCenter via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,14 +60,15 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector for ingesting Kaspersky Security Center events in the CEF format into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for KasperskySecurityCenter. You can get KasperskySecurityCenter CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
+        
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the KasperskySCEvent Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
             }
           },
           {
diff --git a/Solutions/KasperskySecurityCenter/Package/mainTemplate.json b/Solutions/KasperskySecurityCenter/Package/mainTemplate.json
index 063ed4ceafc..6ae5ef4e134 100644
--- a/Solutions/KasperskySecurityCenter/Package/mainTemplate.json
+++ b/Solutions/KasperskySecurityCenter/Package/mainTemplate.json
@@ -30,57 +30,52 @@
     }
   },
   "variables": {
-    "solutionId": "azuresentinel.azure-sentinel-solution-kasperskysc",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "KasperskySecurityCenter",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "azuresentinel.azure-sentinel-solution-kasperskysc",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "KasperskySC",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "KasperskySC",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "KasperskySCEvent-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "KasperskySCAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "KasperskySCAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "parserName1": "KasperskySecurityCenter Data Parser",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]"
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "KasperskySCEvent-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "KasperskySecurityCenter data connector with template",
-        "displayName": "KasperskySecurityCenter template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "KasperskySecurityCenter data connector with template version 2.0.1",
+        "description": "KasperskySecurityCenter data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -96,7 +91,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "Kaspersky Security Center",
+                  "title": "[Deprecated] Kaspersky Security Center via Legacy Agent",
                   "publisher": "KasperskyLab",
                   "descriptionMarkdown": "The [Kaspersky Security Center](https://support.kaspersky.com/KSC/13/en-US/3396.htm) data connector provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.",
                   "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
@@ -219,7 +214,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -244,12 +239,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] Kaspersky Security Center via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -285,7 +291,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "Kaspersky Security Center",
+          "title": "[Deprecated] Kaspersky Security Center via Legacy Agent",
           "publisher": "KasperskyLab",
           "descriptionMarkdown": "The [Kaspersky Security Center](https://support.kaspersky.com/KSC/13/en-US/3396.htm) data connector provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.",
           "graphQueries": [
@@ -408,33 +414,344 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
-      "name": "[variables('parserTemplateSpecName1')]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "description": "KasperskySCEvent Data Parser with template",
-        "displayName": "KasperskySCEvent Data Parser template"
+        "description": "KasperskySecurityCenter data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] Kaspersky Security Center via AMA",
+                  "publisher": "KasperskyLab",
+                  "descriptionMarkdown": "The [Kaspersky Security Center](https://support.kaspersky.com/KSC/13/en-US/3396.htm) data connector provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.",
+                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "KasperskySC",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Top 10 Destinations",
+                      "query": "KasperskySCEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (KasperskySC)",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                                
+                              },
+                              {
+                                "title": "Step B.  Configure Kaspersky Security Center to send logs using CEF",
+                                "description": "[Follow the instructions](https://support.kaspersky.com/KSC/13/en-US/89277.htm) to configure event export from Kaspersky Security Center."
+                                
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "KasperskySecurityCenter",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] Kaspersky Security Center via AMA",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId2')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion2')]",
+        "source": {
+          "kind": "Solution",
+          "name": "KasperskySecurityCenter",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Microsoft Corporation",
+          "email": "support@microsoft.com",
+          "tier": "Microsoft",
+          "link": "https://support.microsoft.com"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "[Recommended] Kaspersky Security Center via AMA",
+          "publisher": "KasperskyLab",
+          "descriptionMarkdown": "The [Kaspersky Security Center](https://support.kaspersky.com/KSC/13/en-US/3396.htm) data connector provides the capability to ingest [Kaspersky Security Center logs](https://support.kaspersky.com/KSC/13/en-US/151336.htm) into Microsoft Sentinel.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "KasperskySC",
+              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (KasperskySC)",
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'KasperskyLab'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Top 10 Destinations",
+              "query": "KasperskySCEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution.",
+              "instructions": [
+                {
+                  "parameters": {
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                       
+                      },
+                      {
+                        "title": "Step B.  Configure Kaspersky Security Center to send logs using CEF",
+                        "description": "[Follow the instructions](https://support.kaspersky.com/KSC/13/en-US/89277.htm) to configure event export from Kaspersky Security Center."
+                       
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "2. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId2')]",
+          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**KasperskySCEvent**](https://aka.ms/sentinel-kasperskysc-parser) which is deployed with the Microsoft Sentinel Solution."
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "KasperskySCEvent Data Parser with template version 2.0.1",
+        "description": "KasperskySCEvent Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -443,20 +760,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
                 "displayName": "KasperskySecurityCenter Data Parser",
-                "category": "Samples",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "KasperskySCEvent",
-                "query": "\nCommonSecurityLog\r\n| where DeviceVendor =~ 'KasperskyLab'\r\n| extend EventVendor = 'KasperskyLab'\r\n| extend EventProduct = 'SecurityCenter'\r\n| extend EventSchemaVersion = 0.2\r\n| extend EventCount = 1\r\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\r\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\r\n         DeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3)\r\n| extend ExtraAttributes = extract(@'cs7=(.*?);cs7Label', 1, AdditionalExtensions)\r\n| extend GroupName = extract(@'cs9=(.*?);cs9Label', 1, AdditionalExtensions)\r\n| extend Service = extract(@'cs10=(.*?);cs10Label', 1, AdditionalExtensions)\r\n| extend EventEndTime = todatetime(ReceiptTime)\r\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\r\n| project-rename EventProductVersion=DeviceVersion\r\n                , EventId=DeviceEventClassID\r\n                , EventSeverity=LogSeverity\r\n                , DstPortNumber=DestinationPort\r\n                , DstIpAddr=DestinationIP\r\n                , DstDvcHostname=DestinationHostName\r\n                , DstUserName=DestinationUserName\r\n                , DvcIpAddr=DeviceAddress\r\n                , DvcHostname=DeviceName\r\n                , NetworkApplicationProtocol=Protocol\r\n                , SrcPortNumber=SourcePort\r\n                , SrcIpAddr=SourceIP\r\n                , Id=ExternalID\r\n                , SrcDvcHostname=SourceHostName\r\n                , ProductName=DeviceCustomString2\r\n                , ProductVersion=DeviceCustomString3\r\n| extend ThreatName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString1, '')\r\n| extend ObjectName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString5, '')\r\n| extend DetectionType=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString6, '')\r\n| extend TaskOldState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber1, todynamic(''))\r\n| extend TaskNewState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber2, todynamic(''))\r\n| extend TaskName=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString5, '')\r\n| extend TaskId=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString4, '')\r\n| extend EventOriginalResultDetails=Activity\r\n| extend ActingProcessFileProduct = extract(@'Application: (.*?)\\\\[rn]', 1, Message)\r\n| extend ActingProcessName = extract(@'Application\\\\Name: (.*?)\\\\[rn]', 1, Message)\r\n| extend ActingProcessId = extract(@'Process ID: (\\d+)\\\\[rn]', 1, Message)\r\n| extend EventResult = extract(@'Result\\\\\\\\Description: (\\w+)\\\\[rn]', 1, Message)\r\n| extend PossibleImpact = extract(@'Result\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\r\n| extend ThreatLevel = extract(@'Threat level: (.*?)\\\\[rn]', 1, Message)\r\n| extend ResultPrecision = extract(@'Result\\\\\\\\Precision: (\\w+)\\\\[rn]', 1, Message)\r\n| extend Object = extract(@'Object: (.*?)\\\\[rn]', 1, Message)\r\n| extend ObjectType = extract(@'Object\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\r\n| extend ObjectPath = extract(@'Object\\\\\\\\Path: (.*?)\\\\[rn]', 1, Message)\r\n| extend ObjectName = extract(@'Object\\\\\\\\Name: (.*?)\\\\[rn]', 1, Message)\r\n| extend EventReason = extract(@'Reason: (.*?)\\\\[rn]', 1, Message)\r\n| extend EventReason = coalesce(column_ifexists(\"Reason\",\"\"),EventReason)\r\n| extend DatabaseReleaseTime = todatetime(extract(@'Database release date: (\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})', 1, replace_regex(Message, @'Database release date: (\\d{2})/(\\d{2})/(\\d{4}) (\\d{2}:\\d{2}:\\d{2})', @'Database release date: \\3-\\2-\\1 \\4')))\r\n| project-away Message\r\n            , Activity\r\n            , ReceiptTime\r\n            , DeviceVendor\r\n            , DeviceProduct\r\n            , DeviceCustomNumber1\r\n            , DeviceCustomNumber1Label\r\n            , DeviceCustomNumber2\r\n            , DeviceCustomNumber2Label\r\n            , DeviceCustomString1\r\n            , DeviceCustomString1Label\r\n            , DeviceCustomString2Label\r\n            , DeviceCustomString3Label\r\n            , DeviceCustomString4\r\n            , DeviceCustomString4Label\r\n            , DeviceCustomString5\r\n            , DeviceCustomString5Label\r\n            , DeviceCustomString6\r\n            , DeviceCustomString6Label\r\n            , AdditionalExtensions\r\n",
-                "version": 1,
+                "query": "CommonSecurityLog\n| where DeviceVendor =~ 'KasperskyLab'\n| extend EventVendor = 'KasperskyLab'\n| extend EventProduct = 'SecurityCenter'\n| extend EventSchemaVersion = 0.2\n| extend EventCount = 1\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\n         DeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3)\n| extend ExtraAttributes = extract(@'cs7=(.*?);cs7Label', 1, AdditionalExtensions)\n| extend GroupName = extract(@'cs9=(.*?);cs9Label', 1, AdditionalExtensions)\n| extend Service = extract(@'cs10=(.*?);cs10Label', 1, AdditionalExtensions)\n| extend EventEndTime = todatetime(ReceiptTime)\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\n| project-rename EventProductVersion=DeviceVersion\n                , EventId=DeviceEventClassID\n                , EventSeverity=LogSeverity\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DstDvcHostname=DestinationHostName\n                , DstUserName=DestinationUserName\n                , DvcIpAddr=DeviceAddress\n                , DvcHostname=DeviceName\n                , NetworkApplicationProtocol=Protocol\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , Id=ExternalID\n                , SrcDvcHostname=SourceHostName\n                , ProductName=DeviceCustomString2\n                , ProductVersion=DeviceCustomString3\n| extend ThreatName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString1, '')\n| extend ObjectName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString5, '')\n| extend DetectionType=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString6, '')\n| extend TaskOldState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber1, todynamic(''))\n| extend TaskNewState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber2, todynamic(''))\n| extend TaskName=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString5, '')\n| extend TaskId=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString4, '')\n| extend EventOriginalResultDetails=Activity\n| extend ActingProcessFileProduct = extract(@'Application: (.*?)\\\\[rn]', 1, Message)\n| extend ActingProcessName = extract(@'Application\\\\Name: (.*?)\\\\[rn]', 1, Message)\n| extend ActingProcessId = extract(@'Process ID: (\\d+)\\\\[rn]', 1, Message)\n| extend EventResult = extract(@'Result\\\\\\\\Description: (\\w+)\\\\[rn]', 1, Message)\n| extend PossibleImpact = extract(@'Result\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\n| extend ThreatLevel = extract(@'Threat level: (.*?)\\\\[rn]', 1, Message)\n| extend ResultPrecision = extract(@'Result\\\\\\\\Precision: (\\w+)\\\\[rn]', 1, Message)\n| extend Object = extract(@'Object: (.*?)\\\\[rn]', 1, Message)\n| extend ObjectType = extract(@'Object\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\n| extend ObjectPath = extract(@'Object\\\\\\\\Path: (.*?)\\\\[rn]', 1, Message)\n| extend ObjectName = extract(@'Object\\\\\\\\Name: (.*?)\\\\[rn]', 1, Message)\n| extend EventReason = extract(@'Reason: (.*?)\\\\[rn]', 1, Message)\n| extend EventReason = coalesce(column_ifexists(\"Reason\",\"\"),EventReason)\n| extend DatabaseReleaseTime = todatetime(extract(@'Database release date: (\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})', 1, replace_regex(Message, @'Database release date: (\\d{2})/(\\d{2})/(\\d{4}) (\\d{2}:\\d{2}:\\d{2})', @'Database release date: \\3-\\2-\\1 \\4')))\n| project-away Message\n            , Activity\n            , ReceiptTime\n            , DeviceVendor\n            , DeviceProduct\n            , DeviceCustomNumber1\n            , DeviceCustomNumber1Label\n            , DeviceCustomNumber2\n            , DeviceCustomNumber2Label\n            , DeviceCustomString1\n            , DeviceCustomString1Label\n            , DeviceCustomString2Label\n            , DeviceCustomString3Label\n            , DeviceCustomString4\n            , DeviceCustomString4Label\n            , DeviceCustomString5\n            , DeviceCustomString5Label\n            , DeviceCustomString6\n            , DeviceCustomString6Label\n            , AdditionalExtensions\n",
+                "functionParameters": "",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "KasperskySecurityCenter Data Parser"
+                    "value": ""
                   }
                 ]
               }
@@ -491,21 +809,39 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "KasperskySecurityCenter Data Parser",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-      "apiVersion": "2021-06-01",
+      "apiVersion": "2022-10-01",
       "name": "[variables('_parserName1')]",
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
         "displayName": "KasperskySecurityCenter Data Parser",
-        "category": "Samples",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "KasperskySCEvent",
-        "query": "\nCommonSecurityLog\r\n| where DeviceVendor =~ 'KasperskyLab'\r\n| extend EventVendor = 'KasperskyLab'\r\n| extend EventProduct = 'SecurityCenter'\r\n| extend EventSchemaVersion = 0.2\r\n| extend EventCount = 1\r\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\r\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\r\n         DeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3)\r\n| extend ExtraAttributes = extract(@'cs7=(.*?);cs7Label', 1, AdditionalExtensions)\r\n| extend GroupName = extract(@'cs9=(.*?);cs9Label', 1, AdditionalExtensions)\r\n| extend Service = extract(@'cs10=(.*?);cs10Label', 1, AdditionalExtensions)\r\n| extend EventEndTime = todatetime(ReceiptTime)\r\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\r\n| project-rename EventProductVersion=DeviceVersion\r\n                , EventId=DeviceEventClassID\r\n                , EventSeverity=LogSeverity\r\n                , DstPortNumber=DestinationPort\r\n                , DstIpAddr=DestinationIP\r\n                , DstDvcHostname=DestinationHostName\r\n                , DstUserName=DestinationUserName\r\n                , DvcIpAddr=DeviceAddress\r\n                , DvcHostname=DeviceName\r\n                , NetworkApplicationProtocol=Protocol\r\n                , SrcPortNumber=SourcePort\r\n                , SrcIpAddr=SourceIP\r\n                , Id=ExternalID\r\n                , SrcDvcHostname=SourceHostName\r\n                , ProductName=DeviceCustomString2\r\n                , ProductVersion=DeviceCustomString3\r\n| extend ThreatName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString1, '')\r\n| extend ObjectName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString5, '')\r\n| extend DetectionType=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString6, '')\r\n| extend TaskOldState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber1, todynamic(''))\r\n| extend TaskNewState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber2, todynamic(''))\r\n| extend TaskName=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString5, '')\r\n| extend TaskId=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString4, '')\r\n| extend EventOriginalResultDetails=Activity\r\n| extend ActingProcessFileProduct = extract(@'Application: (.*?)\\\\[rn]', 1, Message)\r\n| extend ActingProcessName = extract(@'Application\\\\Name: (.*?)\\\\[rn]', 1, Message)\r\n| extend ActingProcessId = extract(@'Process ID: (\\d+)\\\\[rn]', 1, Message)\r\n| extend EventResult = extract(@'Result\\\\\\\\Description: (\\w+)\\\\[rn]', 1, Message)\r\n| extend PossibleImpact = extract(@'Result\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\r\n| extend ThreatLevel = extract(@'Threat level: (.*?)\\\\[rn]', 1, Message)\r\n| extend ResultPrecision = extract(@'Result\\\\\\\\Precision: (\\w+)\\\\[rn]', 1, Message)\r\n| extend Object = extract(@'Object: (.*?)\\\\[rn]', 1, Message)\r\n| extend ObjectType = extract(@'Object\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\r\n| extend ObjectPath = extract(@'Object\\\\\\\\Path: (.*?)\\\\[rn]', 1, Message)\r\n| extend ObjectName = extract(@'Object\\\\\\\\Name: (.*?)\\\\[rn]', 1, Message)\r\n| extend EventReason = extract(@'Reason: (.*?)\\\\[rn]', 1, Message)\r\n| extend EventReason = coalesce(column_ifexists(\"Reason\",\"\"),EventReason)\r\n| extend DatabaseReleaseTime = todatetime(extract(@'Database release date: (\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})', 1, replace_regex(Message, @'Database release date: (\\d{2})/(\\d{2})/(\\d{4}) (\\d{2}:\\d{2}:\\d{2})', @'Database release date: \\3-\\2-\\1 \\4')))\r\n| project-away Message\r\n            , Activity\r\n            , ReceiptTime\r\n            , DeviceVendor\r\n            , DeviceProduct\r\n            , DeviceCustomNumber1\r\n            , DeviceCustomNumber1Label\r\n            , DeviceCustomNumber2\r\n            , DeviceCustomNumber2Label\r\n            , DeviceCustomString1\r\n            , DeviceCustomString1Label\r\n            , DeviceCustomString2Label\r\n            , DeviceCustomString3Label\r\n            , DeviceCustomString4\r\n            , DeviceCustomString4Label\r\n            , DeviceCustomString5\r\n            , DeviceCustomString5Label\r\n            , DeviceCustomString6\r\n            , DeviceCustomString6Label\r\n            , AdditionalExtensions\r\n",
-        "version": 1
+        "query": "CommonSecurityLog\n| where DeviceVendor =~ 'KasperskyLab'\n| extend EventVendor = 'KasperskyLab'\n| extend EventProduct = 'SecurityCenter'\n| extend EventSchemaVersion = 0.2\n| extend EventCount = 1\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\n         DeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3)\n| extend ExtraAttributes = extract(@'cs7=(.*?);cs7Label', 1, AdditionalExtensions)\n| extend GroupName = extract(@'cs9=(.*?);cs9Label', 1, AdditionalExtensions)\n| extend Service = extract(@'cs10=(.*?);cs10Label', 1, AdditionalExtensions)\n| extend EventEndTime = todatetime(ReceiptTime)\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\n| project-rename EventProductVersion=DeviceVersion\n                , EventId=DeviceEventClassID\n                , EventSeverity=LogSeverity\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DstDvcHostname=DestinationHostName\n                , DstUserName=DestinationUserName\n                , DvcIpAddr=DeviceAddress\n                , DvcHostname=DeviceName\n                , NetworkApplicationProtocol=Protocol\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , Id=ExternalID\n                , SrcDvcHostname=SourceHostName\n                , ProductName=DeviceCustomString2\n                , ProductVersion=DeviceCustomString3\n| extend ThreatName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString1, '')\n| extend ObjectName=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString5, '')\n| extend DetectionType=case(EventId in~ ('GNRL_EV_VIRUS_FOUND_AND_BLOCKED', 'GNRL_EV_SUSPICIOUS_OBJECT_FOUND'), DeviceCustomString6, '')\n| extend TaskOldState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber1, todynamic(''))\n| extend TaskNewState=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomNumber2, todynamic(''))\n| extend TaskName=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString5, '')\n| extend TaskId=case(EventId =~ 'KLPRCI_TaskState', DeviceCustomString4, '')\n| extend EventOriginalResultDetails=Activity\n| extend ActingProcessFileProduct = extract(@'Application: (.*?)\\\\[rn]', 1, Message)\n| extend ActingProcessName = extract(@'Application\\\\Name: (.*?)\\\\[rn]', 1, Message)\n| extend ActingProcessId = extract(@'Process ID: (\\d+)\\\\[rn]', 1, Message)\n| extend EventResult = extract(@'Result\\\\\\\\Description: (\\w+)\\\\[rn]', 1, Message)\n| extend PossibleImpact = extract(@'Result\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\n| extend ThreatLevel = extract(@'Threat level: (.*?)\\\\[rn]', 1, Message)\n| extend ResultPrecision = extract(@'Result\\\\\\\\Precision: (\\w+)\\\\[rn]', 1, Message)\n| extend Object = extract(@'Object: (.*?)\\\\[rn]', 1, Message)\n| extend ObjectType = extract(@'Object\\\\\\\\Type: (.*?)\\\\[rn]', 1, Message)\n| extend ObjectPath = extract(@'Object\\\\\\\\Path: (.*?)\\\\[rn]', 1, Message)\n| extend ObjectName = extract(@'Object\\\\\\\\Name: (.*?)\\\\[rn]', 1, Message)\n| extend EventReason = extract(@'Reason: (.*?)\\\\[rn]', 1, Message)\n| extend EventReason = coalesce(column_ifexists(\"Reason\",\"\"),EventReason)\n| extend DatabaseReleaseTime = todatetime(extract(@'Database release date: (\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})', 1, replace_regex(Message, @'Database release date: (\\d{2})/(\\d{2})/(\\d{4}) (\\d{2}:\\d{2}:\\d{2})', @'Database release date: \\3-\\2-\\1 \\4')))\n| project-away Message\n            , Activity\n            , ReceiptTime\n            , DeviceVendor\n            , DeviceProduct\n            , DeviceCustomNumber1\n            , DeviceCustomNumber1Label\n            , DeviceCustomNumber2\n            , DeviceCustomNumber2Label\n            , DeviceCustomString1\n            , DeviceCustomString1Label\n            , DeviceCustomString2Label\n            , DeviceCustomString3Label\n            , DeviceCustomString4\n            , DeviceCustomString4Label\n            , DeviceCustomString5\n            , DeviceCustomString5Label\n            , DeviceCustomString6\n            , DeviceCustomString6Label\n            , AdditionalExtensions\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -539,13 +875,20 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.1",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "KasperskySecurityCenter",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://ksc.kaspersky.com/\">Kaspersky Security Center</a> solution provides the capability to ingest <a href=\"https://support.kaspersky.com/KSC/13/en-US/151336.htm\">Kaspersky Security Center logs</a> into Microsoft Sentinel.</p>\n<ol>\n<li><p><strong>KasperskySecurityCenter via AMA</strong> - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>KasperskySecurityCenter via Legacy Agent</strong> - This data connector helps in ingesting KasperskySecurityCenter logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of KasperskySecurityCenter via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -571,6 +914,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
+            },
             {
               "kind": "Parser",
               "contentId": "[variables('_parserContentId1')]",
diff --git a/Solutions/KasperskySecurityCenter/ReleaseNotes.md b/Solutions/KasperskySecurityCenter/ReleaseNotes.md
new file mode 100644
index 00000000000..07660bf906d
--- /dev/null
+++ b/Solutions/KasperskySecurityCenter/ReleaseNotes.md
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 05-09-2023                     |	Addition of new KasperskySecurityCenter AMA **Data Connector**  | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Solutions/MailGuard 365/Data Connectors/MailGuard365.json b/Solutions/MailGuard 365/Data Connectors/MailGuard365.json
new file mode 100644
index 00000000000..c640442c041
--- /dev/null
+++ b/Solutions/MailGuard 365/Data Connectors/MailGuard365.json	
@@ -0,0 +1,108 @@
+{
+    "id": "MailGuard365",
+    "title": "MailGuard 365",
+    "publisher": "MailGuard365",
+    "descriptionMarkdown": "MailGuard 365 Enhanced Email Security for Microsoft 365. Exclusive to the Microsoft marketplace, MailGuard 365 is integrated with Microsoft 365 security (incl. Defender) for enhanced protection against advanced email threats like phishing, ransomware and sophisticated BEC attacks.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "MailGuard365_Threats_CL",
+            "baseQuery": "MailGuard365_Threats_CL"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "All phishing threats stopped by MailGuard 365",
+            "query": "MailGuard365_Threats_CL \n | where Category == \"Phishing\""
+        },
+        {
+            "description" : "All threats summarized by sender email address",
+            "query": "MailGuard365_Threats_CL \n | summarize count() by Sender_Email_s"
+        },
+        {
+            "description" : "All threats summarized by category",
+            "query": "MailGuard365_Threats_CL \n | summarize count() by Category"
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "MailGuard365_Threats_CL",
+            "lastDataReceivedQuery": "MailGuard365_Threats_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "MailGuard365_Threats_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "write": true,
+                    "read": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ]
+    },
+    "instructionSteps": [
+        {
+            "title": "Configure and connect MailGuard 365",
+            "description": "1. In the MailGuard 365 Console, click **Settings** on the navigation bar.\n2. Click the **Integrations** tab.\n3. Click the **Enable Microsoft Sentinel**.\n4. Enter your workspace id and primary key from the fields below, click **Finish**.\n5. For additional instructions, please contact MailGuard 365 support.",
+            "instructions": [
+                {
+                    "parameters": {
+                        "fillWith": [
+                            "WorkspaceId"
+                        ],
+                        "label": "Workspace ID"
+                    },
+                    "type": "CopyableLabel"
+                },
+                {
+                    "parameters": {
+                        "fillWith": [
+                        "PrimaryKey"
+                        ],
+                        "label": "Primary Key"
+                    },
+                    "type": "CopyableLabel"
+                }
+            ]
+        }
+    ],
+    "metadata": {
+        "id": "310bcb08-38be-4257-b4d5-035e1ae3f256",
+        "version": "1.0.0",
+        "kind": "dataConnector",
+        "author": {
+            "name": "MailGuard 365"
+        },
+        "support": {
+            "name": "MailGuard 365",
+            "link": "https://www.mailguard365.com/support",
+            "tier": "developer"
+        }
+    }
+}
diff --git a/Solutions/MailGuard 365/Hunting Queries/MailGuard365HighConfidenceThreats.yaml b/Solutions/MailGuard 365/Hunting Queries/MailGuard365HighConfidenceThreats.yaml
new file mode 100644
index 00000000000..35a311007c1
--- /dev/null
+++ b/Solutions/MailGuard 365/Hunting Queries/MailGuard365HighConfidenceThreats.yaml	
@@ -0,0 +1,25 @@
+id: 5e3aa1a5-5b69-421e-a3ac-32b04cb10353
+name: MailGuard 365 - High Confidence Threats
+description: |
+  'Query searches for high confidence threats stopped by MailGuard 365.'
+severity: Medium
+requiredDataConnectors:
+  - connectorId: MailGuard365
+    dataTypes:
+      - MailGuard365
+tactics:
+  - Reconnaissance
+relevantTechniques:
+  - T1598
+query: |
+  MailGuard365_Threats_CL
+  | where Score_d > 20
+  | extend MailMessage_0_NetworkMessageId = MessageId_s
+  | extend MailMessage_0_Recipient = Email_s
+entityMappings:
+  - entityType: Mail message
+    fieldMappings:
+      - identifier: NetworkMessageId
+        columnName: MessageId_s
+      - identifier: Recipient
+        columnName: Email_s
\ No newline at end of file
diff --git a/Solutions/MailGuard 365/Hunting Queries/MailGuard365MalwareThreats.yaml b/Solutions/MailGuard 365/Hunting Queries/MailGuard365MalwareThreats.yaml
new file mode 100644
index 00000000000..d94c0a1947e
--- /dev/null
+++ b/Solutions/MailGuard 365/Hunting Queries/MailGuard365MalwareThreats.yaml	
@@ -0,0 +1,31 @@
+id: daaae6ad-1fd0-4efa-b571-116689e67a20
+name: MailGuard 365 - Malware Threats
+description: |
+  'Query searches for malware threats stopped by MailGuard 365.'
+severity: High
+requiredDataConnectors:
+  - connectorId: MailGuard365
+    dataTypes:
+      - MailGuard365
+tactics:
+  - InitialAccess
+  - Reconnaissance
+relevantTechniques:
+  - T1592
+  - T1589
+  - T1590
+  - T1591
+  - T1189
+  - T1190
+query: |
+  MailGuard365_Threats_CL
+  | where Category == "Malicious Attachment"
+  | extend MailMessage_0_NetworkMessageId = MessageId_s
+  | extend MailMessage_0_Recipient = Email_s
+entityMappings:
+  - entityType: Mail message
+    fieldMappings:
+      - identifier: NetworkMessageId
+        columnName: MessageId_s
+      - identifier: Recipient
+        columnName: Email_s
diff --git a/Solutions/MailGuard 365/Hunting Queries/MailGuard365PhishingThreats.yaml b/Solutions/MailGuard 365/Hunting Queries/MailGuard365PhishingThreats.yaml
new file mode 100644
index 00000000000..90988e629ee
--- /dev/null
+++ b/Solutions/MailGuard 365/Hunting Queries/MailGuard365PhishingThreats.yaml	
@@ -0,0 +1,28 @@
+id: ee15ed10-d355-474e-b8ad-a8bbb76f6d38
+name: MailGuard 365 - Phishing Threats
+description: |
+  'Query searches for phishing threats stopped by MailGuard 365.'
+severity: Medium
+requiredDataConnectors:
+  - connectorId: MailGuard365
+    dataTypes:
+      - MailGuard365
+tactics:
+  - InitialAccess
+  - Reconnaissance
+  - Credential Access
+relevantTechniques:
+  - T1598
+  - T1566
+query: |
+  MailGuard365_Threats_CL
+  | where Category == "Phishing"
+  | extend MailMessage_0_NetworkMessageId = MessageId_s
+  | extend MailMessage_0_Recipient = Email_s
+entityMappings:
+  - entityType: Mail message
+    fieldMappings:
+      - identifier: NetworkMessageId
+        columnName: MessageId_s
+      - identifier: Recipient
+        columnName: Email_s
\ No newline at end of file
diff --git a/Solutions/MailGuard 365/Package/3.0.0.zip b/Solutions/MailGuard 365/Package/3.0.0.zip
new file mode 100644
index 00000000000..008a6df98df
Binary files /dev/null and b/Solutions/MailGuard 365/Package/3.0.0.zip differ
diff --git a/Solutions/MailGuard 365/Package/createUiDefinition.json b/Solutions/MailGuard 365/Package/createUiDefinition.json
new file mode 100644
index 00000000000..6a147860162
--- /dev/null
+++ b/Solutions/MailGuard 365/Package/createUiDefinition.json	
@@ -0,0 +1,193 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/MailGuard365_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nStrengthen your Microsoft 365 email security against advanced zero-day phishing, ransomware & BEC attacks with MailGuard 365 enhanced email security. This Microsoft Sentinel Solution enables you to ingest threat data from MailGuard 365.\n\n**Data Connectors:** 1, **Workbooks:** 1, **Hunting Queries:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for MailGuard 365. You can get MailGuard 365 custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      },
+      {
+        "name": "workbooks",
+        "label": "Workbooks",
+        "subLabel": {
+          "preValidation": "Configure the workbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Workbooks",
+        "elements": [
+          {
+            "name": "workbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences."
+            }
+          },
+          {
+            "name": "workbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
+              }
+            }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "MailGuard365",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "MailGuard 365 Workbook"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "name": "huntingqueries",
+        "label": "Hunting Queries",
+        "bladeTitle": "Hunting Queries",
+        "elements": [
+          {
+            "name": "huntingqueries-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the following hunting queries. After installing the solution, run these hunting queries to hunt for threats in Manage solution view."
+            }
+          },
+          {
+            "name": "huntingqueries-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/hunting"
+              }
+            }
+          },
+          {
+            "name": "huntingquery1",
+            "type": "Microsoft.Common.Section",
+            "label": "MailGuard 365 - High Confidence Threats",
+            "elements": [
+              {
+                "name": "huntingquery1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Query searches for high confidence threats stopped by MailGuard 365. This hunting query depends on MailGuard365 data connector (MailGuard365 Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery2",
+            "type": "Microsoft.Common.Section",
+            "label": "MailGuard 365 - Phishing Threats",
+            "elements": [
+              {
+                "name": "huntingquery2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Query searches for phishing threats stopped by MailGuard 365. This hunting query depends on MailGuard365 data connector (MailGuard365 Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery3",
+            "type": "Microsoft.Common.Section",
+            "label": "MailGuard 365 - Malware Threats",
+            "elements": [
+              {
+                "name": "huntingquery3-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Query searches for malware threats stopped by MailGuard 365. This hunting query depends on MailGuard365 data connector (MailGuard365 Parser or Table)"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
diff --git a/Solutions/MailGuard 365/Package/mainTemplate.json b/Solutions/MailGuard 365/Package/mainTemplate.json
new file mode 100644
index 00000000000..18882df9e55
--- /dev/null
+++ b/Solutions/MailGuard 365/Package/mainTemplate.json	
@@ -0,0 +1,812 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "MailGuard - support@mailguard365.com",
+    "comments": "Solution template for MailGuard 365"
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+      }
+    },
+    "workspace-location": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+      }
+    },
+    "workspace": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    },
+    "workbook1-name": {
+      "type": "string",
+      "defaultValue": "MailGuard365",
+      "minLength": 1,
+      "metadata": {
+        "description": "Name for the workbook"
+      }
+    }
+  },
+  "variables": {
+    "email": "support@mailguard365.com",
+    "_email": "[variables('email')]",
+    "_solutionName": "MailGuard 365",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "mailguardptylimited.microsoft-sentinel-solution-mailguard365",
+    "_solutionId": "[variables('solutionId')]",
+    "uiConfigId1": "MailGuard365",
+    "_uiConfigId1": "[variables('uiConfigId1')]",
+    "dataConnectorContentId1": "MailGuard365",
+    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
+    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+    "_dataConnectorId1": "[variables('dataConnectorId1')]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "huntingQueryVersion1": "1.0.0",
+    "huntingQuerycontentId1": "5e3aa1a5-5b69-421e-a3ac-32b04cb10353",
+    "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
+    "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
+    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]",
+    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
+    "huntingQueryVersion2": "1.0.0",
+    "huntingQuerycontentId2": "ee15ed10-d355-474e-b8ad-a8bbb76f6d38",
+    "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
+    "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
+    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
+    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
+    "huntingQueryVersion3": "1.0.0",
+    "huntingQuerycontentId3": "daaae6ad-1fd0-4efa-b571-116689e67a20",
+    "_huntingQuerycontentId3": "[variables('huntingQuerycontentId3')]",
+    "huntingQueryId3": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId3'))]",
+    "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId3'))))]",
+    "_huntingQuerycontentProductId3": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId3'),'-', variables('huntingQueryVersion3'))))]",
+    "workbookVersion1": "1.0.0",
+    "workbookContentId1": "MailGuard365Workbook",
+    "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
+    "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "MailGuard 365 data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId1')]",
+                  "title": "MailGuard 365",
+                  "publisher": "MailGuard365",
+                  "descriptionMarkdown": "MailGuard 365 Enhanced Email Security for Microsoft 365. Exclusive to the Microsoft marketplace, MailGuard 365 is integrated with Microsoft 365 security (incl. Defender) for enhanced protection against advanced email threats like phishing, ransomware and sophisticated BEC attacks.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "MailGuard365_Threats_CL",
+                      "baseQuery": "MailGuard365_Threats_CL"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "All phishing threats stopped by MailGuard 365",
+                      "query": "MailGuard365_Threats_CL \n | where Category == \"Phishing\""
+                    },
+                    {
+                      "description": "All threats summarized by sender email address",
+                      "query": "MailGuard365_Threats_CL \n | summarize count() by Sender_Email_s"
+                    },
+                    {
+                      "description": "All threats summarized by category",
+                      "query": "MailGuard365_Threats_CL \n | summarize count() by Category"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "MailGuard365_Threats_CL",
+                      "lastDataReceivedQuery": "MailGuard365_Threats_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "MailGuard365_Threats_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": "1. In the MailGuard 365 Console, click **Settings** on the navigation bar.\n2. Click the **Integrations** tab.\n3. Click the **Enable Microsoft Sentinel**.\n4. Enter your workspace id and primary key from the fields below, click **Finish**.\n5. For additional instructions, please contact MailGuard 365 support.",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "fillWith": [
+                              "WorkspaceId"
+                            ],
+                            "label": "Workspace ID"
+                          },
+                          "type": "CopyableLabel"
+                        },
+                        {
+                          "parameters": {
+                            "fillWith": [
+                              "PrimaryKey"
+                            ],
+                            "label": "Primary Key"
+                          },
+                          "type": "CopyableLabel"
+                        }
+                      ],
+                      "title": "Configure and connect MailGuard 365"
+                    }
+                  ],
+                  "metadata": {
+                    "id": "310bcb08-38be-4257-b4d5-035e1ae3f256",
+                    "version": "1.0.0",
+                    "kind": "dataConnector",
+                    "author": {
+                      "name": "MailGuard 365"
+                    },
+                    "support": {
+                      "name": "MailGuard 365",
+                      "link": "https://www.mailguard365.com/support",
+                      "tier": "developer"
+                    }
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+                "contentId": "[variables('_dataConnectorContentId1')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MailGuard 365",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "MailGuard",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "MailGuard 365",
+                  "email": "support@mailguard365.com",
+                  "tier": "Partner",
+                  "link": "https://www.mailguard365.com/support/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "MailGuard 365",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId1')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "MailGuard 365",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "MailGuard",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "MailGuard 365",
+          "email": "support@mailguard365.com",
+          "tier": "Partner",
+          "link": "https://www.mailguard365.com/support/"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "MailGuard 365",
+          "publisher": "MailGuard365",
+          "descriptionMarkdown": "MailGuard 365 Enhanced Email Security for Microsoft 365. Exclusive to the Microsoft marketplace, MailGuard 365 is integrated with Microsoft 365 security (incl. Defender) for enhanced protection against advanced email threats like phishing, ransomware and sophisticated BEC attacks.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "MailGuard365_Threats_CL",
+              "baseQuery": "MailGuard365_Threats_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "MailGuard365_Threats_CL",
+              "lastDataReceivedQuery": "MailGuard365_Threats_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "MailGuard365_Threats_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "All phishing threats stopped by MailGuard 365",
+              "query": "MailGuard365_Threats_CL \n | where Category == \"Phishing\""
+            },
+            {
+              "description": "All threats summarized by sender email address",
+              "query": "MailGuard365_Threats_CL \n | summarize count() by Sender_Email_s"
+            },
+            {
+              "description": "All threats summarized by category",
+              "query": "MailGuard365_Threats_CL \n | summarize count() by Category"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": "1. In the MailGuard 365 Console, click **Settings** on the navigation bar.\n2. Click the **Integrations** tab.\n3. Click the **Enable Microsoft Sentinel**.\n4. Enter your workspace id and primary key from the fields below, click **Finish**.\n5. For additional instructions, please contact MailGuard 365 support.",
+              "instructions": [
+                {
+                  "parameters": {
+                    "fillWith": [
+                      "WorkspaceId"
+                    ],
+                    "label": "Workspace ID"
+                  },
+                  "type": "CopyableLabel"
+                },
+                {
+                  "parameters": {
+                    "fillWith": [
+                      "PrimaryKey"
+                    ],
+                    "label": "Primary Key"
+                  },
+                  "type": "CopyableLabel"
+                }
+              ],
+              "title": "Configure and connect MailGuard 365"
+            }
+          ],
+          "id": "[variables('_uiConfigId1')]"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "MailGuard365HighConfidenceThreats_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MailGuard_365_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "MailGuard 365 - High Confidence Threats",
+                "category": "Hunting Queries",
+                "query": "MailGuard365_Threats_CL\n| where Score_d > 20\n| extend MailMessage_0_NetworkMessageId = MessageId_s\n| extend MailMessage_0_Recipient = Email_s\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for high confidence threats stopped by MailGuard 365."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Reconnaissance"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1598"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
+              "properties": {
+                "description": "MailGuard 365 Hunting Query 1",
+                "parentId": "[variables('huntingQueryId1')]",
+                "contentId": "[variables('_huntingQuerycontentId1')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MailGuard 365",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "MailGuard",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "MailGuard 365",
+                  "email": "support@mailguard365.com",
+                  "tier": "Partner",
+                  "link": "https://www.mailguard365.com/support/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "MailGuard 365 - High Confidence Threats",
+        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
+        "id": "[variables('_huntingQuerycontentProductId1')]",
+        "version": "[variables('huntingQueryVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "MailGuard365PhishingThreats_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MailGuard_365_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "MailGuard 365 - Phishing Threats",
+                "category": "Hunting Queries",
+                "query": "MailGuard365_Threats_CL\n| where Category == \"Phishing\"\n| extend MailMessage_0_NetworkMessageId = MessageId_s\n| extend MailMessage_0_Recipient = Email_s\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for phishing threats stopped by MailGuard 365."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Reconnaissance,CredentialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1598,T1566"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
+              "properties": {
+                "description": "MailGuard 365 Hunting Query 2",
+                "parentId": "[variables('huntingQueryId2')]",
+                "contentId": "[variables('_huntingQuerycontentId2')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MailGuard 365",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "MailGuard",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "MailGuard 365",
+                  "email": "support@mailguard365.com",
+                  "tier": "Partner",
+                  "link": "https://www.mailguard365.com/support/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "MailGuard 365 - Phishing Threats",
+        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
+        "id": "[variables('_huntingQuerycontentProductId2')]",
+        "version": "[variables('huntingQueryVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "MailGuard365MalwareThreats_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion3')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MailGuard_365_Hunting_Query_3",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "MailGuard 365 - Malware Threats",
+                "category": "Hunting Queries",
+                "query": "MailGuard365_Threats_CL\n| where Category == \"Malicious Attachment\"\n| extend MailMessage_0_NetworkMessageId = MessageId_s\n| extend MailMessage_0_Recipient = Email_s\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for malware threats stopped by MailGuard 365."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Reconnaissance"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1592,T1589,T1590,T1591,T1189,T1190"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId3'),'/'))))]",
+              "properties": {
+                "description": "MailGuard 365 Hunting Query 3",
+                "parentId": "[variables('huntingQueryId3')]",
+                "contentId": "[variables('_huntingQuerycontentId3')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MailGuard 365",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "MailGuard",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "MailGuard 365",
+                  "email": "support@mailguard365.com",
+                  "tier": "Partner",
+                  "link": "https://www.mailguard365.com/support/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId3')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "MailGuard 365 - Malware Threats",
+        "contentProductId": "[variables('_huntingQuerycontentProductId3')]",
+        "id": "[variables('_huntingQuerycontentProductId3')]",
+        "version": "[variables('huntingQueryVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "MailGuard365DashboardWorkbook Workbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId1')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "MailGuard 365 Workbook"
+              },
+              "properties": {
+                "displayName": "[parameters('workbook1-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## MailGuard 365\\n---\\n\\nMailGuard 365 Dashboard\"},\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"# Threat Count by Category\"},\"name\":\"text - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MailGuard365_Threats_CL \\n| summarize Count=count() by Category\\n| render barchart\",\"size\":3,\"timeContext\":{\"durationMs\":2592000000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"name\":\"query - 2\"},{\"type\":1,\"content\":{\"json\":\"# Threat Origin by Country\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MailGuard365_Threats_CL\\n| summarize Count=count() by OriginCountry_s\",\"size\":3,\"timeContext\":{\"durationMs\":2592000000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"tileSettings\":{\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"OriginCountry_s\",\"sizeSettings\":\"Count\",\"sizeAggregation\":\"Sum\",\"legendMetric\":\"Count\",\"legendAggregation\":\"Sum\",\"itemColorSettings\":{\"nodeColorField\":\"Count\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}},\"textSettings\":{\"style\":\"bignumber\"}},\"name\":\"query - 2\"},{\"type\":1,\"content\":{\"json\":\"# Top targetted recipients\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MailGuard365_Threats_CL\\n| summarize Count=count() by Email_s\",\"size\":0,\"timeContext\":{\"durationMs\":2592000000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"name\":\"query - 6\"},{\"type\":1,\"content\":{\"json\":\"# Threat Count over time\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MailGuard365_Threats_CL\\n| summarize Count=count() by format_datetime(unixtime_seconds_todatetime(ReceivedDateTime_d), \\\"yyyy-MM-dd\\\")\\n| sort by Column1 asc\\n\",\"size\":0,\"timeContext\":{\"durationMs\":2592000000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"name\":\"query - 8\"}],\"fromTemplateId\":\"mailguard365-UserWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=MailGuard365Workbook; logoFileName=MailGuard365_logo.svg; description=MailGuard 365 Workbook; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=MailGuard365; templateRelativePath=MailGuard365Dashboard.json; subtitle=; provider=MailGuard 365}.description",
+                "parentId": "[variables('workbookId1')]",
+                "contentId": "[variables('_workbookContentId1')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MailGuard 365",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "MailGuard",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "MailGuard 365",
+                  "email": "support@mailguard365.com",
+                  "tier": "Partner",
+                  "link": "https://www.mailguard365.com/support/"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "MailGuard365_Threats_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "MailGuard365",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.0",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "MailGuard 365",
+        "publisherDisplayName": "MailGuard 365",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>Strengthen your Microsoft 365 email security against advanced zero-day phishing, ransomware &amp; BEC attacks with MailGuard 365 enhanced email security. This Microsoft Sentinel Solution enables you to ingest threat data from MailGuard 365.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Hunting Queries:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/MailGuard365_logo.svg\" width=\"75px\" height=\"75px\">",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "MailGuard 365",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "MailGuard",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "MailGuard 365",
+          "email": "support@mailguard365.com",
+          "tier": "Partner",
+          "link": "https://www.mailguard365.com/support/"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId1')]",
+              "version": "[variables('dataConnectorVersion1')]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId1')]",
+              "version": "[variables('huntingQueryVersion1')]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId2')]",
+              "version": "[variables('huntingQueryVersion2')]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId3')]",
+              "version": "[variables('huntingQueryVersion3')]"
+            },
+            {
+              "kind": "Workbook",
+              "contentId": "[variables('_workbookContentId1')]",
+              "version": "[variables('workbookVersion1')]"
+            }
+          ]
+        },
+        "firstPublishDate": "2023-05-09",
+        "lastPublishDate": "2023-06-08",
+        "providers": [
+          "MailGuard"
+        ],
+        "categories": {
+          "domains": [
+            "Security - Threat Protection"
+          ]
+        }
+      },
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
+    }
+  ],
+  "outputs": {}
+}
diff --git a/Solutions/MailGuard 365/ReleaseNotes.md b/Solutions/MailGuard 365/ReleaseNotes.md
new file mode 100644
index 00000000000..d44c5aa2db1
--- /dev/null
+++ b/Solutions/MailGuard 365/ReleaseNotes.md	
@@ -0,0 +1,3 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
+|-------------|--------------------------------|---------------------------------------------|
+| 3.0.0       | 31-08-2023                     | Initial Version Release                     | 
\ No newline at end of file
diff --git a/Solutions/MailGuard 365/SolutionMetadata.json b/Solutions/MailGuard 365/SolutionMetadata.json
new file mode 100644
index 00000000000..cb9c843521e
--- /dev/null
+++ b/Solutions/MailGuard 365/SolutionMetadata.json	
@@ -0,0 +1,17 @@
+{
+    "publisherId": "mailguardptylimited",
+    "offerId": "microsoft-sentinel-solution-mailguard365",
+    "firstPublishDate": "2023-05-09",
+    "lastPublishDate": "2023-06-08",
+    "providers": ["MailGuard"],
+    "categories": {
+      "domains" : ["Security - Threat Protection"],
+      "verticals": []
+     },
+    "support": {
+      "name": "MailGuard 365",
+      "email": "support@mailguard365.com",
+      "tier": "Partner",
+      "link": "https://www.mailguard365.com/support/"
+    }
+}
\ No newline at end of file
diff --git a/Solutions/MailGuard 365/Workbooks/MailGuard365Dashboard.json b/Solutions/MailGuard 365/Workbooks/MailGuard365Dashboard.json
new file mode 100644
index 00000000000..f335f27f92f
--- /dev/null
+++ b/Solutions/MailGuard 365/Workbooks/MailGuard365Dashboard.json	
@@ -0,0 +1,136 @@
+{
+  "version": "Notebook/1.0",
+  "items": [
+    {
+      "type": 1,
+      "content": {
+        "json": "## MailGuard 365\n---\n\nMailGuard 365 Dashboard"
+      },
+      "name": "text - 2"
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "# Threat Count by Category"
+      },
+      "name": "text - 4"
+    },
+    {
+      "type": 3,
+      "content": {
+        "version": "KqlItem/1.0",
+        "query": "MailGuard365_Threats_CL \n| summarize Count=count() by Category\n| render barchart",
+        "size": 3,
+        "timeContext": {
+          "durationMs": 2592000000
+        },
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces",
+        "visualization": "piechart"
+      },
+      "name": "query - 2"
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "# Threat Origin by Country"
+      },
+      "name": "text - 3"
+    },
+    {
+      "type": 3,
+      "content": {
+        "version": "KqlItem/1.0",
+        "query": "MailGuard365_Threats_CL\n| summarize Count=count() by OriginCountry_s",
+        "size": 3,
+        "timeContext": {
+          "durationMs": 2592000000
+        },
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces",
+        "visualization": "map",
+        "tileSettings": {
+          "showBorder": false
+        },
+        "mapSettings": {
+          "locInfo": "CountryRegion",
+          "locInfoColumn": "OriginCountry_s",
+          "sizeSettings": "Count",
+          "sizeAggregation": "Sum",
+          "legendMetric": "Count",
+          "legendAggregation": "Sum",
+          "itemColorSettings": {
+            "nodeColorField": "Count",
+            "colorAggregation": "Sum",
+            "type": "heatmap",
+            "heatmapPalette": "greenRed"
+          }
+        },
+        "textSettings": {
+          "style": "bignumber"
+        }
+      },
+      "name": "query - 2"
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "# Top targetted recipients"
+      },
+      "name": "text - 5"
+    },
+    {
+      "type": 3,
+      "content": {
+        "version": "KqlItem/1.0",
+        "query": "MailGuard365_Threats_CL\n| summarize Count=count() by Email_s",
+        "size": 0,
+        "timeContext": {
+          "durationMs": 2592000000
+        },
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces",
+        "visualization": "table",
+        "gridSettings": {
+          "sortBy": [
+            {
+              "itemKey": "Count",
+              "sortOrder": 2
+            }
+          ]
+        },
+        "sortBy": [
+          {
+            "itemKey": "Count",
+            "sortOrder": 2
+          }
+        ]
+      },
+      "name": "query - 6"
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "# Threat Count over time"
+      },
+      "name": "text - 7"
+    },
+    {
+      "type": 3,
+      "content": {
+        "version": "KqlItem/1.0",
+        "query": "MailGuard365_Threats_CL\n| summarize Count=count() by format_datetime(unixtime_seconds_todatetime(ReceivedDateTime_d), \"yyyy-MM-dd\")\n| sort by Column1 asc\n",
+        "size": 0,
+        "timeContext": {
+          "durationMs": 2592000000
+        },
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces",
+        "visualization": "barchart"
+      },
+      "name": "query - 8"
+    }
+  ],
+  "fromTemplateId": "mailguard365-UserWorkbook",
+  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/Solutions/Microsoft Defender for Office 365/Data Connectors/template_OfficeATP.JSON b/Solutions/Microsoft Defender for Office 365/Data Connectors/template_OfficeATP.JSON
index 5feae188ccc..93df53f9057 100644
--- a/Solutions/Microsoft Defender for Office 365/Data Connectors/template_OfficeATP.JSON	
+++ b/Solutions/Microsoft Defender for Office 365/Data Connectors/template_OfficeATP.JSON	
@@ -1,6 +1,6 @@
 {
     "id": "OfficeATP",
-    "title": "Microsoft Defender for Office 365",
+    "title": "Microsoft Defender for Office 365 (Preview)",
     "publisher": "Microsoft",
     "logo": "Office365Logo.svg",
     "descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n-   A potentially malicious URL click was detected \n-   Email messages containing malware removed after delivery\n-   Email messages containing phish URLs removed after delivery\n-   Email reported by user as malware or phish \n-   Suspicious email sending patterns detected \n-   User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
@@ -94,4 +94,4 @@
             ]
         }
     ]
-}
+}
\ No newline at end of file
diff --git a/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json b/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json
index 68564ef708a..59a1e2fdcf5 100644
--- a/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json	
+++ b/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json	
@@ -17,7 +17,7 @@
     "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSpamDomain/azuredeploy.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "2.0.1",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": true
diff --git a/Solutions/Microsoft Defender for Office 365/Package/3.0.0.zip b/Solutions/Microsoft Defender for Office 365/Package/3.0.0.zip
index f18d364454a..e838b684343 100644
Binary files a/Solutions/Microsoft Defender for Office 365/Package/3.0.0.zip and b/Solutions/Microsoft Defender for Office 365/Package/3.0.0.zip differ
diff --git a/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json b/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json
index ddfe9431a9f..4f5e3f1f80b 100644
--- a/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json	
+++ b/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json	
@@ -44,21 +44,21 @@
     "_solutionVersion": "3.0.0",
     "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderforo365",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "uiConfigId1": "OfficeATP",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "OfficeATP",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))),variables('dataConnectorVersion1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
     "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "MicrosoftDefenderForOffice365",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))),variables('workbookVersion1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "O365_Defender_FunctionAppConnector": "O365_Defender_FunctionAppConnector",
     "_O365_Defender_FunctionAppConnector": "[variables('O365_Defender_FunctionAppConnector')]",
@@ -66,7 +66,7 @@
     "playbookVersion1": "1.0",
     "playbookContentId1": "O365_Defender_FunctionAppConnector",
     "_playbookContentId1": "[variables('playbookContentId1')]",
-    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-fa-',uniquestring(variables('_playbookContentId1'))),variables('playbookVersion1')))]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-fa-',uniquestring(variables('_playbookContentId1'))))]",
     "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','fa','-', uniqueString(concat(variables('_solutionId'),'-','AzureFunction','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
     "o365-BlockMalwareFileExtension": "o365-BlockMalwareFileExtension",
     "_o365-BlockMalwareFileExtension": "[variables('o365-BlockMalwareFileExtension')]",
@@ -74,7 +74,7 @@
     "playbookContentId2": "o365-BlockMalwareFileExtension",
     "_playbookContentId2": "[variables('playbookContentId2')]",
     "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
-    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))),variables('playbookVersion2')))]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
     "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
     "blanks": "[replace('b', 'b', '')]",
     "o365-BlockSender": "o365-BlockSender",
@@ -83,7 +83,7 @@
     "playbookContentId3": "o365-BlockSender",
     "_playbookContentId3": "[variables('playbookContentId3')]",
     "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
-    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))),variables('playbookVersion3')))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
     "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
     "o365-BlockSender-EntityTrigger": "o365-BlockSender-EntityTrigger",
     "_o365-BlockSender-EntityTrigger": "[variables('o365-BlockSender-EntityTrigger')]",
@@ -91,7 +91,7 @@
     "playbookContentId4": "o365-BlockSender-EntityTrigger",
     "_playbookContentId4": "[variables('playbookContentId4')]",
     "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
-    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))),variables('playbookVersion4')))]",
+    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
     "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
     "o365-BlockSpamDomain": "o365-BlockSpamDomain",
     "_o365-BlockSpamDomain": "[variables('o365-BlockSpamDomain')]",
@@ -99,7 +99,7 @@
     "playbookContentId5": "o365-BlockSpamDomain",
     "_playbookContentId5": "[variables('playbookContentId5')]",
     "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
-    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))),variables('playbookVersion5')))]",
+    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
     "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
@@ -129,7 +129,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "Microsoft Defender for Office 365",
+                  "title": "Microsoft Defender for Office 365 (Preview)",
                   "publisher": "Microsoft",
                   "descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n-   A potentially malicious URL click was detected \n-   Email messages containing malware removed after delivery\n-   Email messages containing phish URLs removed after delivery\n-   Email reported by user as malware or phish \n-   Suspicious email sending patterns detected \n-   User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
                   "graphQueries": [
@@ -235,7 +235,7 @@
       "kind": "StaticUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "Microsoft Defender for Office 365",
+          "title": "Microsoft Defender for Office 365 (Preview)",
           "publisher": "Microsoft",
           "descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n-   A potentially malicious URL click was detected \n-   Email messages containing malware removed after delivery\n-   Email messages containing phish URLs removed after delivery\n-   Email reported by user as malware or phish \n-   Suspicious email sending patterns detected \n-   User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
           "graphQueries": [
@@ -3289,11 +3289,11 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Microsoft Defender for Office 365",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>Please refer to the following before installing the solution: \r \n • Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md\">Release Notes</a>\r \n • There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution.</em></p>\n<p>The <a href=\"https://www.microsoft.com/security/business/threat-protection/office-365-defender\">Microsoft Defender for Office 365</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution  is dependent on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 4</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.microsoft.com/security/business/threat-protection/office-365-defender\">Microsoft Defender for Office 365</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution  is dependent on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 4</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
-        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/office365_logo.svg\"width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -3365,4 +3365,4 @@
     }
   ],
   "outputs": {}
-}
+}
\ No newline at end of file
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeAdminAuditLogEvents.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeAdminAuditLogEvents.json
index 7b4977229a1..fb823d35ec2 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeAdminAuditLogEvents.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeAdminAuditLogEvents.json	
@@ -38,25 +38,25 @@
     "sampleQueries": [
         {
             "description": "All Audit logs",
-            "query": "Event | where EventLog == 'MSExchange Management'\n  | sort by TimeGenerated"
+            "query": "Event | where EventLog == 'MSExchange Management' | sort by TimeGenerated"
         }
     ],
     "dataTypes": [ 
         { 
             "name": "Event",
-            "lastDataReceivedQuery": "Event | where EventLog == 'MSExchange Management'\n  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" 
+            "lastDataReceivedQuery": "Event | where EventLog == 'MSExchange Management'  | summarize Time = max(TimeGenerated) | where isnotempty(Time)" 
         },
         { 
             "name": "Microsoft-W3CIISLog",
-            "lastDataReceivedQuery": "Microsoft-W3CIISLog  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" 
+            "lastDataReceivedQuery": "Microsoft-W3CIISLog  | summarize Time = max(TimeGenerated) | where isnotempty(Time)" 
         },
         { 
             "name": "MessageTrackingLog_CL",
-            "lastDataReceivedQuery": "MessageTrackingLog_CL  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" 
+            "lastDataReceivedQuery": "MessageTrackingLog_CL  | summarize Time = max(TimeGenerated) | where isnotempty(Time)" 
         },
         { 
             "name": "ExchangeHttpProxy_CL",
-            "lastDataReceivedQuery": "ExchangeHttpProxy_CL  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" 
+            "lastDataReceivedQuery": "ExchangeHttpProxy_CL  | summarize Time = max(TimeGenerated) | where isnotempty(Time)" 
         }
     ], 
     "connectivityCriterias": [ "SentinelKindsV2" ],
@@ -143,7 +143,7 @@
                                                     "description": "**Deploy the Azure Arc Agent**\n> [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
                                                 },
                                                 {
-                                                    "title": "Install Azure Log Analytics Agent (Deprecated on XX/XX/XXXX)",
+                                                    "title": "Install Azure Log Analytics Agent (Deprecated on 31/08/2024)",
                                                     "description": "1. Download the Azure Log Analytics Agent and choose the deployment method in the below link.",
                                                     "instructions": [
                                                         {
@@ -521,7 +521,7 @@
                                                                                         },
                                                                                         {
                                                                                             "title": "B. Create Custom DCR Table",
-                                                                                            "description": "1. Download the Example file from [Microsoft Sentinel Gitbub](https://aka.ms/Sentinel-Sample-ESI-MessageTrackingExampleFile).\n2.  From the Azure Portal, navigate to [Workspace Analytics](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces) and select your target Workspace.\n3. Click in 'Tables', click **+ Create** at the top and select **New Custom log (DCR-Based)**.\n4. In the **Basics** tab, enter **MessageTrackingLog** on the Table name, create a Data Collection rule with the name **DCR-Option6-MessageTrackingLogs** (for example) and select the previously created Data collection Endpoint.\n5. In the **Schema and Transformation** tab, choose the downloaded sample file and click on **Transformation Editor**.\n6. In the transformation field, enter the following KQL request :\n*source\n| extend TimeGenerated = todatetime(['date-time'])\n| extend\n    clientHostname = ['client-hostname'],\n    clientIP = ['client-ip'],\n    connectorId = ['connector-id'],\n    customData = ['custom-data'],\n    eventId = ['event-id'],\n    internalMessageId = ['internal-message-id'],\n    logId = ['log-id'],\n    messageId = ['message-id'],\n    messageInfo = ['message-info'],\n    messageSubject = ['message-subject'],\n    networkMessageId = ['network-message-id'],\n    originalClientIp =  ['original-client-ip'],\n    originalServerIp = ['original-server-ip'],\n    recipientAddress= ['recipient-address'],\n    recipientCount= ['recipient-count'],\n    recipientStatus= ['recipient-status'],\n    relatedRecipientAddress= ['related-recipient-address'],\n    returnPath= ['return-path'],\n    senderAddress= ['sender-address'],\n    senderHostname= ['server-hostname'],\n    serverIp= ['server-ip'],\n    sourceContext= ['source-context'],\n    schemaVersion=['schema-version'],\n    messageTrackingTenantId = ['tenant-id'],\n    totalBytes = ['total-bytes'],\n    transportTrafficType = ['transport-traffic-type']\n| project-away\n    ['client-ip'],\n    ['client-hostname'],\n    ['connector-id'],\n    ['custom-data'],\n    ['date-time'],\n    ['event-id'],\n    ['internal-message-id'],\n    ['log-id'],\n    ['message-id'],\n    ['message-info'],\n    ['message-subject'],\n    ['network-message-id'],\n    ['original-client-ip'],\n    ['original-server-ip'],\n    ['recipient-address'],\n    ['recipient-count'],\n    ['recipient-status'],\n    ['related-recipient-address'],\n    ['return-path'],\n    ['sender-address'],\n    ['server-hostname'],\n    ['server-ip'],\n    ['source-context'],\n    ['schema-version'],\n    ['tenant-id'],\n    ['total-bytes'],\n    ['transport-traffic-type']*\n\n8. Click 'Run' and after 'Apply'.\n9. Click **Next**, then click **Create**."
+                                                                                            "description": "1. Download the Example file from [Microsoft Sentinel GitHub](https://aka.ms/Sentinel-Sample-ESI-MessageTrackingExampleFile).\n2.  From the Azure Portal, navigate to [Workspace Analytics](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces) and select your target Workspace.\n3. Click in 'Tables', click **+ Create** at the top and select **New Custom log (DCR-Based)**.\n4. In the **Basics** tab, enter **MessageTrackingLog** on the Table name, create a Data Collection rule with the name **DCR-Option6-MessageTrackingLogs** (for example) and select the previously created Data collection Endpoint.\n5. In the **Schema and Transformation** tab, choose the downloaded sample file and click on **Transformation Editor**.\n6. In the transformation field, enter the following KQL request :\n*source\n| extend TimeGenerated = todatetime(['date-time'])\n| extend\n    clientHostname = ['client-hostname'],\n    clientIP = ['client-ip'],\n    connectorId = ['connector-id'],\n    customData = ['custom-data'],\n    eventId = ['event-id'],\n    internalMessageId = ['internal-message-id'],\n    logId = ['log-id'],\n    messageId = ['message-id'],\n    messageInfo = ['message-info'],\n    messageSubject = ['message-subject'],\n    networkMessageId = ['network-message-id'],\n    originalClientIp =  ['original-client-ip'],\n    originalServerIp = ['original-server-ip'],\n    recipientAddress= ['recipient-address'],\n    recipientCount= ['recipient-count'],\n    recipientStatus= ['recipient-status'],\n    relatedRecipientAddress= ['related-recipient-address'],\n    returnPath= ['return-path'],\n    senderAddress= ['sender-address'],\n    senderHostname= ['server-hostname'],\n    serverIp= ['server-ip'],\n    sourceContext= ['source-context'],\n    schemaVersion=['schema-version'],\n    messageTrackingTenantId = ['tenant-id'],\n    totalBytes = ['total-bytes'],\n    transportTrafficType = ['transport-traffic-type']\n| project-away\n    ['client-ip'],\n    ['client-hostname'],\n    ['connector-id'],\n    ['custom-data'],\n    ['date-time'],\n    ['event-id'],\n    ['internal-message-id'],\n    ['log-id'],\n    ['message-id'],\n    ['message-info'],\n    ['message-subject'],\n    ['network-message-id'],\n    ['original-client-ip'],\n    ['original-server-ip'],\n    ['recipient-address'],\n    ['recipient-count'],\n    ['recipient-status'],\n    ['related-recipient-address'],\n    ['return-path'],\n    ['sender-address'],\n    ['server-hostname'],\n    ['server-ip'],\n    ['source-context'],\n    ['schema-version'],\n    ['tenant-id'],\n    ['total-bytes'],\n    ['transport-traffic-type']*\n\n8. Click 'Run' and after 'Apply'.\n9. Click **Next**, then click **Create**."
                                                                                         },
                                                                                         {
                                                                                             "title": "C. Modify the created DCR, Type Custom log",
@@ -619,7 +619,7 @@
                                                                                         },
                                                                                         {
                                                                                             "title": "B. Create Custom DCR Table",
-                                                                                            "description": "1. Download the Example file from [Microsoft Sentinel Gitbub](https://aka.ms/Sentinel-Sample-ESI-HTTPProxyExampleFile).\n2.  From the Azure Portal, navigate to [Workspace Analytics](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces) and select your target Workspace.\n3. Click in 'Tables', click **+ Create** at the top and select **New Custom log (DCR-Based)**.\n4. In the **Basics** tab, enter **ExchangeHttpProxy** on the Table name, create a Data Collection rule with the name **DCR-Option7-HTTPProxyLogs** (for example) and select the previously created Data collection Endpoint.\n5. In the **Schema and Transformation** tab, choose the downloaded sample file and click on **Transformation Editor**.\n6. In the transformation field, enter the following KQL request :\n*source\n| extend TimeGenerated = todatetime(DateTime)\n| project-away DateTime\n*\n\n8. Click 'Run' and after 'Apply'.\n9. Click **Next**, then click **Create**."
+                                                                                            "description": "1. Download the Example file from [Microsoft Sentinel GitHub](https://aka.ms/Sentinel-Sample-ESI-HTTPProxyExampleFile).\n2.  From the Azure Portal, navigate to [Workspace Analytics](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.OperationalInsights%2Fworkspaces) and select your target Workspace.\n3. Click in 'Tables', click **+ Create** at the top and select **New Custom log (DCR-Based)**.\n4. In the **Basics** tab, enter **ExchangeHttpProxy** on the Table name, create a Data Collection rule with the name **DCR-Option7-HTTPProxyLogs** (for example) and select the previously created Data collection Endpoint.\n5. In the **Schema and Transformation** tab, choose the downloaded sample file and click on **Transformation Editor**.\n6. In the transformation field, enter the following KQL request :\n*source\n| extend TimeGenerated = todatetime(DateTime)\n| project-away DateTime\n*\n\n8. Click 'Run' and after 'Apply'.\n9. Click **Next**, then click **Create**."
                                                                                         },
                                                                                         {
                                                                                             "title": "C. Modify the created DCR, Type Custom log",
@@ -671,10 +671,9 @@
             "name": "ESI - Exchange Security Configuration Analyzer"
         },
         "support": {
-            "tier": "Microsoft",
-            "name": "Microsoft Corporation",
-            "email": "support@microsoft.com",
-            "link": "https://support.microsoft.com/"
+            "name": "Community",
+            "tier": "Community",
+            "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "author": {
             "name": "Microsoft"
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeOnPremisesCollector.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeOnPremisesCollector.json
index d4552fae0d2..c10a4038781 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeOnPremisesCollector.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data Connectors/ESI-ExchangeOnPremisesCollector.json	
@@ -19,14 +19,14 @@
     "dataTypes": [
         {
             "name": "ESIExchangeConfig_CL",
-            "lastDataReceivedQuery": "ESIExchangeConfig_CL\n            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n            | where isnotempty(Time)"
+            "lastDataReceivedQuery": "ESIExchangeConfig_CL            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s            | where isnotempty(Time)"
         }
     ],
     "connectivityCriterias": [
         {
             "type": "IsConnectedQuery",
             "value": [
-                "ESIExchangeConfig_CL\n            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n |take 1\n  | project IsConnected = true"
+                "ESIExchangeConfig_CL           | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s |take 1  | project IsConnected = true"
             ]
         }
     ],
@@ -67,7 +67,7 @@
     "instructionSteps": [
         {
             "title": "Parser deployment (When using Microsoft Exchange Security Solution, Parsers are automatically deployed)", 
-            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ESI_ExchConfigAvailableEnvironments**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)",
+            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)",
             "instructions": [ 
                 {
                     "parameters": {
@@ -75,7 +75,7 @@
                         "instructionSteps": [
                             {
                                 "title": "1. Download the Parser files",
-                                "description": "The latest version of the 2 files [**ExchangeConfiguration.txt**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList.txt**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)"
+                                "description": "The latest version of the 2 files [**ExchangeConfiguration.yaml**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList.yaml**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)"
                             },
                             {
                                 "title": "2. Create Parser **ExchangeConfiguration** function",
@@ -86,8 +86,8 @@
                                 "description": "Click on save button.\n Define the parameters as asked on the header of the parser file.\nClick save again."
                             },
                             {
-                                "title": "4. Reproduce the same steps for Parser **ESI_ExchConfigAvailableEnvironments**",
-                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.txt' file"
+                                "title": "4. Reproduce the same steps for Parser **ExchangeEnvironmentList**",
+                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.yaml' file"
                             }
                         ]
                     },
@@ -127,7 +127,7 @@
         },
         {
             "title": "2. Configure the ESI Collector Script",
-            "description": "Be sure to be local administrator of the server.\nIn 'Run as Administrator' mode, launch the 'setup.ps1' script to configure the collector.\n Fill the Log Analytics (Sentinel) Workspace information.\n Fill the Environment name or leave empty.",
+            "description": "Be sure to be local administrator of the server.\nIn 'Run as Administrator' mode, launch the 'setup.ps1' script to configure the collector.\n Fill the Log Analytics (Microsoft Sentinel) Workspace information.\n Fill the Environment name or leave empty.",
             "instructions": [
                 {
                     "parameters": {
@@ -151,7 +151,7 @@
         },
         {
             "title": "3. Schedule the ESI Collector Script (If not done by the Install Script due to lack of permission or ignored during installation)",
-            "description": "The script needs to be scheduled to send Exchange configuration to Sentinel.\n We recommend to schedule the script once a day.\n The account used to launch the Script needs the be Exchange Organization Administrator"
+            "description": "The script needs to be scheduled to send Exchange configuration to Microsoft Sentinel.\n We recommend to schedule the script once a day.\n The account used to launch the Script needs the be Exchange Organization Administrator"
         }
     ],
     "metadata": {
@@ -163,10 +163,9 @@
             "name": "ESI - Exchange Security Configuration Analyzer"
         },
         "support": {
-            "tier": "Microsoft",
-            "name": "Microsoft Corporation",
-            "email": "support@microsoft.com",
-            "link": "https://support.microsoft.com/"
+            "name": "Community",
+            "tier": "Community",
+            "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "author": {
             "name": "Microsoft"
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data/Solution_MicrosoftExchangeSecurity.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data/Solution_MicrosoftExchangeSecurity.json
index 81fbe66e8f6..01d2863a010 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data/Solution_MicrosoftExchangeSecurity.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Data/Solution_MicrosoftExchangeSecurity.json	
@@ -8,9 +8,9 @@
 	"Data Connectors/ESI-ExchangeOnPremisesCollector.json"
   ],
   "Parsers": [
-    "Parsers/ExchangeAdminAuditLogs.txt",
-	"Parsers/ExchangeConfiguration.txt",
-	"Parsers/ExchangeEnvironmentList.txt"
+    "Parsers/ExchangeAdminAuditLogs.yaml",
+	"Parsers/ExchangeConfiguration.yaml",
+	"Parsers/ExchangeEnvironmentList.yaml"
   ],
    "Workbooks": [
 	"Workbooks/Microsoft Exchange Least Privilege with RBAC.json",
@@ -23,7 +23,7 @@
 	"Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml"
   ],
   "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange On-Premises\\",
-  "Version": "2.0.0",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.0.0.zip b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.0.0.zip
new file mode 100644
index 00000000000..dede4c3fd0d
Binary files /dev/null and b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.0.0.zip differ
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json
index 00b5ae52581..1c8da416924 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe Microsoft Exchange Security Audit and Configuration Insights solution analyzes Exchange on-premises configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Windows Event logs collection, including MS Exchange Management Event logs](https://learn.microsoft.com/azure/azure-monitor/agents/data-sources-windows-events)\n\nb. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)\n\n**Data Connectors:** 2, **Parsers:** 3, **Workbooks:** 4, **Analytic Rules:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Exchange%20Security%20-%20Exchange%20On-Premises/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Exchange Security Audit and Configuration Insight solution analyze Exchange On-Premises configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Windows Event logs collection, including MS Exchange Management Event logs](https://learn.microsoft.com/azure/azure-monitor/agents/data-sources-windows-events)\n\nb. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)\n\n**Data Connectors:** 2, **Parsers:** 3, **Workbooks:** 4, **Analytic Rules:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -65,14 +65,14 @@
           },
           {
             "name": "dataconnectors2-text",
-            "type": "Microsoft.Common.Section",
+"type": "Microsoft.Common.Section",
             "label": "1. Exchange Security Insights On-Premises Collector",
             "elements": [
               {
                 "name": "dataconnectors3-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-                  "text": "This data connector collects security configuration, RBAC information and audit information from your on-premises Exchange environment(s). It uses a scheduled script that needs to be manually deployed in your environment. This connects directly (via proxy if needed) to Log Analytics/Microsoft Sentinel to ingest data."
+              "text": "This data connector collects security configuration, RBAC information and audit information from your on-premises Exchange environment(s). It uses a scheduled script that needs to be manually deployed in your environment. This connects directly (via proxy if needed) to Log Analytics/Microsoft Sentinel to ingest data."
             }
               }
             ]
@@ -98,18 +98,18 @@
               "text": "After installing the solution, configure and enable the data connector that’s most relevant to your Exchange environment by following guidance in Manage solution view."
             }
           },
-          {
+{
             "name": "dataconnectors-parser",
             "type": "Microsoft.Common.Section",
             "label": "Parsers",
             "elements": [
-              {
+          {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-                  "text": "The solution installs three (3) parsers that transform ingested data. The transformed logs can be accessed using the ExchangeConfiguration, ExchangeAdminAuditLogs and ESI_ExchConfigAvailableEnvironments Kusto Function aliases."
+              "text": "The solution installs three (3) parsers that transform ingested data. The transformed logs can be accessed using the ExchangeConfiguration, ExchangeAdminAuditLogs and ExchangeEnvironmentList Kusto Function aliases."
             }
-              }
+}
             ]
           },
           {
@@ -159,7 +159,7 @@
                 "name": "workbook1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This Workbook, dedicated to on-premises environments is built to have a simple view of non-standard RBAC delegations on an on-premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment. Required Data Connector: Exchange Security Insights On-Premises Collector"
+                  "text": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment. Required Data Connector: Exchange Security Insights On-Premises Collector"
                 }
               }
             ]
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/mainTemplate.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/mainTemplate.json
index fd12dbc1048..61af501dc02 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/mainTemplate.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/mainTemplate.json	
@@ -62,111 +62,107 @@
     }
   },
   "variables": {
-    "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-exchangesecurityinsights",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "Microsoft Exchange Security - Exchange On-Premises",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-exchangesecurityinsights",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "ESI-ExchangeAdminAuditLogEvents",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "ESI-ExchangeAdminAuditLogEvents",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "2.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "uiConfigId2": "ESI-ExchangeOnPremisesCollector",
     "_uiConfigId2": "[variables('uiConfigId2')]",
     "dataConnectorContentId2": "ESI-ExchangeOnPremisesCollector",
     "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
     "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
     "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2')))]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
     "dataConnectorVersion2": "1.1.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "ExchangeAdminAuditLogs-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "parserName1": "ExchangeAdminAuditLogs",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]",
-    "parserVersion2": "1.0.0",
-    "parserContentId2": "ExchangeConfiguration-Parser",
-    "_parserContentId2": "[variables('parserContentId2')]",
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "ExchangeAdminAuditLogs-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
     "parserName2": "ExchangeConfiguration",
     "_parserName2": "[concat(parameters('workspace'),'/',variables('parserName2'))]",
     "parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName2'))]",
     "_parserId2": "[variables('parserId2')]",
-    "parserTemplateSpecName2": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId2')))]",
-    "parserVersion3": "1.0.0",
-    "parserContentId3": "ExchangeEnvironmentList-Parser",
-    "_parserContentId3": "[variables('parserContentId3')]",
+    "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId2'))))]",
+    "parserVersion2": "1.0.0",
+    "parserContentId2": "ExchangeConfiguration-Parser",
+    "_parserContentId2": "[variables('parserContentId2')]",
+    "_parsercontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId2'),'-', variables('parserVersion2'))))]",
     "parserName3": "ExchangeEnvironmentList",
     "_parserName3": "[concat(parameters('workspace'),'/',variables('parserName3'))]",
     "parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName3'))]",
     "_parserId3": "[variables('parserId3')]",
-    "parserTemplateSpecName3": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId3')))]",
+    "parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId3'))))]",
+    "parserVersion3": "1.0.0",
+    "parserContentId3": "ExchangeEnvironmentList-Parser",
+    "_parserContentId3": "[variables('parserContentId3')]",
+    "_parsercontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId3'),'-', variables('parserVersion3'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "MicrosoftExchangeLeastPrivilegewithRBAC",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "workbookVersion2": "1.0.0",
     "workbookContentId2": "MicrosoftExchangeSearchAdminAuditLog",
     "workbookId2": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId2'))]",
-    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2')))]",
+    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
     "_workbookContentId2": "[variables('workbookContentId2')]",
+    "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
     "workbookVersion3": "1.0.0",
     "workbookContentId3": "MicrosoftExchangeSecurityMonitoring",
     "workbookId3": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId3'))]",
-    "workbookTemplateSpecName3": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId3')))]",
+    "workbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId3'))))]",
     "_workbookContentId3": "[variables('workbookContentId3')]",
+    "_workbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId3'),'-', variables('workbookVersion3'))))]",
     "workbookVersion4": "1.0.0",
     "workbookContentId4": "MicrosoftExchangeSecurityReview",
     "workbookId4": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId4'))]",
-    "workbookTemplateSpecName4": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId4')))]",
+    "workbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId4'))))]",
     "_workbookContentId4": "[variables('workbookContentId4')]",
+    "_workbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId4'),'-', variables('workbookVersion4'))))]",
     "analyticRuleVersion1": "1.0.0",
     "analyticRulecontentId1": "5170c3c4-b8c9-485c-910d-a21d965ee181",
     "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
     "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
     "analyticRuleVersion2": "1.0.0",
     "analyticRulecontentId2": "7bce901b-9bc8-4948-8dfc-8f68878092d5",
     "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
     "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
-    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2')))]"
+    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
+    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange On-Premises data connector with template",
-        "displayName": "Microsoft Exchange Security - Exchange On-Premises template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 2.0.0",
+        "description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -220,25 +216,25 @@
                   "sampleQueries": [
                     {
                       "description": "All Audit logs",
-                      "query": "Event | where EventLog == 'MSExchange Management'\n  | sort by TimeGenerated"
+                      "query": "Event | where EventLog == 'MSExchange Management' | sort by TimeGenerated"
                     }
                   ],
                   "dataTypes": [
                     {
                       "name": "Event",
-                      "lastDataReceivedQuery": "Event | where EventLog == 'MSExchange Management'\n  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+                      "lastDataReceivedQuery": "Event | where EventLog == 'MSExchange Management'  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
                     },
                     {
                       "name": "Microsoft-W3CIISLog",
-                      "lastDataReceivedQuery": "Microsoft-W3CIISLog  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+                      "lastDataReceivedQuery": "Microsoft-W3CIISLog  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
                     },
                     {
                       "name": "MessageTrackingLog_CL",
-                      "lastDataReceivedQuery": "MessageTrackingLog_CL  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+                      "lastDataReceivedQuery": "MessageTrackingLog_CL  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
                     },
                     {
                       "name": "ExchangeHttpProxy_CL",
-                      "lastDataReceivedQuery": "ExchangeHttpProxy_CL  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+                      "lastDataReceivedQuery": "ExchangeHttpProxy_CL  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
                     }
                   ],
                   "connectivityCriterias": [
@@ -325,7 +321,7 @@
                                           "description": "**Deploy the Azure Arc Agent**\n> [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
                                         },
                                         {
-                                          "title": "Install Azure Log Analytics Agent (Deprecated on XX/XX/XXXX)",
+                                          "title": "Install Azure Log Analytics Agent (Deprecated on 31/08/2024)",
                                           "description": "1. Download the Azure Log Analytics Agent and choose the deployment method in the below link.",
                                           "instructions": [
                                             {
@@ -853,9 +849,9 @@
                       "name": "ESI - Exchange Security Configuration Analyzer"
                     },
                     "support": {
-                        "name": "Community",
-                        "tier": "Community",
-                        "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                      "name": "Community",
+                      "tier": "Community",
+                      "link": "https://github.com/Azure/Azure-Sentinel/issues"
                     },
                     "author": {
                       "name": "Microsoft"
@@ -866,7 +862,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -883,19 +879,30 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Microsoft Exchange Logs and Events",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -916,9 +923,9 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
@@ -968,19 +975,19 @@
           "dataTypes": [
             {
               "name": "Event",
-              "lastDataReceivedQuery": "Event | where EventLog == 'MSExchange Management'\n  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+              "lastDataReceivedQuery": "Event | where EventLog == 'MSExchange Management'  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
             },
             {
               "name": "Microsoft-W3CIISLog",
-              "lastDataReceivedQuery": "Microsoft-W3CIISLog  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+              "lastDataReceivedQuery": "Microsoft-W3CIISLog  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
             },
             {
               "name": "MessageTrackingLog_CL",
-              "lastDataReceivedQuery": "MessageTrackingLog_CL  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+              "lastDataReceivedQuery": "MessageTrackingLog_CL  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
             },
             {
               "name": "ExchangeHttpProxy_CL",
-              "lastDataReceivedQuery": "ExchangeHttpProxy_CL  | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+              "lastDataReceivedQuery": "ExchangeHttpProxy_CL  | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
             }
           ],
           "connectivityCriterias": [
@@ -989,7 +996,7 @@
           "sampleQueries": [
             {
               "description": "All Audit logs",
-              "query": "Event | where EventLog == 'MSExchange Management'\n  | sort by TimeGenerated"
+              "query": "Event | where EventLog == 'MSExchange Management' | sort by TimeGenerated"
             }
           ],
           "availability": {
@@ -1073,7 +1080,7 @@
                                   "description": "**Deploy the Azure Arc Agent**\n> [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
                                 },
                                 {
-                                  "title": "Install Azure Log Analytics Agent (Deprecated on XX/XX/XXXX)",
+                                  "title": "Install Azure Log Analytics Agent (Deprecated on 31/08/2024)",
                                   "description": "1. Download the Azure Log Analytics Agent and choose the deployment method in the below link.",
                                   "instructions": [
                                     {
@@ -1597,33 +1604,15 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange On-Premises data connector with template",
-        "displayName": "Microsoft Exchange Security - Exchange On-Premises template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName2'),'/',variables('dataConnectorVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 2.0.0",
+        "description": "Microsoft Exchange Security - Exchange On-Premises data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion2')]",
@@ -1658,14 +1647,14 @@
                   "dataTypes": [
                     {
                       "name": "ESIExchangeConfig_CL",
-                      "lastDataReceivedQuery": "ESIExchangeConfig_CL\n            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n            | where isnotempty(Time)"
+                      "lastDataReceivedQuery": "ESIExchangeConfig_CL            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s            | where isnotempty(Time)"
                     }
                   ],
                   "connectivityCriterias": [
                     {
                       "type": "IsConnectedQuery",
                       "value": [
-                        "ESIExchangeConfig_CL\n            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n |take 1\n  | project IsConnected = true"
+                        "ESIExchangeConfig_CL           | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s |take 1  | project IsConnected = true"
                       ]
                     }
                   ],
@@ -1705,7 +1694,7 @@
                   },
                   "instructionSteps": [
                     {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ESI_ExchConfigAvailableEnvironments**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)",
+                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)",
                       "instructions": [
                         {
                           "parameters": {
@@ -1713,7 +1702,7 @@
                             "instructionSteps": [
                               {
                                 "title": "1. Download the Parser files",
-                                "description": "The latest version of the 2 files [**ExchangeConfiguration.txt**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList.txt**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)"
+                                "description": "The latest version of the 2 files [**ExchangeConfiguration.yaml**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList.yaml**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)"
                               },
                               {
                                 "title": "2. Create Parser **ExchangeConfiguration** function",
@@ -1724,8 +1713,8 @@
                                 "description": "Click on save button.\n Define the parameters as asked on the header of the parser file.\nClick save again."
                               },
                               {
-                                "title": "4. Reproduce the same steps for Parser **ESI_ExchConfigAvailableEnvironments**",
-                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.txt' file"
+                                "title": "4. Reproduce the same steps for Parser **ExchangeEnvironmentList**",
+                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.yaml' file"
                               }
                             ]
                           },
@@ -1802,9 +1791,9 @@
                       "name": "ESI - Exchange Security Configuration Analyzer"
                     },
                     "support": {
-                        "name": "Community",
-                        "tier": "Community",
-                        "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                      "name": "Community",
+                      "tier": "Community",
+                      "link": "https://github.com/Azure/Azure-Sentinel/issues"
                     },
                     "author": {
                       "name": "Microsoft"
@@ -1815,7 +1804,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
@@ -1832,19 +1821,30 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "Exchange Security Insights On-Premise Collector",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId2')]"
@@ -1865,9 +1865,9 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
@@ -1892,14 +1892,14 @@
           "dataTypes": [
             {
               "name": "ESIExchangeConfig_CL",
-              "lastDataReceivedQuery": "ESIExchangeConfig_CL\n            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n            | where isnotempty(Time)"
+              "lastDataReceivedQuery": "ESIExchangeConfig_CL            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s            | where isnotempty(Time)"
             }
           ],
           "connectivityCriterias": [
             {
               "type": "IsConnectedQuery",
               "value": [
-                "ESIExchangeConfig_CL\n            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n |take 1\n  | project IsConnected = true"
+                "ESIExchangeConfig_CL           | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s |take 1  | project IsConnected = true"
               ]
             }
           ],
@@ -1945,7 +1945,7 @@
           },
           "instructionSteps": [
             {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ESI_ExchConfigAvailableEnvironments**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)",
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)",
               "instructions": [
                 {
                   "parameters": {
@@ -1953,7 +1953,7 @@
                     "instructionSteps": [
                       {
                         "title": "1. Download the Parser files",
-                        "description": "The latest version of the 2 files [**ExchangeConfiguration.txt**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList.txt**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)"
+                        "description": "The latest version of the 2 files [**ExchangeConfiguration.yaml**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-OnPrem-parser) and [**ExchangeEnvironmentList.yaml**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-OnPrem-parser)"
                       },
                       {
                         "title": "2. Create Parser **ExchangeConfiguration** function",
@@ -1964,8 +1964,8 @@
                         "description": "Click on save button.\n Define the parameters as asked on the header of the parser file.\nClick save again."
                       },
                       {
-                        "title": "4. Reproduce the same steps for Parser **ESI_ExchConfigAvailableEnvironments**",
-                        "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.txt' file"
+                        "title": "4. Reproduce the same steps for Parser **ExchangeEnvironmentList**",
+                        "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.yaml' file"
                       }
                     ]
                   },
@@ -2038,33 +2038,15 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "ExchangeAdminAuditLogs Data Parser with template",
-        "displayName": "ExchangeAdminAuditLogs Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ExchangeAdminAuditLogs Data Parser with template version 2.0.0",
+        "description": "ExchangeAdminAuditLogs Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -2073,20 +2055,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "ExchangeAdminAuditLogs",
-                "category": "Samples",
+                "displayName": "Parser for ExchangeAdminAuditLogs",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ExchangeAdminAuditLogs",
-                "query": "\nlet cVIPs = _GetWatchlist('ExchangeVIP') | project tostring(canonicalName) ;\r\nlet sVIPs = _GetWatchlist('ExchangeVIP') | project tostring(sAMAccountName) ;\r\nlet CmdletCheck = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true);\r\nlet SensitiveCmdlets = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true) | project tostring(Cmdlet) ;\r\nlet Env = ExchangeConfiguration(SpecificSectionList=\"ESIEnvironment\")\r\n| extend DomainFQDN_ = tostring(CmdletResultValue.DomainFQDN)\r\n| project DomainFQDN_, ESIEnvironment;\r\nlet MSExchange_Management = (){\r\n    Event\r\n    | where EventLog == 'MSExchange Management'\r\n    | where EventID in (1,6) // 1 = Success, 6 = Failure\r\n    | parse ParameterXml with '<Param>' CmdletName '</Param><Param>' CmdletParameters '</Param><Param>' Caller '</Param><Param>' *\r\n    | extend TargetObject = iif( CmdletParameters has \"-Identity \", split(split(CmdletParameters,'-Identity ')[1],'\"')[1], iif( CmdletParameters has \"-Name \", split(split(CmdletParameters,'-Name ')[1],'\"')[1], \"\"))\r\n    | extend Status = case( EventID == 1, 'Success', 'Failure')\r\n    | extend IsVIP = iif(TargetObject in (cVIPs) or TargetObject in (sVIPs), true, false)\r\n    | extend CmdletNameJoin = tolower(CmdletName)\r\n    | join kind=leftouter  ( \r\n        CmdletCheck\r\n    | extend CmdletNameJoin = tolower(Cmdlet)\r\n    ) on CmdletNameJoin\r\n    | extend DomainEnv = replace_string(Computer,strcat(tostring(split(Computer,'.',0)[0]),'.'),'')\r\n    | join kind=leftouter  ( \r\n        Env\r\n    ) on $left.DomainEnv == $right.DomainFQDN_\r\n    | extend ESIEnvironment = iif (isnotempty(ESIEnvironment), ESIEnvironment, strcat(\"Unknown-\",DomainEnv))\r\n    | extend IsSenstiveCmdlet = iif( isnotempty(CmdletNameJoin1) , true, false) \r\n    | extend IsRestrictedCmdLet = iif(IsSenstiveCmdlet == true, iif( RestrictToParameter == \"Yes\", true, false), dynamic(null))\r\n    | extend RestrictedParameters = iif(IsSenstiveCmdlet == true, split(tolower(Parameters),';'), dynamic(null))\r\n    | extend ExtractedParameters = iif(IsSenstiveCmdlet == true,extract_all(@\"\\B(-\\w+)\", tolower(CmdletParameters)), dynamic(null))\r\n    | extend IsSenstiveCmdletParameters = iif(IsSenstiveCmdlet == true,iif( array_length(set_difference(ExtractedParameters,RestrictedParameters)) == array_length(ExtractedParameters), false, true ) , false)\r\n    | extend IsSensitive = iif( ( IsSenstiveCmdlet == true and IsRestrictedCmdLet == false ) or (IsSenstiveCmdlet == true and IsRestrictedCmdLet == true and IsSenstiveCmdletParameters == true ), true, false )\r\n    //| project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters\r\n    | project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters,IsSensitive,UserOriented, ESIEnvironment\r\n};\r\nMSExchange_Management\r\n",
-                "version": 1,
+                "query": "let cVIPs = _GetWatchlist('ExchangeVIP') | project tostring(canonicalName) ;\nlet sVIPs = _GetWatchlist('ExchangeVIP') | project tostring(sAMAccountName) ;\nlet CmdletCheck = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true);\nlet SensitiveCmdlets = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true) | project tostring(Cmdlet) ;\nlet Env = ExchangeConfiguration(SpecificSectionList=\"ESIEnvironment\")\n| extend DomainFQDN_ = tostring(CmdletResultValue.DomainFQDN)\n| project DomainFQDN_, ESIEnvironment;\nlet MSExchange_Management = (){\n    Event\n    | where EventLog == 'MSExchange Management'\n    | where EventID in (1,6) // 1 = Success, 6 = Failure\n    | parse ParameterXml with '<Param>' CmdletName '</Param><Param>' CmdletParameters '</Param><Param>' Caller '</Param><Param>' *\n    | extend TargetObject = iif( CmdletParameters has \"-Identity \", split(split(CmdletParameters,'-Identity ')[1],'\"')[1], iif( CmdletParameters has \"-Name \", split(split(CmdletParameters,'-Name ')[1],'\"')[1], \"\"))\n    | extend Status = case( EventID == 1, 'Success', 'Failure')\n    | extend IsVIP = iif(TargetObject in (cVIPs) or TargetObject in (sVIPs), true, false)\n    | extend CmdletNameJoin = tolower(CmdletName)\n    | join kind=leftouter  ( \n        CmdletCheck\n    | extend CmdletNameJoin = tolower(Cmdlet)\n    ) on CmdletNameJoin\n    | extend DomainEnv = replace_string(Computer,strcat(tostring(split(Computer,'.',0)[0]),'.'),'')\n    | join kind=leftouter  ( \n        Env\n    ) on $left.DomainEnv == $right.DomainFQDN_\n    | extend ESIEnvironment = iif (isnotempty(ESIEnvironment), ESIEnvironment, strcat(\"Unknown-\",DomainEnv))\n    | extend IsSenstiveCmdlet = iif( isnotempty(CmdletNameJoin1) , true, false) \n    | extend IsRestrictedCmdLet = iif(IsSenstiveCmdlet == true, iif( RestrictToParameter == \"Yes\", true, false), dynamic(null))\n    | extend RestrictedParameters = iif(IsSenstiveCmdlet == true, split(tolower(Parameters),';'), dynamic(null))\n    | extend ExtractedParameters = iif(IsSenstiveCmdlet == true,extract_all(@\"\\B(-\\w+)\", tolower(CmdletParameters)), dynamic(null))\n    | extend IsSenstiveCmdletParameters = iif(IsSenstiveCmdlet == true,iif( array_length(set_difference(ExtractedParameters,RestrictedParameters)) == array_length(ExtractedParameters), false, true ) , false)\n    | extend IsSensitive = iif( ( IsSenstiveCmdlet == true and IsRestrictedCmdLet == false ) or (IsSenstiveCmdlet == true and IsRestrictedCmdLet == true and IsSenstiveCmdletParameters == true ), true, false )\n    //| project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters\n    | project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters,IsSensitive,UserOriented, ESIEnvironment\n};\nMSExchange_Management\n",
+                "functionParameters": "",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "ExchangeAdminAuditLogs"
+                    "value": ""
                   }
                 ]
               }
@@ -2113,14 +2096,25 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "Parser for ExchangeAdminAuditLogs",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
@@ -2130,11 +2124,18 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "ExchangeAdminAuditLogs",
-        "category": "Samples",
+        "displayName": "Parser for ExchangeAdminAuditLogs",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "ExchangeAdminAuditLogs",
-        "query": "\nlet cVIPs = _GetWatchlist('ExchangeVIP') | project tostring(canonicalName) ;\r\nlet sVIPs = _GetWatchlist('ExchangeVIP') | project tostring(sAMAccountName) ;\r\nlet CmdletCheck = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true);\r\nlet SensitiveCmdlets = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true) | project tostring(Cmdlet) ;\r\nlet Env = ExchangeConfiguration(SpecificSectionList=\"ESIEnvironment\")\r\n| extend DomainFQDN_ = tostring(CmdletResultValue.DomainFQDN)\r\n| project DomainFQDN_, ESIEnvironment;\r\nlet MSExchange_Management = (){\r\n    Event\r\n    | where EventLog == 'MSExchange Management'\r\n    | where EventID in (1,6) // 1 = Success, 6 = Failure\r\n    | parse ParameterXml with '<Param>' CmdletName '</Param><Param>' CmdletParameters '</Param><Param>' Caller '</Param><Param>' *\r\n    | extend TargetObject = iif( CmdletParameters has \"-Identity \", split(split(CmdletParameters,'-Identity ')[1],'\"')[1], iif( CmdletParameters has \"-Name \", split(split(CmdletParameters,'-Name ')[1],'\"')[1], \"\"))\r\n    | extend Status = case( EventID == 1, 'Success', 'Failure')\r\n    | extend IsVIP = iif(TargetObject in (cVIPs) or TargetObject in (sVIPs), true, false)\r\n    | extend CmdletNameJoin = tolower(CmdletName)\r\n    | join kind=leftouter  ( \r\n        CmdletCheck\r\n    | extend CmdletNameJoin = tolower(Cmdlet)\r\n    ) on CmdletNameJoin\r\n    | extend DomainEnv = replace_string(Computer,strcat(tostring(split(Computer,'.',0)[0]),'.'),'')\r\n    | join kind=leftouter  ( \r\n        Env\r\n    ) on $left.DomainEnv == $right.DomainFQDN_\r\n    | extend ESIEnvironment = iif (isnotempty(ESIEnvironment), ESIEnvironment, strcat(\"Unknown-\",DomainEnv))\r\n    | extend IsSenstiveCmdlet = iif( isnotempty(CmdletNameJoin1) , true, false) \r\n    | extend IsRestrictedCmdLet = iif(IsSenstiveCmdlet == true, iif( RestrictToParameter == \"Yes\", true, false), dynamic(null))\r\n    | extend RestrictedParameters = iif(IsSenstiveCmdlet == true, split(tolower(Parameters),';'), dynamic(null))\r\n    | extend ExtractedParameters = iif(IsSenstiveCmdlet == true,extract_all(@\"\\B(-\\w+)\", tolower(CmdletParameters)), dynamic(null))\r\n    | extend IsSenstiveCmdletParameters = iif(IsSenstiveCmdlet == true,iif( array_length(set_difference(ExtractedParameters,RestrictedParameters)) == array_length(ExtractedParameters), false, true ) , false)\r\n    | extend IsSensitive = iif( ( IsSenstiveCmdlet == true and IsRestrictedCmdLet == false ) or (IsSenstiveCmdlet == true and IsRestrictedCmdLet == true and IsSenstiveCmdletParameters == true ), true, false )\r\n    //| project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters\r\n    | project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters,IsSensitive,UserOriented, ESIEnvironment\r\n};\r\nMSExchange_Management\r\n",
-        "version": 1
+        "query": "let cVIPs = _GetWatchlist('ExchangeVIP') | project tostring(canonicalName) ;\nlet sVIPs = _GetWatchlist('ExchangeVIP') | project tostring(sAMAccountName) ;\nlet CmdletCheck = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true);\nlet SensitiveCmdlets = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\"]with(format=\"csv\",ignoreFirstRecord=true) | project tostring(Cmdlet) ;\nlet Env = ExchangeConfiguration(SpecificSectionList=\"ESIEnvironment\")\n| extend DomainFQDN_ = tostring(CmdletResultValue.DomainFQDN)\n| project DomainFQDN_, ESIEnvironment;\nlet MSExchange_Management = (){\n    Event\n    | where EventLog == 'MSExchange Management'\n    | where EventID in (1,6) // 1 = Success, 6 = Failure\n    | parse ParameterXml with '<Param>' CmdletName '</Param><Param>' CmdletParameters '</Param><Param>' Caller '</Param><Param>' *\n    | extend TargetObject = iif( CmdletParameters has \"-Identity \", split(split(CmdletParameters,'-Identity ')[1],'\"')[1], iif( CmdletParameters has \"-Name \", split(split(CmdletParameters,'-Name ')[1],'\"')[1], \"\"))\n    | extend Status = case( EventID == 1, 'Success', 'Failure')\n    | extend IsVIP = iif(TargetObject in (cVIPs) or TargetObject in (sVIPs), true, false)\n    | extend CmdletNameJoin = tolower(CmdletName)\n    | join kind=leftouter  ( \n        CmdletCheck\n    | extend CmdletNameJoin = tolower(Cmdlet)\n    ) on CmdletNameJoin\n    | extend DomainEnv = replace_string(Computer,strcat(tostring(split(Computer,'.',0)[0]),'.'),'')\n    | join kind=leftouter  ( \n        Env\n    ) on $left.DomainEnv == $right.DomainFQDN_\n    | extend ESIEnvironment = iif (isnotempty(ESIEnvironment), ESIEnvironment, strcat(\"Unknown-\",DomainEnv))\n    | extend IsSenstiveCmdlet = iif( isnotempty(CmdletNameJoin1) , true, false) \n    | extend IsRestrictedCmdLet = iif(IsSenstiveCmdlet == true, iif( RestrictToParameter == \"Yes\", true, false), dynamic(null))\n    | extend RestrictedParameters = iif(IsSenstiveCmdlet == true, split(tolower(Parameters),';'), dynamic(null))\n    | extend ExtractedParameters = iif(IsSenstiveCmdlet == true,extract_all(@\"\\B(-\\w+)\", tolower(CmdletParameters)), dynamic(null))\n    | extend IsSenstiveCmdletParameters = iif(IsSenstiveCmdlet == true,iif( array_length(set_difference(ExtractedParameters,RestrictedParameters)) == array_length(ExtractedParameters), false, true ) , false)\n    | extend IsSensitive = iif( ( IsSenstiveCmdlet == true and IsRestrictedCmdLet == false ) or (IsSenstiveCmdlet == true and IsRestrictedCmdLet == true and IsSenstiveCmdletParameters == true ), true, false )\n    //| project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters\n    | project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters,IsSensitive,UserOriented, ESIEnvironment\n};\nMSExchange_Management\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -2160,40 +2161,22 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('parserTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "ExchangeConfiguration Data Parser with template",
-        "displayName": "ExchangeConfiguration Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName2'),'/',variables('parserVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ExchangeConfiguration Data Parser with template version 2.0.0",
+        "description": "ExchangeConfiguration Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion2')]",
@@ -2202,21 +2185,21 @@
           "resources": [
             {
               "name": "[variables('_parserName2')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "ExchangeConfiguration",
-                "category": "Samples",
+                "displayName": "Parser for ExchangeConfiguration",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ExchangeConfiguration",
+                "query": "let _SpecificSectionList = split(SpecificSectionList,',');\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\n// Building Base Request\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \n    | where TimeGenerated > _targetDate\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \n    | where ScopedEnvironment in (_configurationEnv)\n    | extend EntryDate = todatetime(EntryDate_s)\n    | project-away EntryDate_s);\n// Find Config Id (can be multiple id in all)\nlet findConfigDate = baseRequest\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\n    | top-nested of Env by Ignore0=max(1), \n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \n    | project GenerationInstanceID_g;\n// Parse Result\nlet ParseExchangeConfig = () { baseRequest \n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\n | extend TimeGenerated = EntryDate\n | extend Identity = IdentityString_s\n | extend CmdletResultValue = parse_json(rawData_s)\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\n | project-away TenantId,SourceSystem,Type,EntryDate\n};\nParseExchangeConfig\n",
                 "functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
-                "query": "\nlet _SpecificSectionList = split(SpecificSectionList,',');\r\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\r\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\r\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\r\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \r\n    | where TimeGenerated > _targetDate\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target\r\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \r\n    | where ScopedEnvironment in (_configurationEnv)\r\n    | extend EntryDate = todatetime(EntryDate_s)\r\n    | project-away EntryDate_s);\r\nlet findConfigDate = baseRequest\r\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\r\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\r\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\r\n    | top-nested of Env by Ignore0=max(1), \r\n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \r\n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \r\n    | project GenerationInstanceID_g;\r\nlet ParseExchangeConfig = () { baseRequest \r\n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\r\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\r\n | extend TimeGenerated = EntryDate\r\n | extend Identity = IdentityString_s\r\n | extend CmdletResultValue = parse_json(rawData_s)\r\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\r\n | project-away TenantId,SourceSystem,Type,EntryDate\r\n};\r\nParseExchangeConfig",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "ExchangeConfiguration"
+                    "value": ""
                   }
                 ]
               }
@@ -2243,14 +2226,25 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId2')]",
+        "contentKind": "Parser",
+        "displayName": "Parser for ExchangeConfiguration",
+        "contentProductId": "[variables('_parsercontentProductId2')]",
+        "id": "[variables('_parsercontentProductId2')]",
+        "version": "[variables('parserVersion2')]"
       }
     },
     {
@@ -2260,12 +2254,18 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "ExchangeConfiguration",
-        "category": "Samples",
+        "displayName": "Parser for ExchangeConfiguration",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "ExchangeConfiguration",
-		    "functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
-        "query": "\nlet _SpecificSectionList = split(SpecificSectionList,',');\r\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\r\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\r\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\r\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \r\n    | where TimeGenerated > _targetDate\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target\r\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \r\n    | where ScopedEnvironment in (_configurationEnv)\r\n    | extend EntryDate = todatetime(EntryDate_s)\r\n    | project-away EntryDate_s);\r\nlet findConfigDate = baseRequest\r\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\r\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\r\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\r\n    | top-nested of Env by Ignore0=max(1), \r\n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \r\n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \r\n    | project GenerationInstanceID_g;\r\nlet ParseExchangeConfig = () { baseRequest \r\n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\r\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\r\n | extend TimeGenerated = EntryDate\r\n | extend Identity = IdentityString_s\r\n | extend CmdletResultValue = parse_json(rawData_s)\r\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\r\n | project-away TenantId,SourceSystem,Type,EntryDate\r\n};\r\nParseExchangeConfig",
-        "version": 1
+        "query": "let _SpecificSectionList = split(SpecificSectionList,',');\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\n// Building Base Request\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \n    | where TimeGenerated > _targetDate\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \n    | where ScopedEnvironment in (_configurationEnv)\n    | extend EntryDate = todatetime(EntryDate_s)\n    | project-away EntryDate_s);\n// Find Config Id (can be multiple id in all)\nlet findConfigDate = baseRequest\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\n    | top-nested of Env by Ignore0=max(1), \n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \n    | project GenerationInstanceID_g;\n// Parse Result\nlet ParseExchangeConfig = () { baseRequest \n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\n | extend TimeGenerated = EntryDate\n | extend Identity = IdentityString_s\n | extend CmdletResultValue = parse_json(rawData_s)\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\n | project-away TenantId,SourceSystem,Type,EntryDate\n};\nParseExchangeConfig\n",
+        "functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -2291,40 +2291,22 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('parserTemplateSpecName3')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "ExchangeEnvironmentList Data Parser with template",
-        "displayName": "ExchangeEnvironmentList Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName3'),'/',variables('parserVersion3'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName3'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ExchangeEnvironmentList Data Parser with template version 2.0.0",
+        "description": "ExchangeEnvironmentList Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion3')]",
@@ -2333,21 +2315,21 @@
           "resources": [
             {
               "name": "[variables('_parserName3')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "ExchangeEnvironmentList",
-                "category": "Samples",
+                "displayName": "Parser for ExchangeEnvironmentList",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ExchangeEnvironmentList",
+                "query": "let _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target;\n// Base Request\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s\n",
                 "functionParameters": "Target:string = \"On-Premises\"",
-                "query": "\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target;\r\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "ExchangeEnvironmentList"
+                    "value": ""
                   }
                 ]
               }
@@ -2374,14 +2356,25 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId3')]",
+        "contentKind": "Parser",
+        "displayName": "Parser for ExchangeEnvironmentList",
+        "contentProductId": "[variables('_parsercontentProductId3')]",
+        "id": "[variables('_parsercontentProductId3')]",
+        "version": "[variables('parserVersion3')]"
       }
     },
     {
@@ -2391,12 +2384,18 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "ExchangeEnvironmentList",
-        "category": "Samples",
+        "displayName": "Parser for ExchangeEnvironmentList",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "ExchangeEnvironmentList",
+        "query": "let _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target;\n// Base Request\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s\n",
         "functionParameters": "Target:string = \"On-Premises\"",
-        "query": "\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target;\r\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s",
-        "version": 1
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -2422,40 +2421,22 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - On-Premises Workbook with template",
-        "displayName": "Microsoft Exchange Security - On-Premises workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Least Privilege with RBAC Workbook with template version 2.0.0",
+        "description": "Microsoft Exchange Least Privilege with RBAC Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -2473,7 +2454,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"743317e2-ebcf-4958-861d-4ff97fc7cce1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ESI_ExchConfigAvailableEnvironments(Target=\\\"On-Premises\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n    | where ScopedEnvironment in (_configurationEnv)\\r\\n    | where TimeGenerated > ago(90d)\\r\\n    | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n    | summarize by Collection \\r\\n    | join kind= fullouter ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n        | where ScopedEnvironment in (_configurationEnv)\\r\\n        | where TimeGenerated > ago(90d)\\r\\n        | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n        | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm ')\\r\\n        | summarize by PreciseCollection, Collection \\r\\n        | join kind=leftouter (\\r\\n            ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n            | where ScopedEnvironment in (_configurationEnv)\\r\\n            | where TimeGenerated > ago(90d)\\r\\n            | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n            | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm')\\r\\n            | summarize by PreciseCollection, Collection \\r\\n            | summarize count() by Collection\\r\\n        ) on Collection\\r\\n    ) on Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,iif(count_ > 1,PreciseCollection,Collection1)), Label = iif(Selected,\\\"Last Known date\\\",iif(count_ > 1,PreciseCollection,Collection1)), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":1,\"content\":{\"json\":\"This workbook displayed the custom RBAC delegations: on default groups, on Custom Roles groups, Using custom roles.</BR>\\r\\nSelect your Exchange Organization and adjust the time range.\\r\\nBy default, the Help won't be displayed. To display the help, choose Yes on the toogle buttom \\\"Show Help\\\"\",\"style\":\"info\"},\"name\":\"text - 8\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"e59f0f7f-fd05-4ec8-9f59-e4d9c3b589f2\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Current RBAC Delegation\",\"subTarget\":\"RBACDelegation\",\"preText\":\"RBAC Delegation\",\"postText\":\"\",\"style\":\"link\"},{\"id\":\"67739913-b364-4071-864d-faf4d94c9ad6\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Custom Roles\",\"subTarget\":\"CustomRole\",\"style\":\"link\"},{\"id\":\"8def944a-53fe-4544-bc8f-5b3ca66eda34\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Default Groups content\",\"subTarget\":\"DefaultGroup\",\"preText\":\"Default Group\",\"style\":\"link\"},{\"id\":\"5eeebe10-be67-4f8a-9d91-4bc6c70c3e16\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Help\",\"subTarget\":\"start\",\"style\":\"link\"}]},\"name\":\"links - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegations\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The current delegations are compared to an export of default delegations done on Exchange 2019.\\r\\nTo find which is used for the comparaison please follow this link.\\r\\nThe export is located on the public GitHub of the project.\\r\\n\\r\\ncheck this link : <a href=\\\"https://aka.ms/esiwatchlist\\\" target=\\\"_blank\\\\\\\">https://aka.ms/esiwatchlist</a>\\r\\n\\r\\nIt will be updated by the team project.\\r\\n\",\"style\":\"info\"},\"name\":\"text - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegations on User Accounts\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays custom delegations set directly on User Accounts.\"},\"name\":\"text - 2 - Copy\"},{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done directly to a user account.\\r\\n\\r\\nDetailed information for the user accounts will be displayed.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegations for latest export of default Exchange 2019 delegation located in the public GitHub of the project.\\r\\n\\r\\nThese types of delegations are not visible on the Exchange Admin Center.\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done directly to service account. Being able to see this delegation will help to sanityze the environment as some delegations may be no more necessary\\r\\n\\r\\n  - Delegation done by mistake directly to Administrator Accounts\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\nDetailed information for the user accounts will be displayed in the sections below.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/view-effective-permissions-exchange-2013-help\\\" target=\\\"_blank\\\">View RBAC effective permissions</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/powershell/module/exchange/get-managementroleassignment?view=exchange-ps\\\" target=\\\"_blank\\\">Get-ManagementRoleAssignment</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/understanding-role-based-access-control-exchange-2013-help \\\" target=\\\"_blank\\\">Understanding Role Based Access Control</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"d9d4e0a2-b75d-4825-9f4e-7606516500e1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"0\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"46c608de-033d-4c4f-99e6-2784439cfa18\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n|extend Role=tostring (CmdletResultValue.Role.Name)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role.Name contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"0\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\")\\r\\n| project Name,Role,RoleAssigneeName, RoleAssignmentDelegationType,Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope,WhenCreated, WhenChanged\\r\\n| sort by RoleAssigneeName asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"31.5ch\"}},{\"columnMatch\":\"Total\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"9.3ch\"}},{\"columnMatch\":\"Count\",\"formatter\":21,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"330px\"}},{\"columnMatch\":\"Anomalies\",\"formatter\":10,\"formatOptions\":{\"palette\":\"redBright\",\"customColumnWidthSetting\":\"330px\"}}],\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegations on User Accounts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation on Groups\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays custom delegations set  on groups.\"},\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done for standard and nonstandard groups. Indeed, default groups have a list of default delegations but an Exchange administrators can add also new roles to the default groups.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegations for latest export of default Exchange 2019 delegation located in the public GitHub of the project.\\r\\n\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done for role group Organization Management to role like Mailbox Import Export or Mailbox Search (by default this delegation is not configured)\\r\\n\\r\\n  - Delegation done by mistake\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\nDetailed information for the user accounts present in the groups will be displayed in the sections below.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/view-effective-permissions-exchange-2013-help\\\" target=\\\"_blank\\\">View RBAC effective permissions</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/powershell/module/exchange/get-managementroleassignment?view=exchange-ps\\\" target=\\\"_blank\\\">Get-ManagementRoleAssignment</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/understanding-role-based-access-control-exchange-2013-help \\\" target=\\\"_blank\\\">Understanding Role Based Access Control </a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"c548eb09-54e3-41bf-a99d-be3534f7018b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"10\\\" or CmdletResultValue.RoleAssigneeType == \\\"2\\\" or CmdletResultValue.RoleAssigneeType == \\\"12\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"rowLimit\":10000},{\"id\":\"4194717a-4a09-4c73-b02d-b1ac8587619d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n|extend Role=tostring (CmdletResultValue.Role.Name)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nlet RoleG = ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| project RoleAssigneeName=tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role.Name contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"10\\\" or CmdletResultValue.RoleAssigneeType == \\\"2\\\" or CmdletResultValue.RoleAssigneeType == \\\"12\\\"\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend LinkedGroup = iff(tostring(CmdletResultValue.RoleAssigneeType)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n|lookup RoleG on RoleAssigneeName \\r\\n//| extend LinkedGroup = iff(tostring(LinkedGroup)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| project Name,Role,RoleAssigneeName,LinkedGroup, RoleAssignmentDelegationType,Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope,WhenCreated, WhenChanged\\r\\n| sort by RoleAssigneeName asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegation on Groups\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Custom Delegation\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee User account\",\"items\":[{\"type\":1,\"content\":{\"json\":\"In the previous section, custom delegations for user have been displayed.\\r\\n\\r\\nThis section display detailed information for the accounts found in the previous. Once you know that an account has a high privilege delegations, you may want to have additional information like Last Logon, Password Last Set...\\r\\n\\r\\nSelect a user un the dropdown list.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 366 days\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"This section displays details information for user accounts found with non standard delegations :\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\\r\\n\\r\\nYou may find old service accounts that are no more used, or with a last password set very old...\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"27e4c2e9-d113-4bf9-808f-0f8f68b5152e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"0\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"10c2eb2f-2cf2-4650-a9f1-3ee646acaebb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"6f7128ee-2f2c-421d-bc9f-37aee85fb214\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"DirectRoleAssignments\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.SamAccountName contains \\\"{RoleAssignee}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend ManagementRoleAssignment = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend Account = tostring(CmdletResultValue.SamAccountName)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\", iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by Account asc\",\"size\":1,\"showAnalytics\":true,\"color\":\"green\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ManagementRoleAssignment\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ManagementRoleAssignment\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee User account\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Details information for Group delegation\\r\\nIn the previous section, custom delegations for groups have been displayed.\\r\\n\\r\\nThis section display detailed information for the accounts found in the group displayed in the previuos section. Once you know that an account has a high privilege delegations, you may want to have additional information like Last Logon, Password Last Set...\\r\\n\\r\\nSelect a group un the dropdown list.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 366 days\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"This section displays details information for user accounts included in the found groups with non standard delegation : \\r\\n\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\\r\\n\\r\\nYou may find old service accounts that are no more used, or with a last password set very old...\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"75c3cdf3-d0c3-46c3-83ae-429979774234\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"10\\\" or CmdletResultValue.RoleAssigneeType == \\\"2\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"1a3b374c-0467-4fd9-b2fc-edebd0a97302\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"170db194-195f-4991-b726-6c0658562616\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Parentgroup contains \\\"{RoleAssignee}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| project CmdletResultValue\\r\\n| extend Level_ = tostring(CmdletResultValue.Level)\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\", iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue, Level_,Parentgroup\\r\\n| sort by MemberPath asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee group\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Information for Role Assignee\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Linked Groups information\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Linked Groups\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Display associated remote forest's  group for Linked Group\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where  CmdletResultValue.RoleGroupType == \\\"1\\\"\\r\\n//| extend ManagementRoleAssignment = tostring(CmdletResultValue.Name)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.Name)\\r\\n| extend LinkedGroup = tostring(CmdletResultValue.LinkedGroup)\\r\\n//| extend LinkedGroup = iff(tostring(CmdletResultValue.RoleAssigneeType)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n//|lookup RoleG on RoleAssigneeName \\r\\n//| extend LinkedGroup = iff(tostring(LinkedGroup)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n| project RoleAssigneeName, LinkedGroup, WhenCreated, WhenChanged\\r\\n| sort by RoleAssigneeName asc\",\"size\":1,\"showAnalytics\":true,\"color\":\"green\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Linked Groups\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Linked Groups information\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Compliance Management\\\", \\\"Delegated Setup\\\",\\\"Discovery Management\\\",\\\"Help Desk\\\",\\\"Hygiene Management\\\",\\\"Organization Management\\\",\\\"Public Folder Management\\\",\\\"Recipient Management\\\",\\\"Records Management\\\",\\\"Security Administrator\\\",\\\"Security Reader\\\",\\\"Server Management\\\",\\\"UM Management\\\",\\\"View-Only Organization Management\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Parentgroup in (StandardGroup)\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| summarize Total = count()-1 by Parentgroup\\r\\n| extend Comment = case (Total>0 and Parentgroup contains \\\"Discovery Management\\\", \\\"❌ This group should be empty Just in time should be used\\\", Total>5 and Parentgroup contains \\\"Organization Management\\\", \\\"❌ The content of this group should limited to only Level 3 Administrators\\\", Total>0 and Parentgroup contains \\\"Hygiene Management\\\", \\\"❌ This group should be empty or only contains Exchange server and/or Exchange antivirus Spam accounts\\\", \\\"Remember to regularly review the content of the group\\\")\\r\\n| sort by Parentgroup asc\",\"size\":3,\"showAnalytics\":true,\"title\":\"Numbers of members for high privileges groups\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"All the default Exchange groups located in the default Exchange OU : Microsoft Exchange Security Groups are displayed with their number of members.\\r\\n\\r\\nIt is very important to monitor the content of Exchange groups and raise an alert when a new member is added.\\r\\n\\r\\nFor critical groups, a warning is display if the number exceeded a define thresold :\\r\\n  - Discovery Management: This group should be empty, so a warning is displayed when the group is not empty\\r\\n\\r\\n  - Organization Management : This group should only contain only Exchange expert. No service account should be member of this groupe. A warning is display when the total numer of member exceeded 5\\r\\n  - Hygiene Management : This group can acces and moidify the content of all mailboxes using EWS. A warning is display when the group is not empty. This warning can be ignored if the accounts are the Antispam service account or Exchange servers Computer accounts\"},\"name\":\"text - 0\"}]},\"name\":\"group - 1\"}]},\"name\":\"Summarize Number of Member Per Group\"},{\"type\":1,\"content\":{\"json\":\"❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 366 days\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7c281d60-8434-4636-b85e-aef6296f1107\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}},{\"id\":\"e122a0de-1395-4002-96f9-cc057c257518\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Compliance Management\\\", \\\"Delegated Setup\\\",\\\"Discovery Management\\\",\\\"Help Desk\\\",\\\"Hygiene Management\\\",\\\"Organization Management\\\",\\\"Public Folder Management\\\",\\\"Recipient Management\\\",\\\"Records Management\\\",\\\"Security Administrator\\\",\\\"Security Reader\\\",\\\"Server Management\\\",\\\"UM Management\\\",\\\"View-Only Organization Management\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Parentgroup in (StandardGroup)\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| where Level !=0\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\", iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by MemberPath asc\",\"size\":3,\"showAnalytics\":true,\"title\":\"Default Exchange groups content\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"$gen_group\",\"formatter\":1},{\"columnMatch\":\"ParentGroup\",\"formatter\":1},{\"columnMatch\":\"Parentgroup\",\"formatter\":5},{\"columnMatch\":\"Group\",\"formatter\":1}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Parentgroup\"],\"finalBy\":\"Parentgroup\"},\"labelSettings\":[{\"columnId\":\"Parentgroup\",\"label\":\"ParentGroup\"}]}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section the content of the groups with details informations.\\r\\n\\r\\nIt is recommended to check the Last logon and last password change informations.\"},\"name\":\"text - 0\"}]},\"name\":\"group - 2\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"DefaultGroup\"},\"name\":\"group - 4\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Let start with Least Privileges with RBAC\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Workbook goals\\r\\nThe goals of this workbook is to show you the current RBAC delegation\\r\\n\\r\\n\\r\\nThis workbook will display :\\r\\n\\r\\n  - NonStandrd RBAC delegation\\r\\n\\r\\n  - Exchange default group content\\r\\n\\r\\n  - Analysis of the actions performed by Organization Management members to remove them from the groups\\r\\n\\r\\n----\\r\\n\\r\\n## Tabs\\r\\n\\r\\n### Current RBAC Delegation\\r\\n\\r\\nThis tab will show all the nonstandard RBAC delegation.\\r\\n\\r\\n**Most of the time RBAC are done and forgotten... This tab will provide a clear statut of the delegation and help with the remediation.**\\r\\n\\r\\nBy nonstandard, it means that the current delegation are compared to the delegation from Exchange 2019 CU11.\\r\\n\\r\\nNonstandard delegation for standard groups like Organization Management will also be displayed.\\r\\n\\r\\nDetail information for  found will be displayed : Last logon, last password changed...\\r\\n\\r\\n### Default Group content\\r\\n\\r\\nThis tab will show the number of members for default Exchange groups and their content.\\r\\n\\r\\nMost of the time, the content of common Exchange groups but Exchange is shipped with many groups that have very high privileges and its interesting to see that they are not empty as expected.\"},\"name\":\"text - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"start\"},\"name\":\"group - 6\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Role details\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"List of Custom Roles\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows the Custom management roles that exist in your environnment and the name of the parent's role\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"Liste of existing Custom roles\"},\"customWidth\":\"50\",\"name\":\"text - 5\"},{\"type\":1,\"content\":{\"json\":\"List of Custom with a Management Role Assignement (associated with a group or a user). Display the target account and scope if set\"},\"customWidth\":\"50\",\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| extend WhenCreated = WhenCreated\\r\\n| project Identity, ParentRole, WhenCreated, WhenChanged\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n//| extend Scope = tostring(CmdletResultValue.RecipientWriteScope)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n//| project Role = tostring(CmdletResultValue.Role.Name)\\r\\n| distinct Role,RoleAssigneeName,Scope\\r\\n| project Role,RoleAssigneeName,Scope\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| project Role = tostring(CmdletResultValue.Role.Name), Scope, RoleAssigneeName\\r\\n| join  kind=fullouter (MRcustomRoles) on Role\\r\\n| project Role = Role1, Scope, RoleAssigneeName,Comment = iff(Role == \\\"\\\", \\\"⚠️ No existing delegation for this role\\\", \\\"✅ This role is delegated with a Management Role Assignment\\\")\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n    | project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| project Role = tostring(CmdletResultValue.Role.Name)\\r\\n| join  kind=fullouter (MRcustomRoles) on Role\\r\\n| summarize acount = count() by iff( Role==\\\"\\\",\\\"Number of non assigned roles\\\", Role)\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 3\"}]},\"name\":\"List of Custom Roles\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Roles delegation on group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows delegation associated with the Custom Roles\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, Role, RoleAssigneeType, CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\\r\\n\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\"}]},\"name\":\"group - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Details for Custom Roles Cmdlets \",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays for the chosen custom management roles all Cmdlets and their parameters associated with this custom role.\\r\\nRemember that for a cmdlet, some parameters can be removed.\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"07c8ac83-371d-4702-ab66-72aeb2a20053\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CustomRole\",\"type\":2,\"isRequired\":true,\"query\":\" ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| project Identity\",\"typeSettings\":{\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SelectedRole = toscalar ( ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| where Identity contains \\\"{CustomRole}\\\"\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| project ParentRole);\\r\\nlet DefMRA = externaldata (Role:string,CmdletCount:string,Parameters:string )[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/RBACRoleCmdlet.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| where Role == SelectedRole | summarize CmdletCount=count() by  Role;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend CustomRoleName = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = CmdletResultValue.Name\\r\\n| extend Parameters = CmdletResultValue.Parameters\\r\\n| project CmdletName,Parameters,ParentRole = SelectedRole\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Parameters\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"100ch\"}}],\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"70\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SelectedRole = toscalar ( ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| where Identity contains \\\"{CustomRole}\\\"\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| project ParentRole);\\r\\nlet DefMRA = externaldata (Role:string,CmdletCount:string,Parameters:string )[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/RBACRoleCmdlet.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| where Role == SelectedRole | summarize CmdletCount=count() by  Role;\\r\\nlet MRCustomD = ExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend Role = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = CmdletResultValue.Name\\r\\n| extend ParentRole = tostring(SelectedRole)\\r\\n| summarize CmdletCount = count() by  Role, ParentRole\\r\\n| project Role,CmdletCount;\\r\\nunion MRCustomD, DefMRA\",\"size\":0,\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"30\",\"name\":\"query - 3\"},{\"type\":1,\"content\":{\"json\":\"List of Cmdlets ( Get- command have been removed to clarify the information) with :\\r\\nCustomParamCount : number of parameters for the Cmdlet in the custom role\\r\\nDefaultCmdletNumberofParam : number of parameters for the Cmdlet in the default role\\r\\n\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SelectedRole = toscalar ( ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| where Identity contains \\\"{CustomRole}\\\"\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| project ParentRole);\\r\\nlet DefMRA = externaldata (Role:string,Name:string,Parameters:string )[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/RBACRoleCmdlet.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| where Role == SelectedRole | mv-expand split(todynamic(Parameters),\\\";\\\")| summarize ParamCount = count() by  Name;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend CustomRoleName = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = tostring(CmdletResultValue.Name)\\r\\n| where CmdletName !contains \\\"get-\\\"\\r\\n| extend Parameters = CmdletResultValue.Parameters\\r\\n| extend ParentRole = tostring(SelectedRole)\\r\\n| mv-expand split(todynamic(Parameters),\\\";\\\")\\r\\n| summarize ParamCount = count() by CmdletName, ParentRole\\r\\n| join (DefMRA) on $left.CmdletName == $right.Name\\r\\n| project CmdletName, CustomParamCount = ParamCount , DefaultCmdletNumberofParam = ParamCount1\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"DefaultCmdletNumberofParam\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"DefaultCmdletNumberofParam\",\"sortOrder\":1}]},\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Details for Custom Roles Cmdlets \"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"CustomRole\"},\"name\":\"Custom Role\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeLeastPrivilegewithRBAC\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"743317e2-ebcf-4958-861d-4ff97fc7cce1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ExchangeEnvironmentList(Target=\\\"On-Premises\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n    | where ScopedEnvironment in (_configurationEnv)\\r\\n    | where TimeGenerated > ago(90d)\\r\\n    | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n    | summarize by Collection \\r\\n    | join kind= fullouter ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n        | where ScopedEnvironment in (_configurationEnv)\\r\\n        | where TimeGenerated > ago(90d)\\r\\n        | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n        | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm ')\\r\\n        | summarize by PreciseCollection, Collection \\r\\n        | join kind=leftouter (\\r\\n            ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n            | where ScopedEnvironment in (_configurationEnv)\\r\\n            | where TimeGenerated > ago(90d)\\r\\n            | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n            | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm')\\r\\n            | summarize by PreciseCollection, Collection \\r\\n            | summarize count() by Collection\\r\\n        ) on Collection\\r\\n    ) on Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,iif(count_ > 1,PreciseCollection,Collection1)), Label = iif(Selected,\\\"Last Known date\\\",iif(count_ > 1,PreciseCollection,Collection1)), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":1,\"content\":{\"json\":\"This workbook displayed the custom RBAC delegations: on default groups, on Custom Roles groups, Using custom roles.</BR>\\r\\nSelect your Exchange Organization and adjust the time range.\\r\\nBy default, the Help won't be displayed. To display the help, choose Yes on the toogle buttom \\\"Show Help\\\"\",\"style\":\"info\"},\"name\":\"text - 8\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"e59f0f7f-fd05-4ec8-9f59-e4d9c3b589f2\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Current RBAC Delegation\",\"subTarget\":\"RBACDelegation\",\"preText\":\"RBAC Delegation\",\"postText\":\"\",\"style\":\"link\"},{\"id\":\"67739913-b364-4071-864d-faf4d94c9ad6\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Custom Roles\",\"subTarget\":\"CustomRole\",\"style\":\"link\"},{\"id\":\"8def944a-53fe-4544-bc8f-5b3ca66eda34\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Default Groups content\",\"subTarget\":\"DefaultGroup\",\"preText\":\"Default Group\",\"style\":\"link\"},{\"id\":\"5eeebe10-be67-4f8a-9d91-4bc6c70c3e16\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Help\",\"subTarget\":\"start\",\"style\":\"link\"}]},\"name\":\"links - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegations\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The current delegations are compared to an export of default delegations done on Exchange 2019.\\r\\nTo find which is used for the comparaison please follow this link.\\r\\nThe export is located on the public GitHub of the project.\\r\\n\\r\\ncheck this link : <a href=\\\"https://aka.ms/esiwatchlist\\\" target=\\\"_blank\\\\\\\">https://aka.ms/esiwatchlist</a>\\r\\n\\r\\nIt will be updated by the team project.\\r\\n\",\"style\":\"info\"},\"name\":\"text - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegations on User Accounts\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays custom delegations set directly on User Accounts.\"},\"name\":\"text - 2 - Copy\"},{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done directly to a user account.\\r\\n\\r\\nDetailed information for the user accounts will be displayed.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegations for latest export of default Exchange 2019 delegation located in the public GitHub of the project.\\r\\n\\r\\nThese types of delegations are not visible on the Exchange Admin Center.\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done directly to service account. Being able to see this delegation will help to sanityze the environment as some delegations may be no more necessary\\r\\n\\r\\n  - Delegation done by mistake directly to Administrator Accounts\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\nDetailed information for the user accounts will be displayed in the sections below.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/view-effective-permissions-exchange-2013-help\\\" target=\\\"_blank\\\">View RBAC effective permissions</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/powershell/module/exchange/get-managementroleassignment?view=exchange-ps\\\" target=\\\"_blank\\\">Get-ManagementRoleAssignment</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/understanding-role-based-access-control-exchange-2013-help \\\" target=\\\"_blank\\\">Understanding Role Based Access Control</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"d9d4e0a2-b75d-4825-9f4e-7606516500e1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"0\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"46c608de-033d-4c4f-99e6-2784439cfa18\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n|extend Role=tostring (CmdletResultValue.Role.Name)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role.Name contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"0\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\")\\r\\n| project Name,Role,RoleAssigneeName, RoleAssignmentDelegationType,Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope,WhenCreated, WhenChanged\\r\\n| sort by RoleAssigneeName asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"31.5ch\"}},{\"columnMatch\":\"Total\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"9.3ch\"}},{\"columnMatch\":\"Count\",\"formatter\":21,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"330px\"}},{\"columnMatch\":\"Anomalies\",\"formatter\":10,\"formatOptions\":{\"palette\":\"redBright\",\"customColumnWidthSetting\":\"330px\"}}],\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegations on User Accounts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation on Groups\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays custom delegations set  on groups.\"},\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done for standard and nonstandard groups. Indeed, default groups have a list of default delegations but an Exchange administrators can add also new roles to the default groups.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegations for latest export of default Exchange 2019 delegation located in the public GitHub of the project.\\r\\n\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done for role group Organization Management to role like Mailbox Import Export or Mailbox Search (by default this delegation is not configured)\\r\\n\\r\\n  - Delegation done by mistake\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\nDetailed information for the user accounts present in the groups will be displayed in the sections below.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/view-effective-permissions-exchange-2013-help\\\" target=\\\"_blank\\\">View RBAC effective permissions</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/powershell/module/exchange/get-managementroleassignment?view=exchange-ps\\\" target=\\\"_blank\\\">Get-ManagementRoleAssignment</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/understanding-role-based-access-control-exchange-2013-help \\\" target=\\\"_blank\\\">Understanding Role Based Access Control </a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"c548eb09-54e3-41bf-a99d-be3534f7018b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"10\\\" or CmdletResultValue.RoleAssigneeType == \\\"2\\\" or CmdletResultValue.RoleAssigneeType == \\\"12\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"rowLimit\":10000},{\"id\":\"4194717a-4a09-4c73-b02d-b1ac8587619d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n|extend Role=tostring (CmdletResultValue.Role.Name)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nlet RoleG = ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| project RoleAssigneeName=tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role.Name contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"10\\\" or CmdletResultValue.RoleAssigneeType == \\\"2\\\" or CmdletResultValue.RoleAssigneeType == \\\"12\\\"\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend LinkedGroup = iff(tostring(CmdletResultValue.RoleAssigneeType)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n|lookup RoleG on RoleAssigneeName \\r\\n//| extend LinkedGroup = iff(tostring(LinkedGroup)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| project Name,Role,RoleAssigneeName,LinkedGroup, RoleAssignmentDelegationType,Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope,WhenCreated, WhenChanged\\r\\n| sort by RoleAssigneeName asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegation on Groups\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Custom Delegation\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee User account\",\"items\":[{\"type\":1,\"content\":{\"json\":\"In the previous section, custom delegations for user have been displayed.\\r\\n\\r\\nThis section display detailed information for the accounts found in the previous. Once you know that an account has a high privilege delegations, you may want to have additional information like Last Logon, Password Last Set...\\r\\n\\r\\nSelect a user un the dropdown list.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 366 days\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"This section displays details information for user accounts found with non standard delegations :\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\\r\\n\\r\\nYou may find old service accounts that are no more used, or with a last password set very old...\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"27e4c2e9-d113-4bf9-808f-0f8f68b5152e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"0\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"10c2eb2f-2cf2-4650-a9f1-3ee646acaebb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"6f7128ee-2f2c-421d-bc9f-37aee85fb214\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"DirectRoleAssignments\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.SamAccountName contains \\\"{RoleAssignee}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend ManagementRoleAssignment = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend Account = tostring(CmdletResultValue.SamAccountName)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\", iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by Account asc\",\"size\":1,\"showAnalytics\":true,\"color\":\"green\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ManagementRoleAssignment\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ManagementRoleAssignment\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee User account\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Details information for Group delegation\\r\\nIn the previous section, custom delegations for groups have been displayed.\\r\\n\\r\\nThis section display detailed information for the accounts found in the group displayed in the previuos section. Once you know that an account has a high privilege delegations, you may want to have additional information like Last Logon, Password Last Set...\\r\\n\\r\\nSelect a group un the dropdown list.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 366 days\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"This section displays details information for user accounts included in the found groups with non standard delegation : \\r\\n\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\\r\\n\\r\\nYou may find old service accounts that are no more used, or with a last password set very old...\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"75c3cdf3-d0c3-46c3-83ae-429979774234\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/StandardMRA.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"10\\\" or CmdletResultValue.RoleAssigneeType == \\\"2\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"1a3b374c-0467-4fd9-b2fc-edebd0a97302\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"170db194-195f-4991-b726-6c0658562616\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Parentgroup contains \\\"{RoleAssignee}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| project CmdletResultValue\\r\\n| extend Level_ = tostring(CmdletResultValue.Level)\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\", iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue, Level_,Parentgroup\\r\\n| sort by MemberPath asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee group\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Information for Role Assignee\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Linked Groups information\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Linked Groups\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Display associated remote forest's  group for Linked Group\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where  CmdletResultValue.RoleGroupType == \\\"1\\\"\\r\\n//| extend ManagementRoleAssignment = tostring(CmdletResultValue.Name)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.Name)\\r\\n| extend LinkedGroup = tostring(CmdletResultValue.LinkedGroup)\\r\\n//| extend LinkedGroup = iff(tostring(CmdletResultValue.RoleAssigneeType)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n//|lookup RoleG on RoleAssigneeName \\r\\n//| extend LinkedGroup = iff(tostring(LinkedGroup)==\\\"12\\\", \\\"Yes\\\",\\\"No\\\")\\r\\n| project RoleAssigneeName, LinkedGroup, WhenCreated, WhenChanged\\r\\n| sort by RoleAssigneeName asc\",\"size\":1,\"showAnalytics\":true,\"color\":\"green\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Linked Groups\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Linked Groups information\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Compliance Management\\\", \\\"Delegated Setup\\\",\\\"Discovery Management\\\",\\\"Help Desk\\\",\\\"Hygiene Management\\\",\\\"Organization Management\\\",\\\"Public Folder Management\\\",\\\"Recipient Management\\\",\\\"Records Management\\\",\\\"Security Administrator\\\",\\\"Security Reader\\\",\\\"Server Management\\\",\\\"UM Management\\\",\\\"View-Only Organization Management\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Parentgroup in (StandardGroup)\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| summarize Total = count()-1 by Parentgroup\\r\\n| extend Comment = case (Total>0 and Parentgroup contains \\\"Discovery Management\\\", \\\"❌ This group should be empty Just in time should be used\\\", Total>5 and Parentgroup contains \\\"Organization Management\\\", \\\"❌ The content of this group should limited to only Level 3 Administrators\\\", Total>0 and Parentgroup contains \\\"Hygiene Management\\\", \\\"❌ This group should be empty or only contains Exchange server and/or Exchange antivirus Spam accounts\\\", \\\"Remember to regularly review the content of the group\\\")\\r\\n| sort by Parentgroup asc\",\"size\":3,\"showAnalytics\":true,\"title\":\"Numbers of members for high privileges groups\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"All the default Exchange groups located in the default Exchange OU : Microsoft Exchange Security Groups are displayed with their number of members.\\r\\n\\r\\nIt is very important to monitor the content of Exchange groups and raise an alert when a new member is added.\\r\\n\\r\\nFor critical groups, a warning is display if the number exceeded a define thresold :\\r\\n  - Discovery Management: This group should be empty, so a warning is displayed when the group is not empty\\r\\n\\r\\n  - Organization Management : This group should only contain only Exchange expert. No service account should be member of this groupe. A warning is display when the total numer of member exceeded 5\\r\\n  - Hygiene Management : This group can acces and moidify the content of all mailboxes using EWS. A warning is display when the group is not empty. This warning can be ignored if the accounts are the Antispam service account or Exchange servers Computer accounts\"},\"name\":\"text - 0\"}]},\"name\":\"group - 1\"}]},\"name\":\"Summarize Number of Member Per Group\"},{\"type\":1,\"content\":{\"json\":\"❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 366 days\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7c281d60-8434-4636-b85e-aef6296f1107\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}},{\"id\":\"e122a0de-1395-4002-96f9-cc057c257518\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Compliance Management\\\", \\\"Delegated Setup\\\",\\\"Discovery Management\\\",\\\"Help Desk\\\",\\\"Hygiene Management\\\",\\\"Organization Management\\\",\\\"Public Folder Management\\\",\\\"Recipient Management\\\",\\\"Records Management\\\",\\\"Security Administrator\\\",\\\"Security Reader\\\",\\\"Server Management\\\",\\\"UM Management\\\",\\\"View-Only Organization Management\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Parentgroup in (StandardGroup)\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| where Level !=0\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\", iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by MemberPath asc\",\"size\":3,\"showAnalytics\":true,\"title\":\"Default Exchange groups content\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"$gen_group\",\"formatter\":1},{\"columnMatch\":\"ParentGroup\",\"formatter\":1},{\"columnMatch\":\"Parentgroup\",\"formatter\":5},{\"columnMatch\":\"Group\",\"formatter\":1}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Parentgroup\"],\"finalBy\":\"Parentgroup\"},\"labelSettings\":[{\"columnId\":\"Parentgroup\",\"label\":\"ParentGroup\"}]}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section the content of the groups with details informations.\\r\\n\\r\\nIt is recommended to check the Last logon and last password change informations.\"},\"name\":\"text - 0\"}]},\"name\":\"group - 2\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"DefaultGroup\"},\"name\":\"group - 4\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Let start with Least Privileges with RBAC\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Workbook goals\\r\\nThe goals of this workbook is to show you the current RBAC delegation\\r\\n\\r\\n\\r\\nThis workbook will display :\\r\\n\\r\\n  - NonStandrd RBAC delegation\\r\\n\\r\\n  - Exchange default group content\\r\\n\\r\\n  - Analysis of the actions performed by Organization Management members to remove them from the groups\\r\\n\\r\\n----\\r\\n\\r\\n## Tabs\\r\\n\\r\\n### Current RBAC Delegation\\r\\n\\r\\nThis tab will show all the nonstandard RBAC delegation.\\r\\n\\r\\n**Most of the time RBAC are done and forgotten... This tab will provide a clear statut of the delegation and help with the remediation.**\\r\\n\\r\\nBy nonstandard, it means that the current delegation are compared to the delegation from Exchange 2019 CU11.\\r\\n\\r\\nNonstandard delegation for standard groups like Organization Management will also be displayed.\\r\\n\\r\\nDetail information for  found will be displayed : Last logon, last password changed...\\r\\n\\r\\n### Default Group content\\r\\n\\r\\nThis tab will show the number of members for default Exchange groups and their content.\\r\\n\\r\\nMost of the time, the content of common Exchange groups but Exchange is shipped with many groups that have very high privileges and its interesting to see that they are not empty as expected.\"},\"name\":\"text - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"start\"},\"name\":\"group - 6\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Role details\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"List of Custom Roles\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows the Custom management roles that exist in your environnment and the name of the parent's role\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"Liste of existing Custom roles\"},\"customWidth\":\"50\",\"name\":\"text - 5\"},{\"type\":1,\"content\":{\"json\":\"List of Custom with a Management Role Assignement (associated with a group or a user). Display the target account and scope if set\"},\"customWidth\":\"50\",\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| extend WhenCreated = WhenCreated\\r\\n| project Identity, ParentRole, WhenCreated, WhenChanged\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n//| extend Scope = tostring(CmdletResultValue.RecipientWriteScope)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n//| project Role = tostring(CmdletResultValue.Role.Name)\\r\\n| distinct Role,RoleAssigneeName,Scope\\r\\n| project Role,RoleAssigneeName,Scope\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| project Role = tostring(CmdletResultValue.Role.Name), Scope, RoleAssigneeName\\r\\n| join  kind=fullouter (MRcustomRoles) on Role\\r\\n| project Role = Role1, Scope, RoleAssigneeName,Comment = iff(Role == \\\"\\\", \\\"⚠️ No existing delegation for this role\\\", \\\"✅ This role is delegated with a Management Role Assignment\\\")\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n    | project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| project Role = tostring(CmdletResultValue.Role.Name)\\r\\n| join  kind=fullouter (MRcustomRoles) on Role\\r\\n| summarize acount = count() by iff( Role==\\\"\\\",\\\"Number of non assigned roles\\\", Role)\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 3\"}]},\"name\":\"List of Custom Roles\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Roles delegation on group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows delegation associated with the Custom Roles\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Parent.Parent == \\\"Roles\\\"\\r\\n| where CmdletResultValue.RoleAssignmentDelegationType <> 6\\r\\n| extend Role = tostring(CmdletResultValue.Role.Name)\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, Role, RoleAssigneeType, CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\\r\\n\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\"}]},\"name\":\"group - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Details for Custom Roles Cmdlets \",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays for the chosen custom management roles all Cmdlets and their parameters associated with this custom role.\\r\\nRemember that for a cmdlet, some parameters can be removed.\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"07c8ac83-371d-4702-ab66-72aeb2a20053\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CustomRole\",\"type\":2,\"isRequired\":true,\"query\":\" ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| project Identity\",\"typeSettings\":{\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SelectedRole = toscalar ( ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| where Identity contains \\\"{CustomRole}\\\"\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| project ParentRole);\\r\\nlet DefMRA = externaldata (Role:string,CmdletCount:string,Parameters:string )[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/RBACRoleCmdlet.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| where Role == SelectedRole | summarize CmdletCount=count() by  Role;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend CustomRoleName = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = CmdletResultValue.Name\\r\\n| extend Parameters = CmdletResultValue.Parameters\\r\\n| project CmdletName,Parameters,ParentRole = SelectedRole\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Parameters\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"100ch\"}}],\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"70\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SelectedRole = toscalar ( ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| where Identity contains \\\"{CustomRole}\\\"\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| project ParentRole);\\r\\nlet DefMRA = externaldata (Role:string,CmdletCount:string,Parameters:string )[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/RBACRoleCmdlet.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| where Role == SelectedRole | summarize CmdletCount=count() by  Role;\\r\\nlet MRCustomD = ExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend Role = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = CmdletResultValue.Name\\r\\n| extend ParentRole = tostring(SelectedRole)\\r\\n| summarize CmdletCount = count() by  Role, ParentRole\\r\\n| project Role,CmdletCount;\\r\\nunion MRCustomD, DefMRA\",\"size\":0,\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"30\",\"name\":\"query - 3\"},{\"type\":1,\"content\":{\"json\":\"List of Cmdlets ( Get- command have been removed to clarify the information) with :\\r\\nCustomParamCount : number of parameters for the Cmdlet in the custom role\\r\\nDefaultCmdletNumberofParam : number of parameters for the Cmdlet in the default role\\r\\n\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SelectedRole = toscalar ( ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| where Identity contains \\\"{CustomRole}\\\"\\r\\n| extend ParentRole = CmdletResultValue.Parent.Name\\r\\n| project ParentRole);\\r\\nlet DefMRA = externaldata (Role:string,Name:string,Parameters:string )[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/RBACRoleCmdlet.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| where Role == SelectedRole | mv-expand split(todynamic(Parameters),\\\";\\\")| summarize ParamCount = count() by  Name;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend CustomRoleName = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = tostring(CmdletResultValue.Name)\\r\\n| where CmdletName !contains \\\"get-\\\"\\r\\n| extend Parameters = CmdletResultValue.Parameters\\r\\n| extend ParentRole = tostring(SelectedRole)\\r\\n| mv-expand split(todynamic(Parameters),\\\";\\\")\\r\\n| summarize ParamCount = count() by CmdletName, ParentRole\\r\\n| join (DefMRA) on $left.CmdletName == $right.Name\\r\\n| project CmdletName, CustomParamCount = ParamCount , DefaultCmdletNumberofParam = ParamCount1\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"DefaultCmdletNumberofParam\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"DefaultCmdletNumberofParam\",\"sortOrder\":1}]},\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Details for Custom Roles Cmdlets \"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"CustomRole\"},\"name\":\"Custom Role\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeLeastPrivilegewithRBAC\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -2499,9 +2480,9 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
@@ -2517,43 +2498,36 @@
                     {
                       "contentId": "ESI-ExchangeAdminAuditLogEvents",
                       "kind": "DataConnector"
-                    }
+                                        }
                   ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - On-Premises Workbook with template",
-        "displayName": "Microsoft Exchange Security - On-Premises workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName2'),'/',variables('workbookVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Search AdminAuditLog Workbook with template version 2.0.0",
+        "description": "Microsoft Exchange Search Admin AuditLog Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -2597,9 +2571,9 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
@@ -2615,43 +2589,36 @@
                     {
                       "contentId": "ESI-ExchangeAdminAuditLogEvents",
                       "kind": "DataConnector"
-                    }
+                                        }
                   ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId2')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook2-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId2')]",
+        "id": "[variables('_workbookcontentProductId2')]",
+        "version": "[variables('workbookVersion2')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName3')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - On-Premises Workbook with template",
-        "displayName": "Microsoft Exchange Security - On-Premises workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName3'),'/',variables('workbookVersion3'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName3'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Admin Activity Workbook with template version 2.0.0",
+        "description": "Microsoft Exchange Admin Activity Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion3')]",
@@ -2695,9 +2662,9 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
@@ -2713,43 +2680,36 @@
                     {
                       "contentId": "ESI-ExchangeAdminAuditLogEvents",
                       "kind": "DataConnector"
-                    }
+                                        }
                   ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId3')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook3-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId3')]",
+        "id": "[variables('_workbookcontentProductId3')]",
+        "version": "[variables('workbookVersion3')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName4')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - On-Premises Workbook with template",
-        "displayName": "Microsoft Exchange Security - On-Premises workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName4'),'/',variables('workbookVersion4'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName4'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Security Review Workbook with template version 2.0.0",
+        "description": "Microsoft Exchange Security Review Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion4')]",
@@ -2767,7 +2727,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook4-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Microsoft Exchange Security Review\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"743317e2-ebcf-4958-861d-4ff97fc7cce1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ESI_ExchConfigAvailableEnvironments(Target=\\\"On-Premises\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n    | where ScopedEnvironment in (_configurationEnv)\\r\\n    | where TimeGenerated > ago(90d)\\r\\n    | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n    | summarize by Collection \\r\\n    | join kind= fullouter ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n        | where ScopedEnvironment in (_configurationEnv)\\r\\n        | where TimeGenerated > ago(90d)\\r\\n        | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n        | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm ')\\r\\n        | summarize by PreciseCollection, Collection \\r\\n        | join kind=leftouter (\\r\\n            ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n            | where ScopedEnvironment in (_configurationEnv)\\r\\n            | where TimeGenerated > ago(90d)\\r\\n            | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n            | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm')\\r\\n            | summarize by PreciseCollection, Collection \\r\\n            | summarize count() by Collection\\r\\n        ) on Collection\\r\\n    ) on Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,iif(count_ > 1,PreciseCollection,Collection1)), Label = iif(Selected,\\\"Last Known date\\\",iif(count_ > 1,PreciseCollection,Collection1)), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":1,\"content\":{\"json\":\"This workbook helps review your Exchange Security configuration.\\r\\nSelect your Exchange Organization and adjust the time range.\\r\\nBy default, the Help won't be displayed. To display the help, choose Yes on the toogle buttom \\\"Show Help\\\"\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"34188faf-7a02-4697-9b36-2afa986afc0f\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Mailbox Access\",\"subTarget\":\"Delegation\",\"postText\":\"t\",\"style\":\"link\",\"icon\":\"3\",\"linkIsContextBlade\":true},{\"id\":\"be02c735-6150-4b6e-a386-b2b023e754e5\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Exchange & AD Groups\",\"subTarget\":\"ExchAD\",\"style\":\"link\"},{\"id\":\"30dc6820-339d-4fa9-ad79-5d79816a5cab\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Local Administrators\",\"subTarget\":\"Server\",\"style\":\"link\"},{\"id\":\"571fa2a4-1f1e-44a2-ada0-ccfb31b9abbb\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Exchange Security Configuration\",\"subTarget\":\"SecConf\",\"style\":\"link\"},{\"id\":\"26c68d90-925b-4c3c-a837-e3cecd489b2d\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Transport Configuration\",\"subTarget\":\"Transport\",\"style\":\"link\"},{\"id\":\"eb2888ca-7fa6-4e82-88db-1bb3663a801e\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Summary\",\"subTarget\":\"Start\",\"style\":\"link\"}]},\"name\":\"TopMenuTabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Workbook goals\\r\\n\\r\\nThe goal of this workbook is to outline key security configurations of your Exchange on-premises environment.\\r\\n\\r\\nMost of Exchange organizations have were installed years ago (sometimes more than 10 years). Many configurations have been done and might not have been documented. For most environments, the core commitment was maintaining a high availability of the users’ mailboxes putting aside other consideration (even security considerations). Recommended security practices have also evolved since the first released and a regular review is necessary.\\r\\n\\r\\nThis workbook is designed to show your Exchange organization is configured with a security point of view. Indeed, some configurations easy to display as there are no UI available.\\r\\n\\r\\nFor each configuration, you will find explanations and recommendations when applicable.\\r\\n\\r\\n- This workbook does not pretend to show you every weak Security configurations, but the most common issues and known to be used by attackers. \\r\\n- It will not show you if you have been comprised, but will help you identify unexpected configuration.\\r\\n\\r\\n----\\r\\n\\r\\n## Quick reminder of how Exchange works\\r\\n\\r\\nDuring Exchange installation two very important groups are created :\\r\\n- Exchange Trusted Subsystem : Contain all the computer accounts for Exchange Server\\r\\n- Exchange Windows Permissions : Contain the group Exchange trusted Subsystem\\r\\n\\r\\nThese groups have :\\r\\n- Very high privileges in ALL AD domains including the root domain\\r\\n- Right on any Exchange including mailboxes\\r\\n\\r\\nAs each Exchange server computer account is member of Exchange Trusted Subsystem, it means by taking control of the computer account or being System on an Exchange server you will gain access to all the permissions granted to Exchange Trusted Subsystem and Exchange Windows Permissions.\\r\\n\\r\\nTo protect AD and Exchange, it is very important to ensure the following:\\r\\n- There is a very limited number of persons that are local Administrator on Exchange server\\r\\n- To protect user right like : Act part of the operating System, Debug\\r\\n\\r\\nEvery service account or application that have high privileges on Exchange need to be considered as sensitive\\r\\n\\r\\n** 💡 Exchange servers need to be considered as very sensitive servers**\\r\\n\\r\\n-----\\r\\n\\r\\n\\r\\n## Tabs\\r\\n\\r\\n### Mailbox Access\\r\\n\\r\\nThis tab will show you several top sensitive delegations that allow an account to access, modify, act as another user, search, export the content of a mailbox.\\r\\n\\r\\n### Exchange & AD Groups\\r\\n\\r\\nThis tab will show you the members of Exchange groups and Sensitive AD groups.\\r\\n\\r\\n### Local Administrators\\r\\n\\r\\nThis tab will show you the non standard content of the local Administrators group. Remember that a member of the local Administrators group can take control of the computer account of the server and then it will have all the permissions associated with Exchange Trusted Subsytem and Exchange Windows Permissions\\r\\n\\r\\nThe information is displayed with different views : \\r\\n- List of nonstandard users\\r\\n- Number of servers with a nonstandard a user\\r\\n- Nonstandard groups content\\r\\n- For each user important information are displayed like last logon, last password set, enabled\\r\\n\\r\\n### Exchange Security configuration\\r\\n\\r\\nThis tab will show you some important configuration for your Exchange Organization\\r\\n- Status of Admin Audit Log configuration\\r\\n- Status of POP and IMAP configuration : especially, is Plaintext Authentication configured ?\\r\\n- Nonstandard permissions on the Exchange container in the Configuration Partition\\r\\n\\r\\n### Transport Configuration\\r\\n\\r\\nThis tab will show you the configuration of the main Transport components\\r\\n- Receive Connectors configured with Anonymous and/or Open Relay\\r\\n- Remote Domain Autoforward configuration\\r\\n- Transport Rules configured with BlindCopyTo, SendTo, RedirectTo\\r\\n- Journal Rule and Journal Recipient configurations\\r\\n- Accepted Domains with *\\r\\n\\r\\n\"},\"name\":\"WorkbookInfo\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Start\"},\"name\":\"InformationTab\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Security Configuration for the Exchange environment\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays several security information regarding the organization or server's configuration.\"},\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"This section display the Exchange version and the CU installed.\\r\\n\\r\\nFor the latest build number, check this link : <a href=\\\" https://docs.microsoft.com/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019\\\" target=\\\"_blank\\\">Exchange Build Numbers</a>\\r\\n\\r\\nThis section is built from a file located in the public github repository.\\r\\nThe repository is manually updated by the team project  when new CU/SU are released.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ServerVersionCheckHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ExchCUSU = externaldata (Productname:string, CU:string, SU:string, BuildNbAll:string, BuilCUNb:string, Major:string, CUBuildNb:string, SUBuildNb:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/ExchBuildNumber.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| project Productname,CU,SU,BuildNbAll,BuilCUNb,Major,CUBuildNb,SUBuildNb;\\r\\n//ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n//| extend  VersionNumber = strcat(CmdletResultValue.AdminDisplayVersion.Major,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Minor,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Build)\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExchVersion\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend  VersionNumber = tostring(CmdletResultValue.ProductVersion)\\r\\n| extend  Server = tostring(ProcessedByServer_s)\\r\\n| extend CmdletResultType = tostring(CmdletResultType)\\r\\n| join kind= leftouter  (ExchCUSU) on $left.VersionNumber == $right.BuildNbAll\\r\\n| distinct Server,VersionNumber,Productname,CU,SU,CmdletResultType\\r\\n| extend Server = strcat(\\\"💻 \\\",Server)\\r\\n| extend Productname = case ( VersionNumber startswith \\\"15.02\\\", \\\"Exchange 2019\\\", VersionNumber startswith \\\"15.01\\\", \\\"Exchange 2016\\\",  VersionNumber startswith \\\"15.00\\\",\\\"Exchange 2013\\\", \\\"Exchange 2010\\\")\\r\\n| extend CU = iff(CmdletResultType <>\\\"Success\\\", \\\"Unable to retrieve information from server\\\", iff(CU <> \\\"\\\", CU, \\\"New CU or SU not yet in the List\\\"))\\r\\n| extend SU = iff(CmdletResultType <>\\\"Success\\\", \\\"Unable to retrieve information from server\\\", iff( SU <> \\\"\\\", SU, \\\"New CU or SU not yet in the List\\\"))\\r\\n|project-away CmdletResultType\\r\\n| sort by Server asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange servers CU-SU level\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"ExchangeServersList\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ExchCUSU = externaldata (Productname:string, CU:string, SU:string, BuildNbAll:string, BuilCUNb:string, Major:string, CUBuildNb:string, SUBuildNb:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/ExchBuildNumber.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| project Productname,CU,SU,BuildNbAll,BuilCUNb,Major,CUBuildNb,SUBuildNb;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExchVersion\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n//| extend  VersionNumber = strcat(CmdletResultValue.AdminDisplayVersion.Major,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Minor,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Build)\\r\\n| extend  VersionNumber = tostring(CmdletResultValue.ProductVersion)\\r\\n| extend  Server = tostring(CmdletResultValue.Server)\\r\\n| join kind= leftouter  (ExchCUSU) on $left.VersionNumber == $right.BuildNbAll\\r\\n| extend CU = iff( CU <> \\\"\\\", CU, \\\"New CU/SU not yet in the CU List\\\")\\r\\n| extend Version =strcat (VersionNumber,\\\"-\\\",CU,\\\"-\\\",SU)\\r\\n| summarize dcount(Server) by Version\",\"size\":0,\"showAnalytics\":true,\"title\":\"Version break down\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"ExchangeServerVersionPie\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Admin Audit Log configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The Admin Audit log stores all the actions performed on Exchange Servers (except read actions such as Get/Test).\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com /exchange/policy-and-compliance/admin-audit-logging/admin-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Admin Audit Log </a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/admin-audit-logging/manage-admin-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Manage Admin Audit Log </a>\\r\\n\\r\\n\\r\\nThis can be used to track \\r\\n- Unexpected behaviors\\r\\n- Who did a modification\\r\\n- Real actions performed by an account (the output could be used with to identify the necessary privileges)\\r\\n\\r\\nℹ️ Recommendations\\r\\n- Ensure that Admin Audit Log is not disabled\\r\\n- Ensure that critical Cmdlets have not been excluded\\r\\n- Ensure that AdminAuditLogCmdlets is set to * (list of audited Cmdlets)\\r\\n- Review the retention configuration for the Admin Audit Log content\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"AdminAuditHelp\"},{\"type\":1,\"content\":{\"json\":\"Here the main settings for the Admin Audit Log. Remember that AdminAudit log need to be enabled and no cmdlet should be excluded. Also check the retention limit.\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SensitiveCMDLet = externaldata (Cmdlet:string, UserOriented:string, Parameters:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| project Cmdlet,UserOriented,Parameters;\\r\\nlet AAL = (ExchangeConfiguration(SpecificSectionList=\\\"AdminAuditLog\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend AdminAuditLogExcludedCmdlets = CmdletResultValue.AdminAuditLogExcludedCmdlets\\r\\n| project AdminAuditLogExcludedCmdlets);\\r\\nlet SentsitivecmdletTrack = toscalar(SensitiveCMDLet | where Cmdlet has_any ( AAL)| project Cmdlet);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"AdminAuditLog\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend AdminAuditLogEnabled = iff(CmdletResultValue.AdminAuditLogEnabled == \\\"FALSE\\\", \\\" ❌ Disabled, High Risk\\\", \\\"✅ Enabled\\\")\\r\\n| extend AdminAuditLogAgeLimit = tostring(CmdletResultValue.AdminAuditLogAgeLimit)\\r\\n| extend AdminAuditLogAgeLimit = substring(AdminAuditLogAgeLimit,8)\\r\\n| extend AdminAuditLogAgeLimit =substring(AdminAuditLogAgeLimit,0,indexof(AdminAuditLogAgeLimit, ','))\\r\\n| extend AdminAuditLogAgeLimit = iff(toint(AdminAuditLogAgeLimit) == 0,strcat(\\\"❌ No AdminAuditlog recorded \\\",AdminAuditLogAgeLimit), iff(toint(AdminAuditLogAgeLimit) <=30,strcat(\\\"⚠️ Value to low except if exported \\\",AdminAuditLogAgeLimit), strcat(\\\"✅\\\",AdminAuditLogAgeLimit)))\\r\\n| extend AdminAuditLogCmdlets = tostring(CmdletResultValue.AdminAuditLogCmdlets)\\r\\n| extend AdminAuditLogCmdlets = substring(AdminAuditLogCmdlets,2)\\r\\n| extend AdminAuditLogCmdlets = substring(AdminAuditLogCmdlets,0,indexof(AdminAuditLogCmdlets, '\\\"]') )\\r\\n| extend AdminAuditLogCmdlets = replace_string(AdminAuditLogCmdlets,'\\\"',\\\"\\\")\\r\\n| extend Comment_AdminAuditLogCmdlets = iff( AdminAuditLogCmdlets == \\\"*\\\",\\\"✅ Default configuration\\\",\\\"❌ if AdminAuditLogCmdlets empty no logging else only AdminAuditLogCmdlets will be logged\\\")\\r\\n| extend AdminAuditLogExcludedCmdlets = tostring(CmdletResultValue.AdminAuditLogExcludedCmdlets)\\r\\n| extend AdminAuditLogExcludedCmdlets = substring(AdminAuditLogExcludedCmdlets,2)\\r\\n| extend AdminAuditLogExcludedCmdlets = substring(AdminAuditLogExcludedCmdlets,0,indexof(AdminAuditLogExcludedCmdlets, ']'))\\r\\n| extend AdminAuditLogExcludedCmdlets = replace_string(AdminAuditLogExcludedCmdlets,'\\\"',\\\"\\\")\\r\\n//| extend Cmdlet = replace_string(AdminAuditLogExcludedCmdlets,'\\\"',\\\"\\\")\\r\\n//| extend AALECSplit = tostring(split(AdminAuditLogExcludedCmdlets,\\\",\\\"))\\r\\n| project-away CmdletResultValue\\r\\n| extend Comment_AdminAuditLogExcludedCmdlet = case(  isnotempty( SentsitivecmdletTrack ),\\\"❌ Some excluded CmdLets are part of Sensitive Cmdlets\\\",AdminAuditLogExcludedCmdlets <>\\\"\\\",\\\"⚠️ Some Cmdlets are excluded \\\",\\\"✅ No Excluded CmdLet\\\")\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Comment_AdminAuditLogCmdlets\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"70ch\"}}],\"rowLimit\":10000,\"sortBy\":[{\"itemKey\":\"AdminAuditLogCmdlets\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"AdminAuditLogCmdlets\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"group - 0Admin Audit Log configuration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\"},\"name\":\"POP authentication configuration\"},{\"type\":1,\"content\":{\"json\":\"### POP authentication configuration\"},\"name\":\"text - 11\"},{\"type\":1,\"content\":{\"json\":\"If the POP Service is started, the LoginType should not set to Plaintext. This means that the password will be sent in clear on the network. As POP is enabled by default on all the mailboxes, this represents a high security risk.\\r\\n\\r\\nPOP Authentication\\r\\n- **PlainText** TLS encryption is not required on port 110.  Usernames and passwords are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL.\\r\\n- **PlainTextAuthentication** TLS encryption is not required on port 110. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption.\\r\\n- **SecureLogin** Connection on port 110  must use TLS encryption before authenticating.\\r\\n\\r\\nℹ️ Recommendations\\r\\nDisable POP on all mailboxes except those who need to actually use this protocol.\\r\\nSet the authentication to SecureLogin or at least to PlainTextAuthentication and configure the application.\\r\\n\\r\\nIf the application is not able to perform this type of authentication:\\r\\n- Ensure that POP is disabled on all the mailboxes except those who really need it \\r\\n- Monitor the POP connections\\r\\n- Change the password of the application on a regular basis\\r\\n\\r\\nRecommended Reading : \\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/aa997188(v=exchg.141).aspx \\\" target=\\\"_blank\\\">Configuring Authentication for POP3 and IMAP4</a>\\r\\n \\r\\n<a href=\\\"https://technet.microsoft.com/library/aa997154(v=exchg.160).aspx\\\" target=\\\"_blank\\\"> Set-PopSettings</a>\\r\\n\\r\\n\\r\\nIn order to track mailboxes that are currently using POP\\r\\n- Enable POP logging\\r\\n- Set-PopSettings -Server SRV1  -ProtocolLogEnabled verbose\\r\\n- Several weeks later, analyze the log content\\r\\n- Default location :    - Get-PopSettings -server SRV1 | fl server,*log*\\r\\n- Check for connection and authentication\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"PopServiceHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"PopSettings\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| join kind = leftouter(ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangePop3\\\")\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString\\r\\n| join (ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangePop3BE\\\" )\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString) on ServerName) on ServerName\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| extend LoginType =  iff(CmdletResultValue.LoginType== 1 , \\\"⛔ PlainText, High Risk\\\", iff(CmdletResultValue.LoginType== 2, \\\"⚠️ PlainTextAuthentication\\\",\\\"✅ SecureLogin\\\"))\\r\\n| extend ProtocolLogEnabled =  tostring(CmdletResultValue.ProtocolLogEnabled)\\r\\n| extend ServiceName =  iff(tostring(ServiceName)==\\\"\\\", \\\"Service Status not retrieved\\\",tostring(ServiceName))\\r\\n| extend Status =  tostring(Status)\\r\\n| extend BackendEndService=  tostring(ServiceName1)\\r\\n| extend StartupType =  tostring(StartupType)\\r\\n| extend BEStatus =  tostring(Status1)\\r\\n| extend BEStartupType =  tostring(StartupType1)\\r\\n| project ServerName,LoginType,ServiceName,Status,StartupType,BackendEndService,BEStatus,BEStartupType,ProtocolLogEnabled\\r\\n| sort by ServerName asc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Pop Authentication : should not be set as Plaintext\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LoginType\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":0,\"formatOptions\":{\"aggregation\":\"Sum\"}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"LoginType\"],\"finalBy\":\"LoginType\"}}},\"name\":\"PopSettingsQuery\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"### IMAP authentication configuration\"},\"name\":\"IMAPTitle\"},{\"type\":1,\"content\":{\"json\":\"If the IMAP Service is started, the LoginType should not set to Plaintext. This means that the passwords will be sent in clear over the network. As IMAP is enabled by default on all the mailboxes, this is a high security risk.\\r\\n\\r\\nIMAP Authentication\\r\\n- **PlainText** TLS encryption is not required on port 110.  User name and password are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL.\\r\\n- **PlainTextAuthentication** TLS encryption is not required on port 143. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption.\\r\\n- **SecureLogin** Connection on port 143 must use TLS encryption before authenticating.\\r\\n\\r\\nℹ️ Recommendations \\r\\nDisable IMAP on all mailboxes except those which needs to use this protocol. Set the authentication to SecureLogin or at least to PlainTextAuthentication and configure the application accordingly.\\r\\n\\r\\nIf the application is not able to perform this type of authentication:\\r\\n- Ensure that IMAP is disable on all the mailboxes except those who really need it \\r\\n- Monitor the connection\\r\\n- Regularly, change the password of the application\\r\\n\\r\\nRecommended Reading : \\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/aa997188(v=exchg.141).aspx \\\" target=\\\"_blank\\\">Configuring Authentication for POP3 and IMAP4</a>\\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/aa998252(v=exchg.160).aspx\\\" target=\\\"_blank\\\"> Set-IMAPSettings</a>\\r\\n\\r\\n\\r\\n\\r\\nIn order to track mailboxes that are currently using IMAP\\r\\n- Enable IMAP logging\\r\\n- Set-IMAPSettings -Server SRV1  -ProtocolLogEnabled verbose\\r\\n- Several weeks later, analyze the log content\\r\\n- Default location :  Get-IMAPSettings -server SRV1 | fl server,*log*\\r\\n- Check for connection and authentication\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"IMAPHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"IMAPSettings\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| join kind = leftouter(ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangeIMAP4\\\")\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString\\r\\n| join (ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangeIMAP4BE\\\" )\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString) on ServerName) on ServerName\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| extend LoginType =  iff(CmdletResultValue.LoginType== 1 , \\\"⛔ PlainText, High Risk\\\", iff(CmdletResultValue.LoginType== 2, \\\"⚠️ PlainTextAuthentication\\\",\\\"✅ SecureLogin\\\"))\\r\\n| extend ProtocolLogEnabled =  tostring(CmdletResultValue.ProtocolLogEnabled)\\r\\n| extend ServiceName =  iff(tostring(ServiceName)==\\\"\\\", \\\"Service Status not retrieved\\\",tostring(ServiceName))\\r\\n| extend Status =  tostring(Status)\\r\\n| extend BackendEndService=  tostring(ServiceName1)\\r\\n| extend StartupType =  tostring(StartupType)\\r\\n| extend BEStatus =  tostring(Status1)\\r\\n| extend BEStartupType =  tostring(StartupType1)\\r\\n| project ServerName,LoginType,ServiceName,Status,StartupType,BackendEndService,BEStatus,BEStartupType,ProtocolLogEnabled\\r\\n| sort by ServerName asc\",\"size\":1,\"showAnalytics\":true,\"title\":\"IMAP Authentication  : should not be set as Plaintext\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LoginType\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"LoginType\"],\"finalBy\":\"LoginType\"}}},\"name\":\"IMAPSettingsQuery\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Nonstandard permissions on Configuration Partitions\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section highlights nonstandard permissions on Configuration Partition for Exchange container. By selecting Yes for Generic All buttom only delegation set for Generic All will be display. Standard, Deny and inherited permissions have been removed\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"During the lifetime of an Exchange Organization, many permissions may have been set on Exchange containers in the Configuration Partition.\\r\\nThis section displayed all the nonstandard permissions found on the most important Exchange containers :\\r\\n - Groups from legacy Exchange versions (Exchange Enterprise Servers, Exchange Domain Servers,...)\\r\\n - SID for deleted accounts\\r\\n - Old service accounts (that may not have been disabled or removed...)\\r\\n \\r\\nWhen an administrator run setup /prepareAD, his account will be granted Generic All at the top-level Exchange container\\r\\n\\r\\nBy default, this section only displayed the Generic All permissions.\\r\\n \\r\\nThis section is built by removing all the standard AD and Exchange groups.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/exchange-2013-deployment-permissions-reference-exchange-2013-help\\\" target=\\\"_blank\\\"> Exchange 2013 deployment permissions reference</a>\\r\\n \\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"80f9134a-420f-47c9-b171-1ca8e72efa3e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"GenericAll\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }\\r\\n]\"},{\"id\":\"29e2005c-3bd4-4bb8-be63-053d11abe1d4\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NonStandardPermissions\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\", \\\"selected\\\":true  },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Authenticated Users\\\", \\\"Domain Admins\\\",  \\\"Enterprise Admins\\\",\\\"Schema Admins\\\", \\\"Exchange Trusted Subsystem\\\", \\\"Exchange Servers\\\",\\\"Organization Management\\\", \\\"Public Folder Management\\\",\\\"Delegated Setup\\\", \\\"ANONYMOUS LOGON\\\", \\\"NETWORK SERVICE\\\", \\\"SYSTEM\\\", \\\"Everyone\\\",\\\"Managed Availability Servers\\\"]);\\r\\nlet Exchsrv =ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| summarize make_list(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"PartConfPerm\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.Deny !contains \\\"True\\\" and CmdletResultValue.IsInherited !contains \\\"True\\\"\\r\\n| where (CmdletResultValue.AccessRights == \\\"[983551]\\\") in ({GenericAll})\\r\\n| where not (CmdletResultValue.UserString has_any (StandardGroup)) in ({NonStandardPermissions})\\r\\n| where not (CmdletResultValue.UserString has_any (Exchsrv))in ({NonStandardPermissions})\\r\\n| extend Name =  tostring(CmdletResultValue.Identity.Name)\\r\\n| extend Account =  tostring(CmdletResultValue.UserString )\\r\\n| extend AccessRights =  iff (tostring(CmdletResultValue.AccessRightsString) contains \\\"GenericAll\\\", strcat (\\\"❌ \\\",tostring(CmdletResultValue.AccessRightsString)), tostring(CmdletResultValue.AccessRightsString))\\r\\n| extend ExtendedRights =   iff (tostring(CmdletResultValue.ExtendedRightsString) contains \\\"-As\\\", strcat (\\\"❌ \\\",tostring(CmdletResultValue.ExtendedRightsString)), tostring(CmdletResultValue.ExtendedRightsString))\\r\\n| extend InheritanceType =  tostring(CmdletResultValue.InheritanceType)\\r\\n| extend DN = tostring(CmdletResultValue.Identity.DistinguishedName)\\r\\n| project-away CmdletResultValue\\r\\n| sort by DN desc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"AccessRights\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"AccessRights\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Nonstandard permissions on Configuration Partitions\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"SecConf\"},\"name\":\"Security Configuration for the Exchange environment\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays important security configurations that allow access to all or partial mailboxes' content  - Direct delegations are not listed -  Example : <br>\\r\\n- Permissions Full Access  \\r\\n- Permission on mailboxes folders\\r\\n\"},\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n//| where CmdletResultValue.Name !contains \\\"Deleg\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and  CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\"\\r\\n| where CmdletResultValue.Name !contains \\\"Deleg\\\" \\r\\n| where CmdletResultValue.RoleAssigneeName !in (\\\"Hygiene Management\\\",\\\"Exchange Online-ApplicationAccount\\\",\\\"Discovery Management\\\")\\r\\n| where CmdletResultValue.Role.Name contains \\\"Export\\\" or CmdletResultValue.Role.Name contains \\\"Impersonation\\\" or (CmdletResultValue.Role.Name contains \\\"Search\\\" and CmdletResultValue.Role.Name !contains \\\"MailboxSearchApplication\\\")\\r\\n| summarize dcount(tostring(CmdletResultValue.RoleAssigneeName)) by role=tostring(CmdletResultValue.Role.Name)\",\"size\":1,\"showAnalytics\":true,\"title\":\"Number of delegations for sensitive RBAC roles\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"role\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_RoleAssigneeName\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"role\",\"sortOrderField\":1}},\"name\":\"MRAQuery\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Application Impersonation Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows the delegated account to access and modify the content of every mailboxes using EWS.\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**ApplicationImpersonation** is a RBAC role that allows access (read and modify) to the content of all mailboxes using EWS. \\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nIt should be carefully delegated. When a delegation is necessary, RBAC scopes should be configured to limit the list of impacted mailboxes.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/applicationimpersonation-role-exchange-2013-help\\\" target=\\\"_blank\\\">Help for the role Application Impersonation</a>\\r\\n\\r\\nIt is common (but not recommended) to see service accounts from backup solution, antivirus software, MDM... with this delegation.\\r\\n\\r\\nNote that the default configuration to the group Hygiene Management is excluded. This group is a sensitive group. Remember to monitor the content of this group.\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Role.Name contains \\\"Impersonation\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n//| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Application Impersonation Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Import Export Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to export the content all  mailboxes in a scope in PST file.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Import Export**  is a RBAC role that allows an account to export the content of any maibox in a PST. It also allows search in all mailboxes.\\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nBy default, this role is not delegated to any user or group. The members of the group Organization Management by default do not have this role but are able to delegate it.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mailbox-import-export-role-exchange-2013-help\\\" target=\\\"_blank\\\">Help for the role Mailbox Import Export</a>\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n- create an empty group with this delegation\\r\\n- monitor the group content and  alert when the group modified\\r\\n- add administrators in this group only for a short period of time.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ExportRoleHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Name contains \\\"export\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, RoleAssigneeType,Status, CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Import Export Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Search Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to search inside all or in a scope of mailboxes and export the result in PST.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\nExchange Online-ApplicationAccount\\r\\nDiscovery Management has been excluded\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Search** is an RBAC role that allows an account to search in any mailbox and export the results to a PST.\\r\\n\\r\\n⚡ This role is very powerful.\\r\\n\\r\\nBy default, this role is only delegated to the group Discovery Management. The members of the group Organization Management do not have this role but are able to delegate it.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mailbox-search-role-exchange-2013-help\\\" target=\\\"_blank\\\">Help for the role Mailbox Search</a>\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n\\r\\n- add the administrators in the Discovery Management group\\r\\n- monitor the group content and alert when the group modified\\r\\n- add administrators in this group only for a short period of time\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SearchRBACHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Name contains \\\"search\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| where CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\"\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Search Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"ReceiveAs/SendAs  Extended Right on databases\",\"items\":[{\"type\":1,\"content\":{\"json\":\"These are delegations at the database level.\\r\\n\\r\\n**Receive As Extended Right on database's objects in the Configuration**\\r\\n\\r\\nWhen an account has **ReceiveAs** permissions on a database's object, it can open and view the content of any mailboxes on that database.\\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/bb123879(v=exchg.80).aspx\\\" target=\\\"_blank\\\">Help for Receive As Permission</a>\\r\\n\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nDo not set this permission on databases. When an application requires this permission, ensure that the application account’s password is well protected and known by a very limited number of person.Change the password as often as possible.\\r\\n\\r\\n**Send As Extended Right on database objects in the Configuration**\\r\\n\\r\\n\\r\\nWhen an account has **SendAs** permissions on a database's object, it can send messages from all the mailboxes contained in this database. The messages that are sent from a mailbox will appear as if the mailbox owner sent them.\\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/ library/bb123879(v=exchg.80).aspx\\\" target=\\\"_blank\\\">Help for Send As Permission</a>\\r\\n\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nDo not set this permission on databases. When an application requires this permission, ensure that the application account’s password is well protected and known by a very limited number of person.Change the password as often as possible.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SendAsHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseReceiveAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| union ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseSendAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| summarize dcount(tostring(CmdletResultValue.UserString)) by iff( tostring(Section) contains \\\"MailboxDatabaseReceiveAs\\\",\\\"ReceiveAs Unique Acct\\\",\\\"SendAs Unique Acct\\\")\",\"size\":1,\"showAnalytics\":true,\"title\":\"Number of accounts with ReceiveAs/SendAs delegations\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Column1\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_UserString\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"Column1\",\"sortOrderField\":1}},\"customWidth\":\"50\",\"name\":\"ReceiveAsUsersTiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseReceiveAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| union ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseSendAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| summarize dcount(tostring(CmdletResultValue.Identity.Name)) by iff( tostring(Section) contains \\\"MailboxDatabaseReceiveAs\\\",\\\"ReceiveAs Unique DB\\\",\\\"SendAs Unique DB\\\")\",\"size\":1,\"showAnalytics\":true,\"title\":\"ReceiveAs/SendAs database delegations\",\"color\":\"purple\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Column1\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_Identity_Name\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"Column1\",\"sortOrderField\":1}},\"customWidth\":\"50\",\"name\":\"ReceiveAsTiles\",\"styleSettings\":{\"margin\":\"25\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseReceiveAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| extend Account = tostring(CmdletResultValue.UserString)\\r\\n| extend DatabaseName = tostring(CmdletResultValue.Identity.Name)\\r\\n| summarize Count =count() by Account,DatabaseName\\r\\n| project Account,Count,DatabaseName\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"ReceiveAs Extended Right on databases\",\"noDataMessage\":\"No Receive-As delegation\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Account\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\",\"aggregation\":\"Sum\"}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Account\"],\"finalBy\":\"Account\"},\"sortBy\":[{\"itemKey\":\"$gen_count_$gen_group_0\",\"sortOrder\":1}],\"labelSettings\":[{\"columnId\":\"Account\",\"comment\":\"Account and the number of databases on which it has delegation \"}]},\"sortBy\":[{\"itemKey\":\"$gen_count_$gen_group_0\",\"sortOrder\":1}]},\"customWidth\":\"50\",\"name\":\"MailboxDatabaseReceiveAsGrid\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseSendAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| extend Account = tostring(CmdletResultValue.UserString)\\r\\n| extend DatabaseName = tostring(CmdletResultValue.Identity.Name)\\r\\n| summarize Count =count() by Account, DatabaseName\\r\\n| project Account, Count, DatabaseName\",\"size\":1,\"showAnalytics\":true,\"title\":\"SendAs Extended Right on databases\",\"noDataMessage\":\"No Send-As delegation\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Account\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\",\"aggregation\":\"Sum\",\"compositeBarSettings\":{\"labelText\":\"\"}}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Account\"],\"finalBy\":\"Account\"},\"labelSettings\":[{\"columnId\":\"Account\",\"comment\":\"Account and the number of databases on which it has delegation \"}]}},\"customWidth\":\"50\",\"name\":\"MailboxDatabaseSendAsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ReceiveSendAs\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Delegation\"},\"name\":\"Importantsecurityconfiguration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Local Administrators\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The following section will display the content of the local Administrators group for each server\\r\\n\\r\\n** When content refer to groups from other forests, none or partial information will be displayed and the number of Administrators may be inconsistent. **\\r\\n\\r\\nMost of the sections display the same information  but with differents sorting, displays...\"},\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"Only Exchange administrators should be members of the local Administrators group of Exchange servers.\\r\\n\\r\\nYou need to review  the content of the local Administrators group on a regular basis.\\r\\n\\r\\nIt is considered a high security risk to have a discrepancy of members between the servers. \\r\\n\\r\\nIt is not recommended to have more than one local administrator accounts. Furthermore, the password should be unique on each server and regularly changed. A solution like LAPS could be used to manage the local administrator password.\\r\\n\\r\\nOnly Exchange administrators should be able to logon on Exchange servers.\\r\\n\\r\\nHere the default content of the local Administrators group for an Exchange server \\r\\n:\\r\\n- Administrator (this account can be renamed)\\r\\n- Domain Admins\\r\\n- Exchange Trusted Subsystem\\r\\n- Organization Management\\r\\n\\r\\n**Service accounts should not be members of the local Administrators group**. If it is necessary, you need to ensure that the account is dedicated to Exchange. If the service account opens sessions on other servers, it can be used for lateral movements. \\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"LocalAdminsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"dfffbaa4-5888-41c2-b039-dafb6110260c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Limited\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 7\"},{\"type\":1,\"content\":{\"json\":\"**Top 10 servers with high number of unique local Administrators members**\"},\"name\":\"text - 13\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup)) in ({Limited})\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| where ObjectClass !contains \\\"group\\\"\\r\\n| summarize dcount(MemberPath) by Parentgroup\\r\\n| top 10 by dcount_MemberPath\\r\\n| sort by dcount_MemberPath\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false}},\"name\":\"query - 9\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Click to see number of unique members for all servers\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"Number of unique members for all servers\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup)) in ({Limited})\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| where ObjectClass !contains \\\"group\\\"\\r\\n| summarize dcount(MemberPath) by Parentgroup\\r\\n| sort by dcount_MemberPath\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false}},\"name\":\"query - 9 - Copy\"}]},\"name\":\"All servers number of members\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let allsrv = ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") | where \\r\\nCmdletResultValue.IsMailboxServer== true | extend Name=tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") \\r\\n| where CmdletResultValue.Level == 1\\r\\n| project CmdletResultValue\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Name = tostring(trim_end(@'\\\\\\\\Local Administrators', tostring(CmdletResultValue.Parentgroup)))\\r\\n| distinct Name\\r\\n| project Name\\r\\n| join kind=rightanti (allsrv) on Name\\r\\n| project CmdletResultValue.Name\",\"size\":4,\"title\":\"Servers not reachable\",\"noDataMessage\":\"All server were successfully analyzed\",\"noDataMessageStyle\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"CmdletResultValue_Name\",\"formatter\":1,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},\"showBorder\":true}},\"name\":\"query - 9 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.ServerRole <> 64\\r\\n| count\\r\\n\",\"size\":4,\"title\":\"Number of servers\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"query - 9 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level == 1\\r\\n| project CmdletResultValue\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators', tostring(CmdletResultValue.Parentgroup))\\r\\n| distinct Parentgroup = Parentgroup\\r\\n| count \",\"size\":4,\"title\":\"Number of Analyzed servers\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"query - 9 - Copy - Copy - Copy\"},{\"type\":1,\"content\":{\"json\":\"This view shows each nonstandard user account that is member (directly or by a group) of the local Administrators group per server.\\r\\n\\r\\nConsider reviewing:\\r\\n- **nonstandard members** the Memberpath help to understand from which group the user comprised\\r\\n- **inconsistent memebrs** across servers\\r\\n\\r\\nNote that content from Trusted forests might not be displayed. \",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"LocalAdminPerServersHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0 \\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup))\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastPwdSet = tostring(CmdletResultValue.LastPwdSetString)\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| summarize Count=count() by MemberPath,Parentgroup,Level,ObjectClass,LastLogon,LastPwdSet,Enabled,DN\\r\\n| project  Parentgroup = strcat(\\\"💻  \\\",Parentgroup),Count,MemberPath,Level,ObjectClass,LastLogon,LastPwdSet,Enabled,DN\\r\\n| sort by Parentgroup asc \",\"size\":1,\"showAnalytics\":true,\"title\":\" Total Non standard Groups and accounts including nested groups\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Parentgroup\",\"formatter\":5,\"formatOptions\":{\"aggregation\":\"Count\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\",\"aggregation\":\"Sum\"}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Parentgroup\"],\"finalBy\":\"Parentgroup\"},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}],\"labelSettings\":[{\"columnId\":\"Parentgroup\",\"label\":\"Server\"}]},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"name\":\"LocalAdminPerServers\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level == 1\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup))\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend MemberPath = case( ObjectClass == \\\"group\\\", strcat( \\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat( \\\"💻 \\\", MemberPath), strcat( \\\"🧑‍🦰 \\\", MemberPath) )\\r\\n| project-away  CmdletResultValue\\r\\n//| summarize Count=count(), Servers=make_set(Parentgroup) by MemberPath\\r\\n| summarize Count=count() by MemberPath,Parentgroup \\r\\n| sort by Count desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Non Standard accounts summary\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Group\",\"formatter\":1},{\"columnMatch\":\"MemberPath\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Member\",\"formatter\":1}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"MemberPath\"],\"expandTopLevel\":false},\"labelSettings\":[{\"columnId\":\"MemberPath\",\"label\":\"MemberPath\"},{\"columnId\":\"Parentgroup\",\"label\":\"Servers\"},{\"columnId\":\"Count\",\"label\":\"Nb Servers\"}]}},\"name\":\"LocalAdminCount\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"##### Select a server to display its content\\r\\n\\r\\nBy default only the non-standard members are displayed. \\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"19e606d9-7f3e-4d2f-a314-892da571e50a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level == 1\\r\\n| project CmdletResultValue\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators', tostring(CmdletResultValue.Parentgroup))\\r\\n| distinct Parentgroup = Parentgroup\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"05ef4f1c-4cf4-406f-9fb2-9ee30dc93abd\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Limited\",\"label\":\"Show only nonstandard members\",\"type\":10,\"description\":\"Show only non standard members\",\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }\\r\\n]\",\"value\":\"True\"},{\"id\":\"901bf975-426f-486b-82de-ff0d64f139bb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"2f7a613f-8749-44c9-b8be-844964badef8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0 \\r\\n| where CmdletResultValue.Parentgroup contains \\\"{Server}\\\"\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup)) in ({Limited})\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(365d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n | extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by MemberPath asc\\r\\n| project-away Parentgroup\",\"size\":1,\"showAnalytics\":true,\"title\":\"Local Administrators group content\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"conditionalVisibility\":{\"parameterName\":\"Server\",\"comparison\":\"isNotEqualTo\",\"value\":\"\"},\"name\":\"AdGroups\",\"styleSettings\":{\"showBorder\":true}}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Server\"},\"name\":\"Local Administrators\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange and AD GRoup\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays the content of high privilege groups in Exchange and AD.\"},\"name\":\"text - 7\"},{\"type\":1,\"content\":{\"json\":\"The **Exchange Trusted Subsystem** group is one the two most sensistive groups in Exchange. This group has all privileges in Exchange and very high privileges in AD.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/exchange-2013-deployment-permissions-reference-exchange-2013-help\\\" target=\\\"_blank\\\">Exchange 2013 deployment permissions reference</a>\\r\\n\\r\\nThis group should only contains computer accounts for each Exchange servers. When the DAG has an IP and a CNO, it is acceptable to have the DAG's computer account.\\r\\n\\r\\nThis section only shows direct nonstandard members.\",\"style\":\"info\"},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ExchangeTrustedSubsystemHelp\"},{\"type\":1,\"content\":{\"json\":\"The **Exchange Windows Permissions** group is one the two most sensistive groups in Exchange. This group has very high privileges in AD.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/exchange-2013-deployment-permissions-reference-exchange-2013-help\\\" target=\\\"_blank\\\">Exchange 2013 deployment permissions reference</a>\\r\\n\\r\\nThis group should only contains the group Exchange Trusted SubSystem. This section only shows direct nonstandard members. \",\"style\":\"info\"},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"WindowsPermissionGroupTileHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETSValidcontent = union kind=outer (ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(CmdletResultValue.Name)), (ExchangeConfiguration(SpecificSectionList=\\\"DAG\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(Identity));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ETS\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETSValidcontent)\\r\\n| summarize MyCount=countif( CmdletResultType == \\\"Success\\\") by CmdletResultType\\r\\n| project   Result = iff ( CmdletResultType == \\\"Success\\\", tostring(MyCount), \\\"\\\")\",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Trusted SubSystem group nonstandard member count\",\"noDataMessage\":\"Content of group as Expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"CmdletResultValue_Name\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Result\",\"formatter\":12,\"formatOptions\":{\"palette\":\"hotCold\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3},\"emptyValCustomText\":\"ScriptError\"}},\"showBorder\":true}},\"customWidth\":\"50\",\"name\":\"ExchangeServersTileGroup1Query\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETScontent = ExchangeConfiguration(SpecificSectionList=\\\"ETS\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") | project Name = tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"EWP\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETScontent) and CmdletResultValue.Name != \\\"Exchange Trusted Subsystem\\\"\\r\\n| extend Result = iff ( CmdletResultType == \\\"Success\\\", \\\"\\\", \\\"Error in the script unable to retrieve value\\\")\\r\\n| summarize MyCount=countif( CmdletResultType == \\\"Success\\\") by CmdletResultType\\r\\n| project   Result = iff ( CmdletResultType == \\\"Success\\\", tostring(MyCount), \\\"\\\")\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Windows Permissions group direct nonstandard members (Exchange Trusted subsystem non standard content not included)\",\"noDataMessage\":\"Content of group as expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"CmdletResultValue_Name\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Result\",\"formatter\":12,\"formatOptions\":{\"palette\":\"hotCold\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3},\"emptyValCustomText\":\"ScriptError\"}},\"showBorder\":true}},\"customWidth\":\"50\",\"name\":\"ExchangeServersTileGroup2Query\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange Windows Permissions direct nonstandard content (Exchange Trusted subsystem non standard content not included)\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETSValidcontnet = union kind=outer (ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(CmdletResultValue.Name)), (ExchangeConfiguration(SpecificSectionList=\\\"DAG\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(Identity));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ETS\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETSValidcontnet)\\r\\n//| extend Name = strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name))\\r\\n| extend Name = iff(CmdletResultType == \\\"Success\\\", strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name)),\\\"Script was unable to retrieve data\\\")\\r\\n| project Name \",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Trusted SubSystem nonstandard content\",\"noDataMessage\":\"Content of Exchange Trusted SubSystem as Expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000}},\"customWidth\":\"50\",\"name\":\"ETSDetails\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETScontent = ExchangeConfiguration(SpecificSectionList=\\\"ETS\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") | project Name = tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"EWP\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETScontent) and CmdletResultValue.Name != \\\"Exchange Trusted Subsystem\\\"\\r\\n//| extend Name = strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name))\\r\\n| extend Name = iff(CmdletResultType == \\\"Success\\\", strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name)),\\\"Script was unable to retrieve data\\\")\\r\\n| project Name \",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Windows Permissions direct nonstandard content (Exchange Trusted subsystem non standard content not included)\",\"noDataMessage\":\"Content of Exchange Windows Permissions as Expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"WindowsPermissionsQuery\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ETS and WP Grids\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange groups from old Exchange version\",\"items\":[{\"type\":1,\"content\":{\"json\":\"ℹ️ Recommendations\\r\\n\\r\\n- Groups from old Exchange version should have been removed\\r\\n- List of old groups \\r\\n\\t- Exchange Organization Administrators\\r\\n\\t- Exchange Recipient Administrators\\r\\n\\t- Exchange Public Folder Administrators\\r\\n\\t- Exchange Server Administrator\\r\\n\\t- Exchange View-Only Administrator\\r\\n\\t- Exchange Enterprise Servers (located in the root domain)\\r\\n\\t- Exchange Domain Servers : one group per domain\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/built-in-role-groups-exchange-2013-help\\\" target=\\\"_blank\\\">Help for Built-in role groups</a>\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\r\\nlet OldVGroup = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")| where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" or  CmdletResultValue.Parentgroup == \\\"Exchange Services\\\"| extend Parentgroup = tostring(CmdletResultValue.Parentgroup));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") \\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where CmdletResultValue.Parentgroup in (\\\"Exchange Organization Administrators\\\", \\\"Exchange Recipient Administrators\\\", \\\"Exchange Public Folder Administrators\\\", \\\"Exchange Server Administrator\\\", \\\"Exchange View-Only Administrator\\\") |union OldVGroup\\r\\n| where CmdletResultValue.Level != 0 and CmdletResultValue.ObjectClass !contains \\\"group\\\"\\r\\n| extend MemberPath= tostring(split(tostring(CmdletResultValue.MemberPath), \\\"\\\\\\\\\\\")[countof(tostring(CmdletResultValue.MemberPath), \\\"\\\\\\\\\\\")])\\r\\n| summarize dcount(tostring(MemberPath)) by Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| sort by dcount_MemberPath\\r\\n\\r\\n\\r\\n\",\"size\":4,\"showAnalytics\":true,\"noDataMessage\":\"No groups from old versions found\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true}},\"name\":\"query - 0\"}]},\"name\":\"ExchangeGroupsList\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Expand details on the content of old groups\",\"expandable\":true,\"expanded\":false,\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b4b7a6ad-381a-48d6-9938-bf7cb812b474\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"let OldVGroup = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")| where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" or  CmdletResultValue.Parentgroup == \\\"Exchange Services\\\"| extend Parentgroup = tostring(CmdletResultValue.Parentgroup));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") \\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where CmdletResultValue.Parentgroup in (\\\"Exchange Organization Administrators\\\", \\\"Exchange Recipient Administrators\\\", \\\"Exchange Public Folder Administrators\\\", \\\"Exchange Server Administrator\\\", \\\"Exchange View-Only Administrator\\\") |union OldVGroup\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Parentgroup)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a695df39-1965-479a-ad0f-b4d3d168aaed\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\\r\\n\"},{\"id\":\"2d69bad8-0904-467a-86e6-cb0923520c18\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"Old Exchange groups content  groups (Extract for the OU \\\"Microsoft Exchange Security Groups\\\").\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let OldVGroupEES = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n    | where (CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" and CmdletResultValue.MemberPath != @\\\"Exchange Enterprise Servers\\\\Exchange Domain Servers\\\")  or CmdletResultValue.Parentgroup == \\\"Exchange Services\\\"\\r\\n    | extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n    | extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n    | extend DN = tostring(CmdletResultValue.DN)\\r\\n    | extend Level = tostring(CmdletResultValue.Level)\\r\\n    | extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n    | extend Enabled = tostring(CmdletResultValue.Enabled) );\\r\\nlet OldVGroupEDS = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='B13', Target = \\\"On-Premises\\\")\\r\\n    | where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" and CmdletResultValue.Level ==0\\r\\n    | extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| mv-expand CmdletResultValue.Members\\r\\n| where CmdletResultValue_Members.objectClass == \\\"group\\\"\\r\\n| project Parentgroup, MemberPath= strcat(Parentgroup,\\\"\\\\\\\\\\\", CmdletResultValue_Members.name), Level = tostring(1), ObjectClass = tostring(CmdletResultValue_Members.objectClass), DN = tostring(CmdletResultValue_Members.DistinguishedName), ObjectGuid = tostring(CmdletResultValue_Members.ObjectGuid)| join kind=inner ( ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='B13', Target = \\\"On-Premises\\\")\\r\\n    | where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\"\\r\\n    | extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n    | extend ObjectGuid = tostring(CmdletResultValue.ObjectGuid)) on ObjectGuid) ;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='B13', Target = \\\"On-Premises\\\") \\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where CmdletResultValue.Parentgroup in (\\\"Exchange Organization Administrators\\\", \\\"Exchange Recipient Administrators\\\", \\\"Exchange Public Folder Administrators\\\", \\\"Exchange Server Administrator\\\", \\\"Exchange View-Only Administrator\\\")\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| union OldVGroupEES,OldVGroupEDS\\r\\n| search CmdletResultValue.Parentgroup == \\\"{Group}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago(0d) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago(0d) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| sort by tostring(CmdletResultValue.MemberPath) asc \\r\\n| where CmdletResultValue.Level != 0\\r\\n//| extend DN = tostring(CmdletResultValue.DN)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass == \\\"group\\\" or ObjectClass == \\\"computer\\\" or ObjectClass == \\\"Local User\\\" or ObjectClass == \\\"computer\\\", \\\"N/A\\\", iif (todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString, iff (LastLogon == \\\"\\\", \\\"❌ Never logged\\\", strcat(\\\"❌\\\", LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass == \\\"group\\\" or ObjectClass == \\\"computer\\\" or ObjectClass == \\\"Local User\\\" or ObjectClass == \\\"computer\\\", \\\"N/A\\\", iif (todatetime (CmdletResultValue.LastPwdSetString) > ago(366d), CmdletResultValue.LastPwdSetString, iff (LastPwdSet == \\\"\\\", \\\"❌ Password never set\\\", strcat(\\\"❌\\\", LastPwdSet))))\\r\\n| extend MemberPath = case(ObjectClass == \\\"group\\\", strcat(\\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat(\\\"💻 \\\", MemberPath), strcat(\\\"🧑‍🦰 \\\", MemberPath))\\r\\n| project Parentgroup, MemberPath, Level, ObjectClass,LastLogon, LastPwdSet ,Enabled,DN\\r\\n\",\"size\":1,\"showAnalytics\":true,\"noDataMessage\":\"The query returned no results.\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletResultValue\",\"formatter\":5},{\"columnMatch\":\"Parentgroup\",\"formatter\":5},{\"columnMatch\":\"LastPwdSet\",\"formatter\":0,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"ParentId\",\"formatter\":5},{\"columnMatch\":\"Id\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true}},\"showPin\":true,\"name\":\"ExchangeServersGroupsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"group - 5\"}]},\"name\":\"Exchange group from old Exchange versions\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"ℹ️ Recommendations\\r\\n\\r\\n- Ensure that no service account are a member of the high privilege groups. Use RBAC to delegate the exact required permissions.\\r\\n- Limit the usage of nested group for administration.\\r\\n- Ensure that accounts are given only the required pernissions to execute their tasks.\\r\\n- Use just in time administration principle by adding users in a group only when they need the permissions, then remove them when their operation is over.\\r\\n- Limit the number of Organization management members. When you review the Admin Audit logs you might see that the administrators rarely needed Organization Management privileges.\\r\\n- Monitor the content of the following groups:\\r\\n  - Organization Management\\r\\n  - Recipient Management (Member of this group have at least the following rights : set-mailbox, Add-MailboxPermission)\\r\\n  - Discovery Management\\r\\n  - Server Management\\r\\n  - Hygiene Management\\r\\n  - Exchange Servers\\r\\n  - Exchange Trusted Subsystem  \\r\\n  - Exchange Windows Permissions\\r\\n  - xxx High privilege group (not an exhaustive list)\\r\\n  - All RBAC groups that have high roles delegation\\r\\n  - All nested groups in high privileges groups\\r\\n  - Note that this is not a complete list. The content of all the groups that have high privileges should be monitored.\\r\\n- Each time a new RBAC group is created, decide if the content of this groups should be monitored\\r\\n- Periodically review the members of the groups\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/built-in-role-groups-exchange-2013-help\\\" target=\\\"_blank\\\">Help for Built-in role groups</a>\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Summary content of most important groups\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.Level != 0 and CmdletResultValue.ObjectClass !contains \\\"group\\\"\\r\\n| extend MemberPath= tostring(split(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")[countof(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")])\\r\\n| summarize dcount(tostring(MemberPath)) by Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where Parentgroup in  (\\\"Organization Management\\\", \\\"Compliance Management\\\", \\\"Discovery Management\\\", \\\"Server Management\\\", \\\"Recipient Manangement\\\",\\\"Security Administrator\\\", \\\"Hygiene Management\\\", \\\"Public Folder Manangement\\\", \\\"Records Manangement\\\") or Parentgroup contains \\\"Impersonation\\\" or Parentgroup contains \\\"Export\\\"\\r\\n| sort by dcount_MemberPath\\r\\n\\r\\n\",\"size\":4,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true}},\"name\":\"query - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Expand for summary content for all groups located in the OU Exchange Security Groups\",\"expandable\":true,\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.Level != 0 and CmdletResultValue.ObjectClass !contains \\\"group\\\"\\r\\n| extend MemberPath= tostring(split(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")[countof(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")])\\r\\n| summarize dcount(tostring(MemberPath)) by Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| sort by dcount_MemberPath desc\\r\\n\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"OU Exchange Security Groups\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true}},\"showPin\":false,\"name\":\"query - 0 - Copy\"}]},\"name\":\"All groups\"}]},\"name\":\"ExchangeGroupsList\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b4b7a6ad-381a-48d6-9938-bf7cb812b474\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Trusted Subsystem\\\"\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Windows Permissions\\\"\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Parentgroup)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"showExportToExcel\":true,\"showAnalytics\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"f3b935d7-b78f-41d2-94bc-f8c878a13260\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon >\",\"type\":10,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"3343688f-e609-4822-b4ed-cdd50b77d948\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set >\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"Exchange groups content (Extract for the OU \\\"Microsoft Exchange Security Groups\\\").\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| search CmdletResultValue.Parentgroup == \\\"{Group}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| sort by tostring(CmdletResultValue.MemberPath) asc \\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| sort by MemberPath asc\\r\\n//| extend MemberPath = case( ObjectClass == \\\"group\\\", strcat( \\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat( \\\"💻 \\\", MemberPath), strcat( \\\"🧑‍🦰 \\\", MemberPath) )\\r\\n| project-away CmdletResultValue,Parentgroup\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"name\":\"ExchangeServersGroupsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Exchange group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"AD Group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"High privileges AD groups can take control of Exchange by adding any accounts in the Exchange groups.\\r\\n\\r\\nNote that the members of the Account Operators are able to manage every AD group (except those protected by AdminSDHolder). This means they can manage the content of every high privilege Exchange groups.\\r\\n\\r\\nℹ️ It is recommended to not use this group and to monitor its changes.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ADGroupHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"268bd356-7d05-41c3-9867-00c6ab198c5a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Parentgroup)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"showExportToExcel\":true,\"showAnalytics\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000}},{\"id\":\"9d02cad2-f4c5-418d-976f-b88b56f80cb5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"9e591429-d8ea-40c2-80c1-2426c72c92d5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":1,\"content\":{\"json\":\"Overview of high privileges AD Groups' content.\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| search CmdletResultValue.Parentgroup == \\\"{Group}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| sort by tostring(CmdletResultValue.MemberPath) asc \\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| sort by MemberPath asc\\r\\n//| extend MemberPath = case( ObjectClass == \\\"group\\\", strcat( \\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat( \\\"💻 \\\", MemberPath), strcat( \\\"🧑‍🦰 \\\", MemberPath) )\\r\\n| project-away CmdletResultValue,Parentgroup\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletResultValue\",\"formatter\":5},{\"columnMatch\":\"Parentgroup\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"AD Group\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"ExchAD\"},\"name\":\"Exchange and AD GRoup\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Security configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays differents security configuration for transport components.\"},\"name\":\"text - 10\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.PermissionGroupsString contains \\\"Anonymous\\\"\\r\\n| summarize Count = countif (CmdletResultValue.PermissionGroupsString contains \\\"Anonymous\\\")  by Name,tostring(CmdletResultValue.Server.Name)\\r\\n\",\"size\":0,\"title\":\"Anonymous Configuration\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"yAxis\":[\"Count\"],\"group\":\"CmdletResultValue_Server_Name\",\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"33\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RCAnonymous\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = tostring(Identity)\\r\\n|summarize count() by Identity\",\"size\":0,\"title\":\"OpenRelay with \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" for Anonymous\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"33\",\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.AuthMechanismString contains (\\\"ExternalAuthoritative\\\")\\r\\n| extend Server = tostring(CmdletResultValue.Server.Name)\\r\\n| summarize count() by Name,Server\\r\\n\",\"size\":0,\"title\":\"Open Relay using with Externally Secure\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"33\",\"name\":\"query - 2\"}]},\"name\":\"group - 8\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors OpenRelay using Extended Right \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" for Anonymous\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This view shows all **Receive Connectors** configured configured as Open Relay with the Extended Rights \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" set on the Receive Connector object in the Configuration partition.\\r\\n\\r\\n\\r\\nRemember that with this configuration, the Exchange servers can be used to send emails outside the organization. Depending on the configuration, the connectors may be protected by IPs. However, IP protection is not safe configuration.\\r\\n\\r\\nYou can check if the \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" ExtendedRights has been added on the Receive connector for Anonymous with PowerShell: `Get-ReceiveConnector  | Get-ADPermission | ? {$_.ExtendedRights -like \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\"}`\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019\\\" target=\\\"_blank\\\">Allow anonymous relay on Exchange server</a>\\r\\n\\r\\nSee the section \\\"Receive Connectors with Anonymous Permission\\\" for additional information regarding Anonymous authentication and IP protection.\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ReceiveConnectorsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"fa5f9749-d6f8-436f-ae00-cba306713bac\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.ServerRole <> \\\"64\\\"\\r\\n| extend SRVName = tostring(CmdletResultValue.Name)\\r\\n| distinct SRVName\\r\\n| sort by SRVName asc\",\"typeSettings\":{\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"14912e83-60a1-4a21-a34b-500d4662a666\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NoIPRestriction\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":\\\"False\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":1,\"content\":{\"json\":\"The toogle buttom help you to sort by:\\r\\n\\r\\n- Server\\r\\n- Receive connectors with no IP restrictions\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RCAnonymous\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project Identity,CmdletResultValue\\r\\n| extend Identity = tostring(Identity)\\r\\n| extend Server = replace_string(replace_string(tostring(split(CmdletResultValue.DistinguishedName,\\\",\\\",3)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n|join kind=leftouter  ( ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\") ) on $left.Identity == $right.Name\\r\\n| where CmdletResultValue1.Server.Name contains \\\"{Server}\\\"\\r\\n| where (CmdletResultValue1.RemoteIPRanges contains \\\"0.0.0.0\\\" or CmdletResultValue1.RemoteIPRanges contains \\\"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\\\") in ({NoIPRestriction})\\r\\n| where CmdletResultValue1.PermissionGroupsString contains \\\"Anonymous\\\" //> 12 and CmdletResultValue.PermissionGroups != 14 and CmdletResultValue.PermissionGroups != 16\\r\\n| extend Server = tostring(CmdletResultValue1.Server.Name)\\r\\n| extend Name = tostring(CmdletResultValue1.Name)\\r\\n| extend TransportRole = iff(CmdletResultValue1.TransportRole== \\\"32\\\" , \\\"HubTransport\\\", \\\"FrontendTransport\\\")\\r\\n| extend Enabled = tostring(CmdletResultValue1.Enabled)\\r\\n| extend PermissionGroups = tostring(CmdletResultValue1.PermissionGroupsString) \\r\\n| extend AuthMechanism = tostring(CmdletResultValue1.AuthMechanismString)\\r\\n| mv-expand RemoteIPall=CmdletResultValue1.RemoteIPRanges\\r\\n| mv-expand BindingAllall=CmdletResultValue1.Bindings\\r\\n| extend RemoteIP= RemoteIPall.Expression\\r\\n| extend IP= strcat (BindingAllall.Address,\\\"-\\\",BindingAllall.Port)\\r\\n| summarize Bindings = make_set(tostring(IP)),RemoteIPRange = make_set(tostring(RemoteIP)) by Server,Name,TransportRole,Enabled,PermissionGroups,AuthMechanism\\r\\n| sort  by Server asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"name\":\"RCAnonymousQuery\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Receive Connectors OpenRelay using Extended Right \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" for Anonymous\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors OpenRelay using Authentication ExternalAuthoritative\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This view shows all Receive Connectors configured with authentication set to Externally Secure. With this configuration the Receive connector will be allow as Open Relay.\\r\\n\\r\\nRemember that with this configuration, the Exchange servers can be used to send emails outside the organization. Depending on the configuration, the connectors may be protected by IP. However, IP protection is not safe configuration.\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019\\\" target=\\\"_blank\\\">Allow anonymous relay on Exchange server</a>\\r\\n\\r\\nSee the section \\\"Receive Connectors with Anonymous Permission\\\" for additional information regarding Anonymous authentication and IP protection.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ReceiveConnectorsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"195a66a1-7aa2-4564-bd3b-233049d6f101\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.ServerRole <> \\\"64\\\"\\r\\n| extend SRVName = tostring(CmdletResultValue.Name)\\r\\n| distinct SRVName\\r\\n| sort by SRVName asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"4ef1d2a2-a13f-4bd4-9e66-2d9a15ad8a7a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NoIPRestriction\",\"type\":10,\"description\":\"See Receive Connectors with no IP restriction\",\"isRequired\":true,\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":\\\"False\\\" }\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"The toogle buttom help you to sort by:\\r\\n\\r\\n- Server\\r\\n- Receive connectors with no IP restrictions\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Server.Name contains \\\"{Server}\\\"\\r\\n| where (CmdletResultValue.RemoteIPRanges contains \\\"0.0.0.0\\\" or CmdletResultValue.RemoteIPRanges contains \\\"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\\\") in ({NoIPRestriction})\\r\\n| where CmdletResultValue.AuthMechanismString contains \\\"ExternalAuthoritative\\\" //> 12 and CmdletResultValue.PermissionGroups != 14 and CmdletResultValue.PermissionGroups != 16\\r\\n| project CmdletResultValue\\r\\n| extend Server = tostring(CmdletResultValue.Server.Name)\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend TransportRole = iff(CmdletResultValue.TransportRole== \\\"32\\\" , \\\"HubTransport\\\", \\\"FrontendTransport\\\")\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend PermissionGroups = tostring(CmdletResultValue.PermissionGroupsString)\\r\\n//| extend Bindings = iif(tostring(parse_json(tostring(CmdletResultValue.Bindings))[1].Port )!=\\\"\\\",tostring(strcat(tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Address),\\\"-\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Port),\\\",\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[1].Address),\\\"-\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[1].Port))),tostring(strcat(tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Address),\\\"-\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Port))))\\r\\n//| extend RemoteIPRanges = tostring(CmdletResultValue.RemoteIPRanges)\\r\\n| extend AuthMechanism = tostring(CmdletResultValue.AuthMechanismString)\\r\\n| mv-expand RemoteIPall=CmdletResultValue.RemoteIPRanges\\r\\n| mv-expand BindingAllall=CmdletResultValue.Bindings\\r\\n| extend RemoteIP= RemoteIPall.Expression\\r\\n| extend IP= strcat (BindingAllall.Address,\\\"-\\\",BindingAllall.Port)\\r\\n| summarize Bindings = make_set(tostring(IP)),RemoteIPRange = make_set(tostring(RemoteIP)) by Server,Name,TransportRole,Enabled,PermissionGroups,AuthMechanism\\r\\n| sort  by Server asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Receive Connectors configure with Externally Secured Authentication\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Security Transport  Configuration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors with Anonymous Permission\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This view shows all Receive Connectors configured with Anonymous authentication. It is not recommended to configure connectors with Anonymous authentication.\\r\\n\\r\\nWhen configured with Anonymous and No Ip Restriction, any machine can initiate an SMTP session with the Receive Connectors. This can then be used send emails (SPAM/Virus/Phishing....) to all the mailboxes in the organization. The mail will be seen as an internal mail and might bypass some protections.\\r\\n\\r\\nIf you absolute need this configuration because some of your application does not support Authentication, it is strongly recommended to limit the IP addresses that can establish SMTP sessions with Exchange. Do not use range of subnet.\\r\\n\\r\\nThis section has an option button to display \\r\\n     All Receive Connectors with Anonymous (No)\\r\\n     All Receive Connectors with Anonymous and with no IP Restriction (Yes)\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ReceiveConnectorsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"195a66a1-7aa2-4564-bd3b-233049d6f101\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.ServerRole <> \\\"64\\\"\\r\\n| extend SRVName = tostring(CmdletResultValue.Name)\\r\\n| distinct SRVName\\r\\n| sort by SRVName asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"bcb24a01-9242-4fec-b30a-02b0583cbc87\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NoIPRestriction\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":\\\"False\\\" }\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"The toogle buttom help you to sort by:\\r\\n\\r\\n- Server\\r\\n- Receive connectors with no IP restrictions\"},\"name\":\"text - 3 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Server.Name contains \\\"{Server}\\\"\\r\\n| where (CmdletResultValue.RemoteIPRanges contains \\\"0.0.0.0\\\" or CmdletResultValue.RemoteIPRanges contains \\\"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\\\") in ({NoIPRestriction})\\r\\n| where CmdletResultValue.PermissionGroupsString contains \\\"Anonymous\\\" //> 12 and CmdletResultValue.PermissionGroups != 14 and CmdletResultValue.PermissionGroups != 16\\r\\n| project CmdletResultValue\\r\\n| extend Server = tostring(CmdletResultValue.Server.Name)\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend TransportRole = iff(CmdletResultValue.TransportRole== \\\"32\\\" , \\\"HubTransport\\\", \\\"FrontendTransport\\\")\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend PermissionGroups = tostring(CmdletResultValue.PermissionGroupsString) \\r\\n| extend AuthMechanism = tostring(CmdletResultValue.AuthMechanismString)\\r\\n| mv-expand RemoteIPall=CmdletResultValue.RemoteIPRanges\\r\\n| mv-expand BindingAllall=CmdletResultValue.Bindings\\r\\n| extend RemoteIP= RemoteIPall.Expression\\r\\n| extend IP= strcat (BindingAllall.Address,\\\"-\\\",BindingAllall.Port)\\r\\n| summarize Bindings = make_set(tostring(IP)),RemoteIPRange = make_set(tostring(RemoteIP)) by Server,Name,TransportRole,Enabled,PermissionGroups,AuthMechanism\\r\\n| sort  by Server asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Receive Connectors configure with Anonymous Permission\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Receive Connectors configure with Anonymous Permission\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Rules with specific actions to monitor\",\"items\":[{\"type\":1,\"content\":{\"json\":\"A  common way used by attackers to exfiltrate data is to set Transport Rules that send all or sensitive messages outside the organization or to a mailbox where they already have full control.\\r\\n\\r\\nThis section shows your Transport rules with sentitive actions that can lead to data leaks:\\r\\n- BlindCopyTo\\r\\n- RedirectMessageTo\\r\\n- CopyTo\\r\\n\\r\\n\\r\\nFor more information :\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rules?view=exchserver-2019\\\" target=\\\"_blank\\\">Mail flow rules in Exchange Serve</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"TransportRule\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Identity = iif( CmdletResultValue.Identity contains \\\"OrgHierarchyToIgnore\\\",tostring(CmdletResultValue.Identity.Name),tostring(CmdletResultValue.Identity))\\r\\n//| extend State = tostring(CmdletResultValue.State)\\r\\n| extend Status= iff ( tostring(CmdletResultValue.State)== \\\"Enabled\\\" or tostring(CmdletResultValue.State)== \\\"1\\\" , \\\"Enabled\\\",iff(tostring(CmdletResultValue.State)==\\\"\\\",\\\"\\\", \\\"Disabled\\\"))\\r\\n| extend SentTo = tostring(CmdletResultValue.SentToString)\\r\\n| extend BlindCopyTo = tostring(CmdletResultValue.BlindCopyToString)\\r\\n| extend CopyTo = tostring(CmdletResultValue.CopyToString)\\r\\n| extend RedirectMessageTo = tostring(CmdletResultValue.RedirectMessageToString)\\r\\n| extend Mode = tostring(CmdletResultValue.Identity.Mode)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Identity asc\\r\\n| sort  by Status desc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Transport Rules actions to monitor\"},{\"type\":1,\"content\":{\"json\":\"### Journal Mailboxes\"},\"name\":\"JournalMailboxHelp\"},{\"type\":1,\"content\":{\"json\":\"The **Journal Mailboxes** contain emails sent and received by specific or all users. The content of these mailboxes is very sensitives.\\r\\n\\r\\nJournal Rules should be reviewed to check if they are still needed. Mailbox audit should be set on these mailboxes. Also by default, no one should access to these mailboxes.\\r\\n\\r\\nThen, it is recommended to regularly check who have Full Access mailbox or Receive As on these mailboxes.\\r\\nAdditional information :\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling in Exchange Server</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling-procedures?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling procedures</a>\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Mailbox audit logging in Exchange Server</a>\\r\\n\\r\\n\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"JournalHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"JournalRule\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Identity = tostring(CmdletResultValue.Identity)\\r\\n| extend Status= iff ( tostring(CmdletResultValue.Enabled)== \\\"Enabled\\\" or tostring(CmdletResultValue.Enabled)== \\\"1\\\" , \\\"Enabled\\\", iff(tostring(CmdletResultValue.Enabled)==\\\"\\\",\\\"\\\", \\\"Disabled\\\"))\\r\\n//| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend JournalEmailAddress = tostring(CmdletResultValue.JournalEmailAddress)\\r\\n| extend Recipient = tostring(CmdletResultValue.Recipient)\\r\\n| sort  by Identity asc\\r\\n| sort  by Status desc\\r\\n| project-away CmdletResultValue\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Journal Rules configured in your environment\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"JournalQuery\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Journal Recipients on mailbox databases configured in your environment\",\"items\":[{\"type\":1,\"content\":{\"json\":\"As Journal Recipient on databases send all the mail send to users in this database to a specific mailbox. The content of these mailboxes is very sensitive.\\r\\n\\r\\nJournal Recipients configuration should be reviewed to check if they are still needed. Mailbox audit should be set on these mailboxes. No one should have access to these mailboxes by default.\\r\\n\\r\\nIt is recommended to regularly check who have Full Access or Receive As on these mailboxes.\\r\\n\\r\\nAdditional information :\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling in Exchange Server</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling-procedures?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling procedures</a>\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Mailbox audit logging in Exchange Server</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"JournalRecipientsHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MbxDBJournaling\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.JournalRecipient !=\\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Identity = tostring(CmdletResultValue.Identity.Name)\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend JournalRecipient = tostring(CmdletResultValue.JournalRecipient)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Identity asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"JournalRecipientsGroup\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Remote Domain Autofoward Configuration - * should not allow AutoForwardEnabled\",\"items\":[{\"type\":1,\"content\":{\"json\":\"If **AutoForwardEnabled** is set to True for an SMTP domain, then users in Outlook are allowed to set automatic transfer of all their emails to addresses in this domain.\\r\\n\\r\\nWhen the Default Remote domain is set to * and has the AutoForwardEnabled set True, any user can configure an Outlook rule to automatically forward all emails to any SMTP domain domains outside the organization. This is a high risk configuration as it might allow accounts to leak information. \\r\\n\\r\\nAlso, when setting AutoForwardEnabled to a specific domain, it is strongly recommended enable TLS encryption.\\r\\n\\r\\nAdditional information:\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/remote-domains-exchange-2013-help\\\" target=\\\"_blank\\\">Remote Domains</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"AutoForwardHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RemoteDomain\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name =  tostring(CmdletResultValue.Name)\\r\\n| extend Address =  tostring(CmdletResultValue.DomainName.Address)\\r\\n| extend AutoForwardEnabled =  iff (CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.Address == \\\"*\\\", strcat (\\\"❌\\\",tostring(CmdletResultValue.AutoForwardEnabled)),iff(CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.Address != \\\"*\\\", strcat (\\\"⚠️\\\",tostring(CmdletResultValue.AutoForwardEnabled)),strcat (\\\"✅\\\",tostring(CmdletResultValue.AutoForwardEnabled))))\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Address asc \",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"Accepted domains set to * authorize Open Relay.\\r\\n\\r\\nMore information:\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mail-flow/accepted-domains/accepted-domains?view=exchserver-2019\\\" target=\\\"_blank\\\">Accepted domains</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"AcceptedDomain\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.DomainName.Address == \\\"*\\\"\\r\\n| extend Name =  tostring(CmdletResultValue.Name)\\r\\n| extend Address =  tostring(CmdletResultValue.DomainName.Address)\\r\\n| extend Address =  \\\"* : ❌ OpenRelay configuration\\\"\\r\\n| extend DomainType =  case(CmdletResultValue.DomainType==\\\"0\\\",\\\"Authoritative Domain\\\",CmdletResultValue.DomainType==\\\"1\\\",\\\"ExternalRelay\\\",CmdletResultValue.DomainType==\\\"2\\\",\\\"InternalRelay\\\",\\\"NotApplicable\\\")\\r\\n| project-away CmdletResultValue\",\"size\":1,\"showAnalytics\":true,\"title\":\"Accepted domain with *\",\"noDataMessage\":\"Accepted Domain * not confirgured (no Open Relay)\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ForwardGroup\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Transport\"},\"name\":\"Transport Security configuration\"}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeSecurityReview\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Microsoft Exchange Security Review\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"743317e2-ebcf-4958-861d-4ff97fc7cce1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ExchangeEnvironmentList(Target=\\\"On-Premises\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n    | where ScopedEnvironment in (_configurationEnv)\\r\\n    | where TimeGenerated > ago(90d)\\r\\n    | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n    | summarize by Collection \\r\\n    | join kind= fullouter ( ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n        | where ScopedEnvironment in (_configurationEnv)\\r\\n        | where TimeGenerated > ago(90d)\\r\\n        | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n        | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm ')\\r\\n        | summarize by PreciseCollection, Collection \\r\\n        | join kind=leftouter (\\r\\n            ESIExchangeConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n            | where ScopedEnvironment in (_configurationEnv)\\r\\n            | where TimeGenerated > ago(90d)\\r\\n            | extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n            | extend PreciseCollection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd HH:mm')\\r\\n            | summarize by PreciseCollection, Collection \\r\\n            | summarize count() by Collection\\r\\n        ) on Collection\\r\\n    ) on Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,iif(count_ > 1,PreciseCollection,Collection1)), Label = iif(Selected,\\\"Last Known date\\\",iif(count_ > 1,PreciseCollection,Collection1)), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":1,\"content\":{\"json\":\"This workbook helps review your Exchange Security configuration.\\r\\nSelect your Exchange Organization and adjust the time range.\\r\\nBy default, the Help won't be displayed. To display the help, choose Yes on the toogle buttom \\\"Show Help\\\"\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"34188faf-7a02-4697-9b36-2afa986afc0f\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Mailbox Access\",\"subTarget\":\"Delegation\",\"postText\":\"t\",\"style\":\"link\",\"icon\":\"3\",\"linkIsContextBlade\":true},{\"id\":\"be02c735-6150-4b6e-a386-b2b023e754e5\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Exchange & AD Groups\",\"subTarget\":\"ExchAD\",\"style\":\"link\"},{\"id\":\"30dc6820-339d-4fa9-ad79-5d79816a5cab\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Local Administrators\",\"subTarget\":\"Server\",\"style\":\"link\"},{\"id\":\"571fa2a4-1f1e-44a2-ada0-ccfb31b9abbb\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Exchange Security Configuration\",\"subTarget\":\"SecConf\",\"style\":\"link\"},{\"id\":\"26c68d90-925b-4c3c-a837-e3cecd489b2d\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Transport Configuration\",\"subTarget\":\"Transport\",\"style\":\"link\"},{\"id\":\"eb2888ca-7fa6-4e82-88db-1bb3663a801e\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Summary\",\"subTarget\":\"Start\",\"style\":\"link\"}]},\"name\":\"TopMenuTabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Workbook goals\\r\\n\\r\\nThe goal of this workbook is to outline key security configurations of your Exchange On-Premises environment.\\r\\n\\r\\nMost of Exchange organizations have were installed years ago (sometimes more than 10 years). Many configurations have been done and might not have been documented. For most environments, the core commitment was maintaining a high availability of the users’ mailboxes putting aside other consideration (even security considerations). Recommended security practices have also evolved since the first released and a regular review is necessary.\\r\\n\\r\\nThis workbook is designed to show your Exchange organization is configured with a security point of view. Indeed, some configurations easy to display as there are no UI available.\\r\\n\\r\\nFor each configuration, you will find explanations and recommendations when applicable.\\r\\n\\r\\n- This workbook does not pretend to show you every weak Security configurations, but the most common issues and known to be used by attackers. \\r\\n- It will not show you if you have been comprised, but will help you identify unexpected configuration.\\r\\n\\r\\n----\\r\\n\\r\\n## Quick reminder of how Exchange works\\r\\n\\r\\nDuring Exchange installation two very important groups are created :\\r\\n- Exchange Trusted Subsystem : Contain all the computer accounts for Exchange Server\\r\\n- Exchange Windows Permissions : Contain the group Exchange trusted Subsystem\\r\\n\\r\\nThese groups have :\\r\\n- Very high privileges in ALL AD domains including the root domain\\r\\n- Right on any Exchange including mailboxes\\r\\n\\r\\nAs each Exchange server computer account is member of Exchange Trusted Subsystem, it means by taking control of the computer account or being System on an Exchange server you will gain access to all the permissions granted to Exchange Trusted Subsystem and Exchange Windows Permissions.\\r\\n\\r\\nTo protect AD and Exchange, it is very important to ensure the following:\\r\\n- There is a very limited number of persons that are local Administrator on Exchange server\\r\\n- To protect user right like : Act part of the operating System, Debug\\r\\n\\r\\nEvery service account or application that have high privileges on Exchange need to be considered as sensitive\\r\\n\\r\\n** 💡 Exchange servers need to be considered as very sensitive servers**\\r\\n\\r\\n-----\\r\\n\\r\\n\\r\\n## Tabs\\r\\n\\r\\n### Mailbox Access\\r\\n\\r\\nThis tab will show you several top sensitive delegations that allow an account to access, modify, act as another user, search, export the content of a mailbox.\\r\\n\\r\\n### Exchange & AD Groups\\r\\n\\r\\nThis tab will show you the members of Exchange groups and Sensitive AD groups.\\r\\n\\r\\n### Local Administrators\\r\\n\\r\\nThis tab will show you the non standard content of the local Administrators group. Remember that a member of the local Administrators group can take control of the computer account of the server and then it will have all the permissions associated with Exchange Trusted Subsytem and Exchange Windows Permissions\\r\\n\\r\\nThe information is displayed with different views : \\r\\n- List of nonstandard users\\r\\n- Number of servers with a nonstandard a user\\r\\n- Nonstandard groups content\\r\\n- For each user important information are displayed like last logon, last password set, enabled\\r\\n\\r\\n### Exchange Security configuration\\r\\n\\r\\nThis tab will show you some important configuration for your Exchange Organization\\r\\n- Status of Admin Audit Log configuration\\r\\n- Status of POP and IMAP configuration : especially, is Plaintext Authentication configured ?\\r\\n- Nonstandard permissions on the Exchange container in the Configuration Partition\\r\\n\\r\\n### Transport Configuration\\r\\n\\r\\nThis tab will show you the configuration of the main Transport components\\r\\n- Receive Connectors configured with Anonymous and/or Open Relay\\r\\n- Remote Domain Autoforward configuration\\r\\n- Transport Rules configured with BlindCopyTo, SendTo, RedirectTo\\r\\n- Journal Rule and Journal Recipient configurations\\r\\n- Accepted Domains with *\\r\\n\\r\\n\"},\"name\":\"WorkbookInfo\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Start\"},\"name\":\"InformationTab\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Security Configuration for the Exchange environment\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays several security information regarding the organization or server's configuration.\"},\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"This section display the Exchange version and the CU installed.\\r\\n\\r\\nFor the latest build number, check this link : <a href=\\\" https://docs.microsoft.com/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019\\\" target=\\\"_blank\\\">Exchange Build Numbers</a>\\r\\n\\r\\nThis section is built from a file located in the public github repository.\\r\\nThe repository is manually updated by the team project  when new CU/SU are released.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ServerVersionCheckHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ExchCUSU = externaldata (Productname:string, CU:string, SU:string, BuildNbAll:string, BuilCUNb:string, Major:string, CUBuildNb:string, SUBuildNb:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/ExchBuildNumber.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| project Productname,CU,SU,BuildNbAll,BuilCUNb,Major,CUBuildNb,SUBuildNb;\\r\\n//ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n//| extend  VersionNumber = strcat(CmdletResultValue.AdminDisplayVersion.Major,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Minor,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Build)\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExchVersion\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend  VersionNumber = tostring(CmdletResultValue.ProductVersion)\\r\\n| extend  Server = tostring(ProcessedByServer_s)\\r\\n| extend CmdletResultType = tostring(CmdletResultType)\\r\\n| join kind= leftouter  (ExchCUSU) on $left.VersionNumber == $right.BuildNbAll\\r\\n| distinct Server,VersionNumber,Productname,CU,SU,CmdletResultType\\r\\n| extend Server = strcat(\\\"💻 \\\",Server)\\r\\n| extend Productname = case ( VersionNumber startswith \\\"15.02\\\", \\\"Exchange 2019\\\", VersionNumber startswith \\\"15.01\\\", \\\"Exchange 2016\\\",  VersionNumber startswith \\\"15.00\\\",\\\"Exchange 2013\\\", \\\"Exchange 2010\\\")\\r\\n| extend CU = iff(CmdletResultType <>\\\"Success\\\", \\\"Unable to retrieve information from server\\\", iff(CU <> \\\"\\\", CU, \\\"New CU or SU not yet in the List\\\"))\\r\\n| extend SU = iff(CmdletResultType <>\\\"Success\\\", \\\"Unable to retrieve information from server\\\", iff( SU <> \\\"\\\", SU, \\\"New CU or SU not yet in the List\\\"))\\r\\n|project-away CmdletResultType\\r\\n| sort by Server asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange servers CU-SU level\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"customWidth\":\"50\",\"name\":\"ExchangeServersList\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ExchCUSU = externaldata (Productname:string, CU:string, SU:string, BuildNbAll:string, BuilCUNb:string, Major:string, CUBuildNb:string, SUBuildNb:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/ExchBuildNumber.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| project Productname,CU,SU,BuildNbAll,BuilCUNb,Major,CUBuildNb,SUBuildNb;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExchVersion\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n//| extend  VersionNumber = strcat(CmdletResultValue.AdminDisplayVersion.Major,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Minor,\\\".\\\",CmdletResultValue.AdminDisplayVersion.Build)\\r\\n| extend  VersionNumber = tostring(CmdletResultValue.ProductVersion)\\r\\n| extend  Server = tostring(CmdletResultValue.Server)\\r\\n| join kind= leftouter  (ExchCUSU) on $left.VersionNumber == $right.BuildNbAll\\r\\n| extend CU = iff( CU <> \\\"\\\", CU, \\\"New CU/SU not yet in the CU List\\\")\\r\\n| extend Version =strcat (VersionNumber,\\\"-\\\",CU,\\\"-\\\",SU)\\r\\n| summarize dcount(Server) by Version\",\"size\":0,\"showAnalytics\":true,\"title\":\"Version break down\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"ExchangeServerVersionPie\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Admin Audit Log configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The Admin Audit log stores all the actions performed on Exchange Servers (except read actions such as Get/Test).\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com /exchange/policy-and-compliance/admin-audit-logging/admin-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Admin Audit Log </a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/admin-audit-logging/manage-admin-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Manage Admin Audit Log </a>\\r\\n\\r\\n\\r\\nThis can be used to track \\r\\n- Unexpected behaviors\\r\\n- Who did a modification\\r\\n- Real actions performed by an account (the output could be used with to identify the necessary privileges)\\r\\n\\r\\nℹ️ Recommendations\\r\\n- Ensure that Admin Audit Log is not disabled\\r\\n- Ensure that critical Cmdlets have not been excluded\\r\\n- Ensure that AdminAuditLogCmdlets is set to * (list of audited Cmdlets)\\r\\n- Review the retention configuration for the Admin Audit Log content\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"AdminAuditHelp\"},{\"type\":1,\"content\":{\"json\":\"Here the main settings for the Admin Audit Log. Remember that AdminAudit log need to be enabled and no cmdlet should be excluded. Also check the retention limit.\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SensitiveCMDLet = externaldata (Cmdlet:string, UserOriented:string, Parameters:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| project Cmdlet,UserOriented,Parameters;\\r\\nlet AAL = (ExchangeConfiguration(SpecificSectionList=\\\"AdminAuditLog\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend AdminAuditLogExcludedCmdlets = CmdletResultValue.AdminAuditLogExcludedCmdlets\\r\\n| project AdminAuditLogExcludedCmdlets);\\r\\nlet SentsitivecmdletTrack = toscalar(SensitiveCMDLet | where Cmdlet has_any ( AAL)| project Cmdlet);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"AdminAuditLog\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend AdminAuditLogEnabled = iff(CmdletResultValue.AdminAuditLogEnabled == \\\"FALSE\\\", \\\" ❌ Disabled, High Risk\\\", \\\"✅ Enabled\\\")\\r\\n| extend AdminAuditLogAgeLimit = tostring(CmdletResultValue.AdminAuditLogAgeLimit)\\r\\n| extend AdminAuditLogAgeLimit = substring(AdminAuditLogAgeLimit,8)\\r\\n| extend AdminAuditLogAgeLimit =substring(AdminAuditLogAgeLimit,0,indexof(AdminAuditLogAgeLimit, ','))\\r\\n| extend AdminAuditLogAgeLimit = iff(toint(AdminAuditLogAgeLimit) == 0,strcat(\\\"❌ No AdminAuditlog recorded \\\",AdminAuditLogAgeLimit), iff(toint(AdminAuditLogAgeLimit) <=30,strcat(\\\"⚠️ Value to low except if exported \\\",AdminAuditLogAgeLimit), strcat(\\\"✅\\\",AdminAuditLogAgeLimit)))\\r\\n| extend AdminAuditLogCmdlets = tostring(CmdletResultValue.AdminAuditLogCmdlets)\\r\\n| extend AdminAuditLogCmdlets = substring(AdminAuditLogCmdlets,2)\\r\\n| extend AdminAuditLogCmdlets = substring(AdminAuditLogCmdlets,0,indexof(AdminAuditLogCmdlets, '\\\"]') )\\r\\n| extend AdminAuditLogCmdlets = replace_string(AdminAuditLogCmdlets,'\\\"',\\\"\\\")\\r\\n| extend Comment_AdminAuditLogCmdlets = iff( AdminAuditLogCmdlets == \\\"*\\\",\\\"✅ Default configuration\\\",\\\"❌ if AdminAuditLogCmdlets empty no logging else only AdminAuditLogCmdlets will be logged\\\")\\r\\n| extend AdminAuditLogExcludedCmdlets = tostring(CmdletResultValue.AdminAuditLogExcludedCmdlets)\\r\\n| extend AdminAuditLogExcludedCmdlets = substring(AdminAuditLogExcludedCmdlets,2)\\r\\n| extend AdminAuditLogExcludedCmdlets = substring(AdminAuditLogExcludedCmdlets,0,indexof(AdminAuditLogExcludedCmdlets, ']'))\\r\\n| extend AdminAuditLogExcludedCmdlets = replace_string(AdminAuditLogExcludedCmdlets,'\\\"',\\\"\\\")\\r\\n//| extend Cmdlet = replace_string(AdminAuditLogExcludedCmdlets,'\\\"',\\\"\\\")\\r\\n//| extend AALECSplit = tostring(split(AdminAuditLogExcludedCmdlets,\\\",\\\"))\\r\\n| project-away CmdletResultValue\\r\\n| extend Comment_AdminAuditLogExcludedCmdlet = case(  isnotempty( SentsitivecmdletTrack ),\\\"❌ Some excluded CmdLets are part of Sensitive Cmdlets\\\",AdminAuditLogExcludedCmdlets <>\\\"\\\",\\\"⚠️ Some Cmdlets are excluded \\\",\\\"✅ No Excluded CmdLet\\\")\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Comment_AdminAuditLogCmdlets\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"70ch\"}}],\"rowLimit\":10000,\"sortBy\":[{\"itemKey\":\"AdminAuditLogCmdlets\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"AdminAuditLogCmdlets\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"group - 0Admin Audit Log configuration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\"},\"name\":\"POP authentication configuration\"},{\"type\":1,\"content\":{\"json\":\"### POP authentication configuration\"},\"name\":\"text - 11\"},{\"type\":1,\"content\":{\"json\":\"If the POP Service is started, the LoginType should not set to Plaintext. This means that the password will be sent in clear on the network. As POP is enabled by default on all the mailboxes, this represents a high security risk.\\r\\n\\r\\nPOP Authentication\\r\\n- **PlainText** TLS encryption is not required on port 110.  Usernames and passwords are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL.\\r\\n- **PlainTextAuthentication** TLS encryption is not required on port 110. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption.\\r\\n- **SecureLogin** Connection on port 110  must use TLS encryption before authenticating.\\r\\n\\r\\nℹ️ Recommendations\\r\\nDisable POP on all mailboxes except those who need to actually use this protocol.\\r\\nSet the authentication to SecureLogin or at least to PlainTextAuthentication and configure the application.\\r\\n\\r\\nIf the application is not able to perform this type of authentication:\\r\\n- Ensure that POP is disabled on all the mailboxes except those who really need it \\r\\n- Monitor the POP connections\\r\\n- Change the password of the application on a regular basis\\r\\n\\r\\nRecommended Reading : \\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/aa997188(v=exchg.141).aspx \\\" target=\\\"_blank\\\">Configuring Authentication for POP3 and IMAP4</a>\\r\\n \\r\\n<a href=\\\"https://technet.microsoft.com/library/aa997154(v=exchg.160).aspx\\\" target=\\\"_blank\\\"> Set-PopSettings</a>\\r\\n\\r\\n\\r\\nIn order to track mailboxes that are currently using POP\\r\\n- Enable POP logging\\r\\n- Set-PopSettings -Server SRV1  -ProtocolLogEnabled verbose\\r\\n- Several weeks later, analyze the log content\\r\\n- Default location :    - Get-PopSettings -server SRV1 | fl server,*log*\\r\\n- Check for connection and authentication\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"PopServiceHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"PopSettings\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| join kind = leftouter(ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangePop3\\\")\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString\\r\\n| join (ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangePop3BE\\\" )\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString) on ServerName) on ServerName\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| extend LoginType =  iff(CmdletResultValue.LoginType== 1 , \\\"⛔ PlainText, High Risk\\\", iff(CmdletResultValue.LoginType== 2, \\\"⚠️ PlainTextAuthentication\\\",\\\"✅ SecureLogin\\\"))\\r\\n| extend ProtocolLogEnabled =  tostring(CmdletResultValue.ProtocolLogEnabled)\\r\\n| extend ServiceName =  iff(tostring(ServiceName)==\\\"\\\", \\\"Service Status not retrieved\\\",tostring(ServiceName))\\r\\n| extend Status =  tostring(Status)\\r\\n| extend BackendEndService=  tostring(ServiceName1)\\r\\n| extend StartupType =  tostring(StartupType)\\r\\n| extend BEStatus =  tostring(Status1)\\r\\n| extend BEStartupType =  tostring(StartupType1)\\r\\n| project ServerName,LoginType,ServiceName,Status,StartupType,BackendEndService,BEStatus,BEStartupType,ProtocolLogEnabled\\r\\n| sort by ServerName asc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Pop Authentication : should not be set as Plaintext\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LoginType\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":0,\"formatOptions\":{\"aggregation\":\"Sum\"}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"LoginType\"],\"finalBy\":\"LoginType\"}}},\"name\":\"PopSettingsQuery\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"### IMAP authentication configuration\"},\"name\":\"IMAPTitle\"},{\"type\":1,\"content\":{\"json\":\"If the IMAP Service is started, the LoginType should not set to Plaintext. This means that the passwords will be sent in clear over the network. As IMAP is enabled by default on all the mailboxes, this is a high security risk.\\r\\n\\r\\nIMAP Authentication\\r\\n- **PlainText** TLS encryption is not required on port 110.  User name and password are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL.\\r\\n- **PlainTextAuthentication** TLS encryption is not required on port 143. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption.\\r\\n- **SecureLogin** Connection on port 143 must use TLS encryption before authenticating.\\r\\n\\r\\nℹ️ Recommendations \\r\\nDisable IMAP on all mailboxes except those which needs to use this protocol. Set the authentication to SecureLogin or at least to PlainTextAuthentication and configure the application accordingly.\\r\\n\\r\\nIf the application is not able to perform this type of authentication:\\r\\n- Ensure that IMAP is disable on all the mailboxes except those who really need it \\r\\n- Monitor the connection\\r\\n- Regularly, change the password of the application\\r\\n\\r\\nRecommended Reading : \\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/aa997188(v=exchg.141).aspx \\\" target=\\\"_blank\\\">Configuring Authentication for POP3 and IMAP4</a>\\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/aa998252(v=exchg.160).aspx\\\" target=\\\"_blank\\\"> Set-IMAPSettings</a>\\r\\n\\r\\n\\r\\n\\r\\nIn order to track mailboxes that are currently using IMAP\\r\\n- Enable IMAP logging\\r\\n- Set-IMAPSettings -Server SRV1  -ProtocolLogEnabled verbose\\r\\n- Several weeks later, analyze the log content\\r\\n- Default location :  Get-IMAPSettings -server SRV1 | fl server,*log*\\r\\n- Check for connection and authentication\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"IMAPHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"IMAPSettings\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| join kind = leftouter(ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangeIMAP4\\\")\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString\\r\\n| join (ExchangeConfiguration(SpecificSectionList=\\\"POPIMAPServicesStatus\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name contains (\\\"MSExchangeIMAP4BE\\\" )\\r\\n| project ServerName= tostring(CmdletResultValue.Server), ServiceName=CmdletResultValue.Name, Status=CmdletResultValue.StatusString,StartupType=CmdletResultValue.StartTypeString) on ServerName) on ServerName\\r\\n| extend ServerName =  tostring(CmdletResultValue.Server.Name)\\r\\n| extend LoginType =  iff(CmdletResultValue.LoginType== 1 , \\\"⛔ PlainText, High Risk\\\", iff(CmdletResultValue.LoginType== 2, \\\"⚠️ PlainTextAuthentication\\\",\\\"✅ SecureLogin\\\"))\\r\\n| extend ProtocolLogEnabled =  tostring(CmdletResultValue.ProtocolLogEnabled)\\r\\n| extend ServiceName =  iff(tostring(ServiceName)==\\\"\\\", \\\"Service Status not retrieved\\\",tostring(ServiceName))\\r\\n| extend Status =  tostring(Status)\\r\\n| extend BackendEndService=  tostring(ServiceName1)\\r\\n| extend StartupType =  tostring(StartupType)\\r\\n| extend BEStatus =  tostring(Status1)\\r\\n| extend BEStartupType =  tostring(StartupType1)\\r\\n| project ServerName,LoginType,ServiceName,Status,StartupType,BackendEndService,BEStatus,BEStartupType,ProtocolLogEnabled\\r\\n| sort by ServerName asc\",\"size\":1,\"showAnalytics\":true,\"title\":\"IMAP Authentication  : should not be set as Plaintext\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LoginType\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"LoginType\"],\"finalBy\":\"LoginType\"}}},\"name\":\"IMAPSettingsQuery\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Nonstandard permissions on Configuration Partitions\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section highlights nonstandard permissions on Configuration Partition for Exchange container. By selecting Yes for Generic All buttom only delegation set for Generic All will be display. Standard, Deny and inherited permissions have been removed\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"During the lifetime of an Exchange Organization, many permissions may have been set on Exchange containers in the Configuration Partition.\\r\\nThis section displayed all the nonstandard permissions found on the most important Exchange containers :\\r\\n - Groups from legacy Exchange versions (Exchange Enterprise Servers, Exchange Domain Servers,...)\\r\\n - SID for deleted accounts\\r\\n - Old service accounts (that may not have been disabled or removed...)\\r\\n \\r\\nWhen an administrator run setup /prepareAD, his account will be granted Generic All at the top-level Exchange container\\r\\n\\r\\nBy default, this section only displayed the Generic All permissions.\\r\\n \\r\\nThis section is built by removing all the standard AD and Exchange groups.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/exchange-2013-deployment-permissions-reference-exchange-2013-help\\\" target=\\\"_blank\\\"> Exchange 2013 deployment permissions reference</a>\\r\\n \\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"80f9134a-420f-47c9-b171-1ca8e72efa3e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"GenericAll\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }\\r\\n]\"},{\"id\":\"29e2005c-3bd4-4bb8-be63-053d11abe1d4\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NonStandardPermissions\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\", \\\"selected\\\":true  },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Authenticated Users\\\", \\\"Domain Admins\\\",  \\\"Enterprise Admins\\\",\\\"Schema Admins\\\", \\\"Exchange Trusted Subsystem\\\", \\\"Exchange Servers\\\",\\\"Organization Management\\\", \\\"Public Folder Management\\\",\\\"Delegated Setup\\\", \\\"ANONYMOUS LOGON\\\", \\\"NETWORK SERVICE\\\", \\\"SYSTEM\\\", \\\"Everyone\\\",\\\"Managed Availability Servers\\\"]);\\r\\nlet Exchsrv =ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| summarize make_list(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"PartConfPerm\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.Deny !contains \\\"True\\\" and CmdletResultValue.IsInherited !contains \\\"True\\\"\\r\\n| where (CmdletResultValue.AccessRights == \\\"[983551]\\\") in ({GenericAll})\\r\\n| where not (CmdletResultValue.UserString has_any (StandardGroup)) in ({NonStandardPermissions})\\r\\n| where not (CmdletResultValue.UserString has_any (Exchsrv))in ({NonStandardPermissions})\\r\\n| extend Name =  tostring(CmdletResultValue.Identity.Name)\\r\\n| extend Account =  tostring(CmdletResultValue.UserString )\\r\\n| extend AccessRights =  iff (tostring(CmdletResultValue.AccessRightsString) contains \\\"GenericAll\\\", strcat (\\\"❌ \\\",tostring(CmdletResultValue.AccessRightsString)), tostring(CmdletResultValue.AccessRightsString))\\r\\n| extend ExtendedRights =   iff (tostring(CmdletResultValue.ExtendedRightsString) contains \\\"-As\\\", strcat (\\\"❌ \\\",tostring(CmdletResultValue.ExtendedRightsString)), tostring(CmdletResultValue.ExtendedRightsString))\\r\\n| extend InheritanceType =  tostring(CmdletResultValue.InheritanceType)\\r\\n| extend DN = tostring(CmdletResultValue.Identity.DistinguishedName)\\r\\n| project-away CmdletResultValue\\r\\n| sort by DN desc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"AccessRights\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"AccessRights\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Nonstandard permissions on Configuration Partitions\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"SecConf\"},\"name\":\"Security Configuration for the Exchange environment\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays important security configurations that allow access to all or partial mailboxes' content  - Direct delegations are not listed -  Example : <br>\\r\\n- Permissions Full Access  \\r\\n- Permission on mailboxes folders\\r\\n\"},\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n//| where CmdletResultValue.Name !contains \\\"Deleg\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and  CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\"\\r\\n| where CmdletResultValue.Name !contains \\\"Deleg\\\" \\r\\n| where CmdletResultValue.RoleAssigneeName !in (\\\"Hygiene Management\\\",\\\"Exchange Online-ApplicationAccount\\\",\\\"Discovery Management\\\")\\r\\n| where CmdletResultValue.Role.Name contains \\\"Export\\\" or CmdletResultValue.Role.Name contains \\\"Impersonation\\\" or (CmdletResultValue.Role.Name contains \\\"Search\\\" and CmdletResultValue.Role.Name !contains \\\"MailboxSearchApplication\\\")\\r\\n| summarize dcount(tostring(CmdletResultValue.RoleAssigneeName)) by role=tostring(CmdletResultValue.Role.Name)\",\"size\":1,\"showAnalytics\":true,\"title\":\"Number of delegations for sensitive RBAC roles\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"role\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_RoleAssigneeName\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"role\",\"sortOrderField\":1}},\"name\":\"MRAQuery\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Application Impersonation Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows the delegated account to access and modify the content of every mailboxes using EWS.\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**ApplicationImpersonation** is a RBAC role that allows access (read and modify) to the content of all mailboxes using EWS. \\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nIt should be carefully delegated. When a delegation is necessary, RBAC scopes should be configured to limit the list of impacted mailboxes.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/applicationimpersonation-role-exchange-2013-help\\\" target=\\\"_blank\\\">Help for the role Application Impersonation</a>\\r\\n\\r\\nIt is common (but not recommended) to see service accounts from backup solution, antivirus software, MDM... with this delegation.\\r\\n\\r\\nNote that the default configuration to the group Hygiene Management is excluded. This group is a sensitive group. Remember to monitor the content of this group.\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList})\\r\\n| where CmdletResultValue.Role.Name contains \\\"Impersonation\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n//| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Application Impersonation Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Import Export Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to export the content all  mailboxes in a scope in PST file.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Import Export**  is a RBAC role that allows an account to export the content of any maibox in a PST. It also allows search in all mailboxes.\\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nBy default, this role is not delegated to any user or group. The members of the group Organization Management by default do not have this role but are able to delegate it.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mailbox-import-export-role-exchange-2013-help\\\" target=\\\"_blank\\\">Help for the role Mailbox Import Export</a>\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n- create an empty group with this delegation\\r\\n- monitor the group content and  alert when the group modified\\r\\n- add administrators in this group only for a short period of time.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ExportRoleHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Name contains \\\"export\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, RoleAssigneeType,Status, CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Import Export Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Search Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to search inside all or in a scope of mailboxes and export the result in PST.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\nExchange Online-ApplicationAccount\\r\\nDiscovery Management has been excluded\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Search** is an RBAC role that allows an account to search in any mailbox and export the results to a PST.\\r\\n\\r\\n⚡ This role is very powerful.\\r\\n\\r\\nBy default, this role is only delegated to the group Discovery Management. The members of the group Organization Management do not have this role but are able to delegate it.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mailbox-search-role-exchange-2013-help\\\" target=\\\"_blank\\\">Help for the role Mailbox Search</a>\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n\\r\\n- add the administrators in the Discovery Management group\\r\\n- monitor the group content and alert when the group modified\\r\\n- add administrators in this group only for a short period of time\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SearchRBACHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Role.Name contains \\\"search\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| where CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\"\\r\\n| extend RoleAssigneeType = case(CmdletResultValue.RoleAssigneeType== \\\"0\\\" or CmdletResultValue.RoleAssigneeType== \\\"2\\\" , \\\"User\\\", CmdletResultValue.RoleAssigneeType== \\\"10\\\",\\\"Group\\\",\\\"LinkedGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope.Name)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope.Name)\\r\\n| extend RecipientWriteScope = case(CmdletResultValue.RecipientWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.RecipientWriteScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientWriteScope==\\\"3\\\",\\\"MyGAL\\\", CmdletResultValue.RecipientWriteScope==\\\"4\\\",\\\"Self\\\",CmdletResultValue.RecipientWriteScope==\\\"7\\\", \\\"CustomRecipientScope\\\",CmdletResultValue.RecipientWriteScope==\\\"8\\\",\\\"MyDistributionGroups\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigWriteScope = case(CmdletResultValue.ConfigWriteScope==\\\"0\\\",\\\"None\\\",CmdletResultValue.ConfigWriteScope==\\\"7\\\",\\\"CustomConfigScope\\\",CmdletResultValue.ConfigWriteScope==\\\"10\\\",\\\"OrganizationConfig\\\",\\\"NotApplicable\\\")\\r\\n| extend ConfigReadScope = iff(CmdletResultValue.ConfigReadScope == \\\"0\\\" , \\\"None\\\", \\\"OrganizationConfig\\\")\\r\\n| extend RecipientReadScope = case(CmdletResultValue.RecipientReadScope==\\\"2\\\",\\\"Organization\\\",CmdletResultValue.RecipientReadScope==\\\"3\\\",\\\"MyGAL\\\",CmdletResultValue.RecipientReadScope==\\\"4\\\",\\\"Self\\\",\\\"NotApplicable\\\")\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssignmentDelegationType = iff(CmdletResultValue.RoleAssignmentDelegationType ==\\\"6\\\" , \\\"Delegating\\\", \\\"Regular\\\") \\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",tostring(CmdletResultValue.RoleAssigneeName)), strcat(\\\"👪 \\\", tostring(CmdletResultValue.RoleAssigneeName)) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope, CustomConfigWriteScope, RecipientWriteScope, ConfigWriteScope, ConfigReadScope, RecipientReadScope, ManagementRoleAssignement, RoleAssignmentDelegationType, WhenCreated, WhenChanged\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Search Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"ReceiveAs/SendAs  Extended Right on databases\",\"items\":[{\"type\":1,\"content\":{\"json\":\"These are delegations at the database level.\\r\\n\\r\\n**Receive As Extended Right on database's objects in the Configuration**\\r\\n\\r\\nWhen an account has **ReceiveAs** permissions on a database's object, it can open and view the content of any mailboxes on that database.\\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/library/bb123879(v=exchg.80).aspx\\\" target=\\\"_blank\\\">Help for Receive As Permission</a>\\r\\n\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nDo not set this permission on databases. When an application requires this permission, ensure that the application account’s password is well protected and known by a very limited number of person.Change the password as often as possible.\\r\\n\\r\\n**Send As Extended Right on database objects in the Configuration**\\r\\n\\r\\n\\r\\nWhen an account has **SendAs** permissions on a database's object, it can send messages from all the mailboxes contained in this database. The messages that are sent from a mailbox will appear as if the mailbox owner sent them.\\r\\n\\r\\n<a href=\\\"https://technet.microsoft.com/ library/bb123879(v=exchg.80).aspx\\\" target=\\\"_blank\\\">Help for Send As Permission</a>\\r\\n\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nDo not set this permission on databases. When an application requires this permission, ensure that the application account’s password is well protected and known by a very limited number of person.Change the password as often as possible.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SendAsHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseReceiveAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| union ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseSendAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| summarize dcount(tostring(CmdletResultValue.UserString)) by iff( tostring(Section) contains \\\"MailboxDatabaseReceiveAs\\\",\\\"ReceiveAs Unique Acct\\\",\\\"SendAs Unique Acct\\\")\",\"size\":1,\"showAnalytics\":true,\"title\":\"Number of accounts with ReceiveAs/SendAs delegations\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Column1\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_UserString\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"Column1\",\"sortOrderField\":1}},\"customWidth\":\"50\",\"name\":\"ReceiveAsUsersTiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseReceiveAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| union ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseSendAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| summarize dcount(tostring(CmdletResultValue.Identity.Name)) by iff( tostring(Section) contains \\\"MailboxDatabaseReceiveAs\\\",\\\"ReceiveAs Unique DB\\\",\\\"SendAs Unique DB\\\")\",\"size\":1,\"showAnalytics\":true,\"title\":\"ReceiveAs/SendAs database delegations\",\"color\":\"purple\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Column1\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_Identity_Name\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"Column1\",\"sortOrderField\":1}},\"customWidth\":\"50\",\"name\":\"ReceiveAsTiles\",\"styleSettings\":{\"margin\":\"25\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseReceiveAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| extend Account = tostring(CmdletResultValue.UserString)\\r\\n| extend DatabaseName = tostring(CmdletResultValue.Identity.Name)\\r\\n| summarize Count =count() by Account,DatabaseName\\r\\n| project Account,Count,DatabaseName\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"ReceiveAs Extended Right on databases\",\"noDataMessage\":\"No Receive-As delegation\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Account\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\",\"aggregation\":\"Sum\"}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Account\"],\"finalBy\":\"Account\"},\"sortBy\":[{\"itemKey\":\"$gen_count_$gen_group_0\",\"sortOrder\":1}],\"labelSettings\":[{\"columnId\":\"Account\",\"comment\":\"Account and the number of databases on which it has delegation \"}]},\"sortBy\":[{\"itemKey\":\"$gen_count_$gen_group_0\",\"sortOrder\":1}]},\"customWidth\":\"50\",\"name\":\"MailboxDatabaseReceiveAsGrid\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MailboxDatabaseSendAs\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue <> \\\"{'Error':'EmptyResult'}\\\"\\r\\n| extend Account = tostring(CmdletResultValue.UserString)\\r\\n| extend DatabaseName = tostring(CmdletResultValue.Identity.Name)\\r\\n| summarize Count =count() by Account, DatabaseName\\r\\n| project Account, Count, DatabaseName\",\"size\":1,\"showAnalytics\":true,\"title\":\"SendAs Extended Right on databases\",\"noDataMessage\":\"No Send-As delegation\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Account\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\",\"aggregation\":\"Sum\",\"compositeBarSettings\":{\"labelText\":\"\"}}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Account\"],\"finalBy\":\"Account\"},\"labelSettings\":[{\"columnId\":\"Account\",\"comment\":\"Account and the number of databases on which it has delegation \"}]}},\"customWidth\":\"50\",\"name\":\"MailboxDatabaseSendAsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ReceiveSendAs\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Delegation\"},\"name\":\"Importantsecurityconfiguration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Local Administrators\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The following section will display the content of the local Administrators group for each server\\r\\n\\r\\n** When content refer to groups from other forests, none or partial information will be displayed and the number of Administrators may be inconsistent. **\\r\\n\\r\\nMost of the sections display the same information  but with differents sorting, displays...\"},\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"Only Exchange administrators should be members of the local Administrators group of Exchange servers.\\r\\n\\r\\nYou need to review  the content of the local Administrators group on a regular basis.\\r\\n\\r\\nIt is considered a high security risk to have a discrepancy of members between the servers. \\r\\n\\r\\nIt is not recommended to have more than one local administrator accounts. Furthermore, the password should be unique on each server and regularly changed. A solution like LAPS could be used to manage the local administrator password.\\r\\n\\r\\nOnly Exchange administrators should be able to logon on Exchange servers.\\r\\n\\r\\nHere the default content of the local Administrators group for an Exchange server \\r\\n:\\r\\n- Administrator (this account can be renamed)\\r\\n- Domain Admins\\r\\n- Exchange Trusted Subsystem\\r\\n- Organization Management\\r\\n\\r\\n**Service accounts should not be members of the local Administrators group**. If it is necessary, you need to ensure that the account is dedicated to Exchange. If the service account opens sessions on other servers, it can be used for lateral movements. \\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"LocalAdminsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"dfffbaa4-5888-41c2-b039-dafb6110260c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Limited\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 7\"},{\"type\":1,\"content\":{\"json\":\"**Top 10 servers with high number of unique local Administrators members**\"},\"name\":\"text - 13\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup)) in ({Limited})\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| where ObjectClass !contains \\\"group\\\"\\r\\n| summarize dcount(MemberPath) by Parentgroup\\r\\n| top 10 by dcount_MemberPath\\r\\n| sort by dcount_MemberPath\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false}},\"name\":\"query - 9\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Click to see number of unique members for all servers\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"Number of unique members for all servers\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup)) in ({Limited})\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| where ObjectClass !contains \\\"group\\\"\\r\\n| summarize dcount(MemberPath) by Parentgroup\\r\\n| sort by dcount_MemberPath\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false}},\"name\":\"query - 9 - Copy\"}]},\"name\":\"All servers number of members\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let allsrv = ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") | where \\r\\nCmdletResultValue.IsMailboxServer== true | extend Name=tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") \\r\\n| where CmdletResultValue.Level == 1\\r\\n| project CmdletResultValue\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Name = tostring(trim_end(@'\\\\\\\\Local Administrators', tostring(CmdletResultValue.Parentgroup)))\\r\\n| distinct Name\\r\\n| project Name\\r\\n| join kind=rightanti (allsrv) on Name\\r\\n| project CmdletResultValue.Name\",\"size\":4,\"title\":\"Servers not reachable\",\"noDataMessage\":\"All server were successfully analyzed\",\"noDataMessageStyle\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"CmdletResultValue_Name\",\"formatter\":1,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},\"showBorder\":true}},\"name\":\"query - 9 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.ServerRole <> 64\\r\\n| count\\r\\n\",\"size\":4,\"title\":\"Number of servers\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"query - 9 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level == 1\\r\\n| project CmdletResultValue\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators', tostring(CmdletResultValue.Parentgroup))\\r\\n| distinct Parentgroup = Parentgroup\\r\\n| count \",\"size\":4,\"title\":\"Number of Analyzed servers\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"query - 9 - Copy - Copy - Copy\"},{\"type\":1,\"content\":{\"json\":\"This view shows each nonstandard user account that is member (directly or by a group) of the local Administrators group per server.\\r\\n\\r\\nConsider reviewing:\\r\\n- **nonstandard members** the Memberpath help to understand from which group the user comprised\\r\\n- **inconsistent memebrs** across servers\\r\\n\\r\\nNote that content from Trusted forests might not be displayed. \",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"LocalAdminPerServersHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0 \\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup))\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastPwdSet = tostring(CmdletResultValue.LastPwdSetString)\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| summarize Count=count() by MemberPath,Parentgroup,Level,ObjectClass,LastLogon,LastPwdSet,Enabled,DN\\r\\n| project  Parentgroup = strcat(\\\"💻  \\\",Parentgroup),Count,MemberPath,Level,ObjectClass,LastLogon,LastPwdSet,Enabled,DN\\r\\n| sort by Parentgroup asc \",\"size\":1,\"showAnalytics\":true,\"title\":\" Total Non standard Groups and accounts including nested groups\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Parentgroup\",\"formatter\":5,\"formatOptions\":{\"aggregation\":\"Count\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\",\"aggregation\":\"Sum\"}}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"Parentgroup\"],\"finalBy\":\"Parentgroup\"},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}],\"labelSettings\":[{\"columnId\":\"Parentgroup\",\"label\":\"Server\"}]},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"name\":\"LocalAdminPerServers\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level == 1\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup))\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend MemberPath = case( ObjectClass == \\\"group\\\", strcat( \\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat( \\\"💻 \\\", MemberPath), strcat( \\\"🧑‍🦰 \\\", MemberPath) )\\r\\n| project-away  CmdletResultValue\\r\\n//| summarize Count=count(), Servers=make_set(Parentgroup) by MemberPath\\r\\n| summarize Count=count() by MemberPath,Parentgroup \\r\\n| sort by Count desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Non Standard accounts summary\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Group\",\"formatter\":1},{\"columnMatch\":\"MemberPath\",\"formatter\":5},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Member\",\"formatter\":1}],\"rowLimit\":10000,\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"MemberPath\"],\"expandTopLevel\":false},\"labelSettings\":[{\"columnId\":\"MemberPath\",\"label\":\"MemberPath\"},{\"columnId\":\"Parentgroup\",\"label\":\"Servers\"},{\"columnId\":\"Count\",\"label\":\"Nb Servers\"}]}},\"name\":\"LocalAdminCount\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"##### Select a server to display its content\\r\\n\\r\\nBy default only the non-standard members are displayed. \\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"19e606d9-7f3e-4d2f-a314-892da571e50a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level == 1\\r\\n| project CmdletResultValue\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators', tostring(CmdletResultValue.Parentgroup))\\r\\n| distinct Parentgroup = Parentgroup\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"05ef4f1c-4cf4-406f-9fb2-9ee30dc93abd\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Limited\",\"label\":\"Show only nonstandard members\",\"type\":10,\"description\":\"Show only non standard members\",\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }\\r\\n]\",\"value\":\"True\"},{\"id\":\"901bf975-426f-486b-82de-ff0d64f139bb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"2f7a613f-8749-44c9-b8be-844964badef8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let StandardGroup = dynamic([\\\"Administrator\\\", \\\"Domain Admins\\\",\\\"Exchange Trusted Subsystem\\\",\\\"Organization Management\\\", \\\"Admins du domaine\\\"]);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"LocalAminGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Level != 0 \\r\\n| where CmdletResultValue.Parentgroup contains \\\"{Server}\\\"\\r\\n| where not (CmdletResultValue.MemberPath has_any (StandardGroup)) in ({Limited})\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = trim_end(@'\\\\\\\\Local Administrators',tostring(CmdletResultValue.Parentgroup))\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ Never logged\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(365d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ Password never set\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n | extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by MemberPath asc\\r\\n| project-away Parentgroup\",\"size\":1,\"showAnalytics\":true,\"title\":\"Local Administrators group content\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"conditionalVisibility\":{\"parameterName\":\"Server\",\"comparison\":\"isNotEqualTo\",\"value\":\"\"},\"name\":\"AdGroups\",\"styleSettings\":{\"showBorder\":true}}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Server\"},\"name\":\"Local Administrators\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange and AD GRoup\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays the content of high privilege groups in Exchange and AD.\"},\"name\":\"text - 7\"},{\"type\":1,\"content\":{\"json\":\"The **Exchange Trusted Subsystem** group is one the two most sensistive groups in Exchange. This group has all privileges in Exchange and very high privileges in AD.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/exchange-2013-deployment-permissions-reference-exchange-2013-help\\\" target=\\\"_blank\\\">Exchange 2013 deployment permissions reference</a>\\r\\n\\r\\nThis group should only contains computer accounts for each Exchange servers. When the DAG has an IP and a CNO, it is acceptable to have the DAG's computer account.\\r\\n\\r\\nThis section only shows direct nonstandard members.\",\"style\":\"info\"},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ExchangeTrustedSubsystemHelp\"},{\"type\":1,\"content\":{\"json\":\"The **Exchange Windows Permissions** group is one the two most sensistive groups in Exchange. This group has very high privileges in AD.\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/exchange-2013-deployment-permissions-reference-exchange-2013-help\\\" target=\\\"_blank\\\">Exchange 2013 deployment permissions reference</a>\\r\\n\\r\\nThis group should only contains the group Exchange Trusted SubSystem. This section only shows direct nonstandard members. \",\"style\":\"info\"},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"WindowsPermissionGroupTileHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETSValidcontent = union kind=outer (ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(CmdletResultValue.Name)), (ExchangeConfiguration(SpecificSectionList=\\\"DAG\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(Identity));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ETS\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETSValidcontent)\\r\\n| summarize MyCount=countif( CmdletResultType == \\\"Success\\\") by CmdletResultType\\r\\n| project   Result = iff ( CmdletResultType == \\\"Success\\\", tostring(MyCount), \\\"\\\")\",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Trusted SubSystem group nonstandard member count\",\"noDataMessage\":\"Content of group as Expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"CmdletResultValue_Name\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Result\",\"formatter\":12,\"formatOptions\":{\"palette\":\"hotCold\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3},\"emptyValCustomText\":\"ScriptError\"}},\"showBorder\":true}},\"customWidth\":\"50\",\"name\":\"ExchangeServersTileGroup1Query\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETScontent = ExchangeConfiguration(SpecificSectionList=\\\"ETS\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") | project Name = tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"EWP\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETScontent) and CmdletResultValue.Name != \\\"Exchange Trusted Subsystem\\\"\\r\\n| extend Result = iff ( CmdletResultType == \\\"Success\\\", \\\"\\\", \\\"Error in the script unable to retrieve value\\\")\\r\\n| summarize MyCount=countif( CmdletResultType == \\\"Success\\\") by CmdletResultType\\r\\n| project   Result = iff ( CmdletResultType == \\\"Success\\\", tostring(MyCount), \\\"\\\")\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Windows Permissions group direct nonstandard members (Exchange Trusted subsystem non standard content not included)\",\"noDataMessage\":\"Content of group as expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"CmdletResultValue_Name\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Result\",\"formatter\":12,\"formatOptions\":{\"palette\":\"hotCold\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3},\"emptyValCustomText\":\"ScriptError\"}},\"showBorder\":true}},\"customWidth\":\"50\",\"name\":\"ExchangeServersTileGroup2Query\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange Windows Permissions direct nonstandard content (Exchange Trusted subsystem non standard content not included)\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETSValidcontnet = union kind=outer (ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(CmdletResultValue.Name)), (ExchangeConfiguration(SpecificSectionList=\\\"DAG\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")| project Name = tostring(Identity));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ETS\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETSValidcontnet)\\r\\n//| extend Name = strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name))\\r\\n| extend Name = iff(CmdletResultType == \\\"Success\\\", strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name)),\\\"Script was unable to retrieve data\\\")\\r\\n| project Name \",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Trusted SubSystem nonstandard content\",\"noDataMessage\":\"Content of Exchange Trusted SubSystem as Expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000}},\"customWidth\":\"50\",\"name\":\"ETSDetails\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let ETScontent = ExchangeConfiguration(SpecificSectionList=\\\"ETS\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") | project Name = tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"EWP\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Name !in (ETScontent) and CmdletResultValue.Name != \\\"Exchange Trusted Subsystem\\\"\\r\\n//| extend Name = strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name))\\r\\n| extend Name = iff(CmdletResultType == \\\"Success\\\", strcat (\\\"⛔\\\",tostring(CmdletResultValue.Name)),\\\"Script was unable to retrieve data\\\")\\r\\n| project Name \",\"size\":1,\"showAnalytics\":true,\"title\":\"Exchange Windows Permissions direct nonstandard content (Exchange Trusted subsystem non standard content not included)\",\"noDataMessage\":\"Content of Exchange Windows Permissions as Expected\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"WindowsPermissionsQuery\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ETS and WP Grids\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange groups from old Exchange version\",\"items\":[{\"type\":1,\"content\":{\"json\":\"ℹ️ Recommendations\\r\\n\\r\\n- Groups from old Exchange version should have been removed\\r\\n- List of old groups \\r\\n\\t- Exchange Organization Administrators\\r\\n\\t- Exchange Recipient Administrators\\r\\n\\t- Exchange Public Folder Administrators\\r\\n\\t- Exchange Server Administrator\\r\\n\\t- Exchange View-Only Administrator\\r\\n\\t- Exchange Enterprise Servers (located in the root domain)\\r\\n\\t- Exchange Domain Servers : one group per domain\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/built-in-role-groups-exchange-2013-help\\\" target=\\\"_blank\\\">Help for Built-in role groups</a>\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\r\\nlet OldVGroup = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")| where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" or  CmdletResultValue.Parentgroup == \\\"Exchange Services\\\"| extend Parentgroup = tostring(CmdletResultValue.Parentgroup));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") \\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where CmdletResultValue.Parentgroup in (\\\"Exchange Organization Administrators\\\", \\\"Exchange Recipient Administrators\\\", \\\"Exchange Public Folder Administrators\\\", \\\"Exchange Server Administrator\\\", \\\"Exchange View-Only Administrator\\\") |union OldVGroup\\r\\n| where CmdletResultValue.Level != 0 and CmdletResultValue.ObjectClass !contains \\\"group\\\"\\r\\n| extend MemberPath= tostring(split(tostring(CmdletResultValue.MemberPath), \\\"\\\\\\\\\\\")[countof(tostring(CmdletResultValue.MemberPath), \\\"\\\\\\\\\\\")])\\r\\n| summarize dcount(tostring(MemberPath)) by Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| sort by dcount_MemberPath\\r\\n\\r\\n\\r\\n\",\"size\":4,\"showAnalytics\":true,\"noDataMessage\":\"No groups from old versions found\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true}},\"name\":\"query - 0\"}]},\"name\":\"ExchangeGroupsList\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Expand details on the content of old groups\",\"expandable\":true,\"expanded\":false,\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b4b7a6ad-381a-48d6-9938-bf7cb812b474\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"let OldVGroup = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")| where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" or  CmdletResultValue.Parentgroup == \\\"Exchange Services\\\"| extend Parentgroup = tostring(CmdletResultValue.Parentgroup));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\") \\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where CmdletResultValue.Parentgroup in (\\\"Exchange Organization Administrators\\\", \\\"Exchange Recipient Administrators\\\", \\\"Exchange Public Folder Administrators\\\", \\\"Exchange Server Administrator\\\", \\\"Exchange View-Only Administrator\\\") |union OldVGroup\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Parentgroup)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a695df39-1965-479a-ad0f-b4d3d168aaed\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\\r\\n\"},{\"id\":\"2d69bad8-0904-467a-86e6-cb0923520c18\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"Old Exchange groups content  groups (Extract for the OU \\\"Microsoft Exchange Security Groups\\\").\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let OldVGroupEES = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\", SpecificConfigurationEnv={EnvironmentList}, Target = \\\"On-Premises\\\")\\r\\n    | where (CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" and CmdletResultValue.MemberPath != @\\\"Exchange Enterprise Servers\\\\Exchange Domain Servers\\\")  or CmdletResultValue.Parentgroup == \\\"Exchange Services\\\"\\r\\n    | extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n    | extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n    | extend DN = tostring(CmdletResultValue.DN)\\r\\n    | extend Level = tostring(CmdletResultValue.Level)\\r\\n    | extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n    | extend Enabled = tostring(CmdletResultValue.Enabled) );\\r\\nlet OldVGroupEDS = (ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='B13', Target = \\\"On-Premises\\\")\\r\\n    | where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\" and CmdletResultValue.Level ==0\\r\\n    | extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| mv-expand CmdletResultValue.Members\\r\\n| where CmdletResultValue_Members.objectClass == \\\"group\\\"\\r\\n| project Parentgroup, MemberPath= strcat(Parentgroup,\\\"\\\\\\\\\\\", CmdletResultValue_Members.name), Level = tostring(1), ObjectClass = tostring(CmdletResultValue_Members.objectClass), DN = tostring(CmdletResultValue_Members.DistinguishedName), ObjectGuid = tostring(CmdletResultValue_Members.ObjectGuid)| join kind=inner ( ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='B13', Target = \\\"On-Premises\\\")\\r\\n    | where CmdletResultValue.Parentgroup == \\\"Exchange Enterprise Servers\\\"\\r\\n    | extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n    | extend ObjectGuid = tostring(CmdletResultValue.ObjectGuid)) on ObjectGuid) ;\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='B13', Target = \\\"On-Premises\\\") \\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where CmdletResultValue.Parentgroup in (\\\"Exchange Organization Administrators\\\", \\\"Exchange Recipient Administrators\\\", \\\"Exchange Public Folder Administrators\\\", \\\"Exchange Server Administrator\\\", \\\"Exchange View-Only Administrator\\\")\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| union OldVGroupEES,OldVGroupEDS\\r\\n| search CmdletResultValue.Parentgroup == \\\"{Group}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago(0d) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago(0d) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| sort by tostring(CmdletResultValue.MemberPath) asc \\r\\n| where CmdletResultValue.Level != 0\\r\\n//| extend DN = tostring(CmdletResultValue.DN)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass == \\\"group\\\" or ObjectClass == \\\"computer\\\" or ObjectClass == \\\"Local User\\\" or ObjectClass == \\\"computer\\\", \\\"N/A\\\", iif (todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString, iff (LastLogon == \\\"\\\", \\\"❌ Never logged\\\", strcat(\\\"❌\\\", LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass == \\\"group\\\" or ObjectClass == \\\"computer\\\" or ObjectClass == \\\"Local User\\\" or ObjectClass == \\\"computer\\\", \\\"N/A\\\", iif (todatetime (CmdletResultValue.LastPwdSetString) > ago(366d), CmdletResultValue.LastPwdSetString, iff (LastPwdSet == \\\"\\\", \\\"❌ Password never set\\\", strcat(\\\"❌\\\", LastPwdSet))))\\r\\n| extend MemberPath = case(ObjectClass == \\\"group\\\", strcat(\\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat(\\\"💻 \\\", MemberPath), strcat(\\\"🧑‍🦰 \\\", MemberPath))\\r\\n| project Parentgroup, MemberPath, Level, ObjectClass,LastLogon, LastPwdSet ,Enabled,DN\\r\\n\",\"size\":1,\"showAnalytics\":true,\"noDataMessage\":\"The query returned no results.\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletResultValue\",\"formatter\":5},{\"columnMatch\":\"Parentgroup\",\"formatter\":5},{\"columnMatch\":\"LastPwdSet\",\"formatter\":0,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"ParentId\",\"formatter\":5},{\"columnMatch\":\"Id\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true}},\"showPin\":true,\"name\":\"ExchangeServersGroupsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"group - 5\"}]},\"name\":\"Exchange group from old Exchange versions\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"ℹ️ Recommendations\\r\\n\\r\\n- Ensure that no service account are a member of the high privilege groups. Use RBAC to delegate the exact required permissions.\\r\\n- Limit the usage of nested group for administration.\\r\\n- Ensure that accounts are given only the required pernissions to execute their tasks.\\r\\n- Use just in time administration principle by adding users in a group only when they need the permissions, then remove them when their operation is over.\\r\\n- Limit the number of Organization management members. When you review the Admin Audit logs you might see that the administrators rarely needed Organization Management privileges.\\r\\n- Monitor the content of the following groups:\\r\\n  - Organization Management\\r\\n  - Recipient Management (Member of this group have at least the following rights : set-mailbox, Add-MailboxPermission)\\r\\n  - Discovery Management\\r\\n  - Server Management\\r\\n  - Hygiene Management\\r\\n  - Exchange Servers\\r\\n  - Exchange Trusted Subsystem  \\r\\n  - Exchange Windows Permissions\\r\\n  - xxx High privilege group (not an exhaustive list)\\r\\n  - All RBAC groups that have high roles delegation\\r\\n  - All nested groups in high privileges groups\\r\\n  - Note that this is not a complete list. The content of all the groups that have high privileges should be monitored.\\r\\n- Each time a new RBAC group is created, decide if the content of this groups should be monitored\\r\\n- Periodically review the members of the groups\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/built-in-role-groups-exchange-2013-help\\\" target=\\\"_blank\\\">Help for Built-in role groups</a>\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Summary content of most important groups\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.Level != 0 and CmdletResultValue.ObjectClass !contains \\\"group\\\"\\r\\n| extend MemberPath= tostring(split(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")[countof(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")])\\r\\n| summarize dcount(tostring(MemberPath)) by Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| where Parentgroup in  (\\\"Organization Management\\\", \\\"Compliance Management\\\", \\\"Discovery Management\\\", \\\"Server Management\\\", \\\"Recipient Manangement\\\",\\\"Security Administrator\\\", \\\"Hygiene Management\\\", \\\"Public Folder Manangement\\\", \\\"Records Manangement\\\") or Parentgroup contains \\\"Impersonation\\\" or Parentgroup contains \\\"Export\\\"\\r\\n| sort by dcount_MemberPath\\r\\n\\r\\n\",\"size\":4,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true}},\"name\":\"query - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Expand for summary content for all groups located in the OU Exchange Security Groups\",\"expandable\":true,\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.Level != 0 and CmdletResultValue.ObjectClass !contains \\\"group\\\"\\r\\n| extend MemberPath= tostring(split(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")[countof(tostring(CmdletResultValue.MemberPath),\\\"\\\\\\\\\\\")])\\r\\n| summarize dcount(tostring(MemberPath)) by Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| sort by dcount_MemberPath desc\\r\\n\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"OU Exchange Security Groups\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Parentgroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_MemberPath\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true}},\"showPin\":false,\"name\":\"query - 0 - Copy\"}]},\"name\":\"All groups\"}]},\"name\":\"ExchangeGroupsList\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b4b7a6ad-381a-48d6-9938-bf7cb812b474\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Trusted Subsystem\\\"\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Windows Permissions\\\"\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Parentgroup)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"showExportToExcel\":true,\"showAnalytics\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"f3b935d7-b78f-41d2-94bc-f8c878a13260\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon >\",\"type\":10,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"3343688f-e609-4822-b4ed-cdd50b77d948\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set >\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"Exchange groups content (Extract for the OU \\\"Microsoft Exchange Security Groups\\\").\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| search CmdletResultValue.Parentgroup == \\\"{Group}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| sort by tostring(CmdletResultValue.MemberPath) asc \\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| sort by MemberPath asc\\r\\n//| extend MemberPath = case( ObjectClass == \\\"group\\\", strcat( \\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat( \\\"💻 \\\", MemberPath), strcat( \\\"🧑‍🦰 \\\", MemberPath) )\\r\\n| project-away CmdletResultValue,Parentgroup\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"MemberPath\",\"sortOrder\":1}]},\"name\":\"ExchangeServersGroupsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Exchange group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"AD Group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"High privileges AD groups can take control of Exchange by adding any accounts in the Exchange groups.\\r\\n\\r\\nNote that the members of the Account Operators are able to manage every AD group (except those protected by AdminSDHolder). This means they can manage the content of every high privilege Exchange groups.\\r\\n\\r\\nℹ️ It is recommended to not use this group and to monitor its changes.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ADGroupHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"268bd356-7d05-41c3-9867-00c6ab198c5a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Parentgroup)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"showExportToExcel\":true,\"showAnalytics\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000}},{\"id\":\"9d02cad2-f4c5-418d-976f-b88b56f80cb5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LastLogon\",\"label\":\"Last Logon\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ {\\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true},\\r\\n{ \\\"value\\\": \\\"90d\\\", \\\"label\\\": \\\"90d\\\" },\\r\\n    { \\\"value\\\": \\\"180d\\\", \\\"label\\\": \\\"6m\\\" },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1085d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"},{\"id\":\"9e591429-d8ea-40c2-80c1-2426c72c92d5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PasswordLast\",\"label\":\"Password Last Set\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"0d\\\", \\\"label\\\": \\\"No filter\\\",\\\"selected\\\":true },\\r\\n    { \\\"value\\\": \\\"365d\\\", \\\"label\\\": \\\"1y\\\" },\\r\\n{ \\\"value\\\": \\\"730d\\\", \\\"label\\\": \\\"2y\\\" },\\r\\n{ \\\"value\\\": \\\"1095d\\\", \\\"label\\\": \\\"3y\\\" },\\r\\n{ \\\"value\\\": \\\"1097d\\\", \\\"label\\\": \\\"more than 3y\\\"},\\r\\n{ \\\"value\\\": \\\"3650d\\\", \\\"label\\\": \\\"more than 10y\\\"}\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":1,\"content\":{\"json\":\"Overview of high privileges AD Groups' content.\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\\r\\n\\r\\n❌ : for last logon displayed when user logged or the last logon is greater than 180 days\\r\\n\\r\\n❌ : for password last set displayed when last password set greater than 365 days\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ADGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| search CmdletResultValue.Parentgroup == \\\"{Group}\\\"\\r\\n| where todatetime (CmdletResultValue.LastPwdSetString) < ago({PasswordLast}) or tostring (CmdletResultValue.LastPwdSetString) == \\\"\\\"\\r\\n| where todatetime (CmdletResultValue.LastLogonString) < ago({LastLogon}) or tostring (CmdletResultValue.LastLogonString) == \\\"\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| sort by tostring(CmdletResultValue.MemberPath) asc \\r\\n| project CmdletResultValue\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend Level = tostring(CmdletResultValue.Level)\\r\\n| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n| extend LastLogon = tostring(CmdletResultValue.LastLogonString)\\r\\n| extend LastLogon = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastLogonString) > ago(180d), CmdletResultValue.LastLogonString,iff (LastLogon==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastLogon))))\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend LastPwdSet = iif(ObjectClass==\\\"group\\\" or ObjectClass==\\\"computer\\\" or ObjectClass==\\\"Local User\\\" or ObjectClass==\\\"computer\\\",\\\"N/A\\\",iif ( todatetime (CmdletResultValue.LastPwdSetString) >  ago(366d), CmdletResultValue.LastPwdSetString,iff (LastPwdSet==\\\"\\\", \\\"❌ No logon\\\",strcat(\\\"❌\\\",LastPwdSet))))\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| sort by MemberPath asc\\r\\n//| extend MemberPath = case( ObjectClass == \\\"group\\\", strcat( \\\"👪 \\\", MemberPath), ObjectClass == \\\"computer\\\", strcat( \\\"💻 \\\", MemberPath), strcat( \\\"🧑‍🦰 \\\", MemberPath) )\\r\\n| project-away CmdletResultValue,Parentgroup\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletResultValue\",\"formatter\":5},{\"columnMatch\":\"Parentgroup\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"AD Group\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"ExchAD\"},\"name\":\"Exchange and AD GRoup\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Security configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This tab displays differents security configuration for transport components.\"},\"name\":\"text - 10\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.PermissionGroupsString contains \\\"Anonymous\\\"\\r\\n| summarize Count = countif (CmdletResultValue.PermissionGroupsString contains \\\"Anonymous\\\")  by Name,tostring(CmdletResultValue.Server.Name)\\r\\n\",\"size\":0,\"title\":\"Anonymous Configuration\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"yAxis\":[\"Count\"],\"group\":\"CmdletResultValue_Server_Name\",\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"33\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RCAnonymous\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| extend Identity = tostring(Identity)\\r\\n|summarize count() by Identity\",\"size\":0,\"title\":\"OpenRelay with \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" for Anonymous\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"33\",\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.AuthMechanismString contains (\\\"ExternalAuthoritative\\\")\\r\\n| extend Server = tostring(CmdletResultValue.Server.Name)\\r\\n| summarize count() by Name,Server\\r\\n\",\"size\":0,\"title\":\"Open Relay using with Externally Secure\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"33\",\"name\":\"query - 2\"}]},\"name\":\"group - 8\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors OpenRelay using Extended Right \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" for Anonymous\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This view shows all **Receive Connectors** configured configured as Open Relay with the Extended Rights \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" set on the Receive Connector object in the Configuration partition.\\r\\n\\r\\n\\r\\nRemember that with this configuration, the Exchange servers can be used to send emails outside the organization. Depending on the configuration, the connectors may be protected by IPs. However, IP protection is not safe configuration.\\r\\n\\r\\nYou can check if the \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" ExtendedRights has been added on the Receive connector for Anonymous with PowerShell: `Get-ReceiveConnector  | Get-ADPermission | ? {$_.ExtendedRights -like \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\"}`\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019\\\" target=\\\"_blank\\\">Allow anonymous relay on Exchange server</a>\\r\\n\\r\\nSee the section \\\"Receive Connectors with Anonymous Permission\\\" for additional information regarding Anonymous authentication and IP protection.\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ReceiveConnectorsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"fa5f9749-d6f8-436f-ae00-cba306713bac\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.ServerRole <> \\\"64\\\"\\r\\n| extend SRVName = tostring(CmdletResultValue.Name)\\r\\n| distinct SRVName\\r\\n| sort by SRVName asc\",\"typeSettings\":{\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"14912e83-60a1-4a21-a34b-500d4662a666\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NoIPRestriction\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":\\\"False\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":1,\"content\":{\"json\":\"The toogle buttom help you to sort by:\\r\\n\\r\\n- Server\\r\\n- Receive connectors with no IP restrictions\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RCAnonymous\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project Identity,CmdletResultValue\\r\\n| extend Identity = tostring(Identity)\\r\\n| extend Server = replace_string(replace_string(tostring(split(CmdletResultValue.DistinguishedName,\\\",\\\",3)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n|join kind=leftouter  ( ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\") ) on $left.Identity == $right.Name\\r\\n| where CmdletResultValue1.Server.Name contains \\\"{Server}\\\"\\r\\n| where (CmdletResultValue1.RemoteIPRanges contains \\\"0.0.0.0\\\" or CmdletResultValue1.RemoteIPRanges contains \\\"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\\\") in ({NoIPRestriction})\\r\\n| where CmdletResultValue1.PermissionGroupsString contains \\\"Anonymous\\\" //> 12 and CmdletResultValue.PermissionGroups != 14 and CmdletResultValue.PermissionGroups != 16\\r\\n| extend Server = tostring(CmdletResultValue1.Server.Name)\\r\\n| extend Name = tostring(CmdletResultValue1.Name)\\r\\n| extend TransportRole = iff(CmdletResultValue1.TransportRole== \\\"32\\\" , \\\"HubTransport\\\", \\\"FrontendTransport\\\")\\r\\n| extend Enabled = tostring(CmdletResultValue1.Enabled)\\r\\n| extend PermissionGroups = tostring(CmdletResultValue1.PermissionGroupsString) \\r\\n| extend AuthMechanism = tostring(CmdletResultValue1.AuthMechanismString)\\r\\n| mv-expand RemoteIPall=CmdletResultValue1.RemoteIPRanges\\r\\n| mv-expand BindingAllall=CmdletResultValue1.Bindings\\r\\n| extend RemoteIP= RemoteIPall.Expression\\r\\n| extend IP= strcat (BindingAllall.Address,\\\"-\\\",BindingAllall.Port)\\r\\n| summarize Bindings = make_set(tostring(IP)),RemoteIPRange = make_set(tostring(RemoteIP)) by Server,Name,TransportRole,Enabled,PermissionGroups,AuthMechanism\\r\\n| sort  by Server asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"name\":\"RCAnonymousQuery\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Receive Connectors OpenRelay using Extended Right \\\"ms-Exch-SMTP-Accept-Any-Recipient\\\" for Anonymous\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors OpenRelay using Authentication ExternalAuthoritative\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This view shows all Receive Connectors configured with authentication set to Externally Secure. With this configuration the Receive connector will be allow as Open Relay.\\r\\n\\r\\nRemember that with this configuration, the Exchange servers can be used to send emails outside the organization. Depending on the configuration, the connectors may be protected by IP. However, IP protection is not safe configuration.\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019\\\" target=\\\"_blank\\\">Allow anonymous relay on Exchange server</a>\\r\\n\\r\\nSee the section \\\"Receive Connectors with Anonymous Permission\\\" for additional information regarding Anonymous authentication and IP protection.\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ReceiveConnectorsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"195a66a1-7aa2-4564-bd3b-233049d6f101\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.ServerRole <> \\\"64\\\"\\r\\n| extend SRVName = tostring(CmdletResultValue.Name)\\r\\n| distinct SRVName\\r\\n| sort by SRVName asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"4ef1d2a2-a13f-4bd4-9e66-2d9a15ad8a7a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NoIPRestriction\",\"type\":10,\"description\":\"See Receive Connectors with no IP restriction\",\"isRequired\":true,\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":\\\"False\\\" }\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"The toogle buttom help you to sort by:\\r\\n\\r\\n- Server\\r\\n- Receive connectors with no IP restrictions\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Server.Name contains \\\"{Server}\\\"\\r\\n| where (CmdletResultValue.RemoteIPRanges contains \\\"0.0.0.0\\\" or CmdletResultValue.RemoteIPRanges contains \\\"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\\\") in ({NoIPRestriction})\\r\\n| where CmdletResultValue.AuthMechanismString contains \\\"ExternalAuthoritative\\\" //> 12 and CmdletResultValue.PermissionGroups != 14 and CmdletResultValue.PermissionGroups != 16\\r\\n| project CmdletResultValue\\r\\n| extend Server = tostring(CmdletResultValue.Server.Name)\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend TransportRole = iff(CmdletResultValue.TransportRole== \\\"32\\\" , \\\"HubTransport\\\", \\\"FrontendTransport\\\")\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend PermissionGroups = tostring(CmdletResultValue.PermissionGroupsString)\\r\\n//| extend Bindings = iif(tostring(parse_json(tostring(CmdletResultValue.Bindings))[1].Port )!=\\\"\\\",tostring(strcat(tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Address),\\\"-\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Port),\\\",\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[1].Address),\\\"-\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[1].Port))),tostring(strcat(tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Address),\\\"-\\\",tostring(parse_json(tostring(CmdletResultValue.Bindings))[0].Port))))\\r\\n//| extend RemoteIPRanges = tostring(CmdletResultValue.RemoteIPRanges)\\r\\n| extend AuthMechanism = tostring(CmdletResultValue.AuthMechanismString)\\r\\n| mv-expand RemoteIPall=CmdletResultValue.RemoteIPRanges\\r\\n| mv-expand BindingAllall=CmdletResultValue.Bindings\\r\\n| extend RemoteIP= RemoteIPall.Expression\\r\\n| extend IP= strcat (BindingAllall.Address,\\\"-\\\",BindingAllall.Port)\\r\\n| summarize Bindings = make_set(tostring(IP)),RemoteIPRange = make_set(tostring(RemoteIP)) by Server,Name,TransportRole,Enabled,PermissionGroups,AuthMechanism\\r\\n| sort  by Server asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Receive Connectors configure with Externally Secured Authentication\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Security Transport  Configuration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Receive Connectors with Anonymous Permission\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This view shows all Receive Connectors configured with Anonymous authentication. It is not recommended to configure connectors with Anonymous authentication.\\r\\n\\r\\nWhen configured with Anonymous and No Ip Restriction, any machine can initiate an SMTP session with the Receive Connectors. This can then be used send emails (SPAM/Virus/Phishing....) to all the mailboxes in the organization. The mail will be seen as an internal mail and might bypass some protections.\\r\\n\\r\\nIf you absolute need this configuration because some of your application does not support Authentication, it is strongly recommended to limit the IP addresses that can establish SMTP sessions with Exchange. Do not use range of subnet.\\r\\n\\r\\nThis section has an option button to display \\r\\n     All Receive Connectors with Anonymous (No)\\r\\n     All Receive Connectors with Anonymous and with no IP Restriction (Yes)\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"ReceiveConnectorsHelp\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"195a66a1-7aa2-4564-bd3b-233049d6f101\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Server\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExchangeServers\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.ServerRole <> \\\"64\\\"\\r\\n| extend SRVName = tostring(CmdletResultValue.Name)\\r\\n| distinct SRVName\\r\\n| sort by SRVName asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"bcb24a01-9242-4fec-b30a-02b0583cbc87\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"NoIPRestriction\",\"type\":10,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n { \\\"value\\\": \\\"True\\\", \\\"label\\\": \\\"Yes\\\" },\\r\\n { \\\"value\\\": \\\"True,False\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":\\\"False\\\" }\\r\\n]\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":1,\"content\":{\"json\":\"The toogle buttom help you to sort by:\\r\\n\\r\\n- Server\\r\\n- Receive connectors with no IP restrictions\"},\"name\":\"text - 3 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ReceiveConnector\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.Server.Name contains \\\"{Server}\\\"\\r\\n| where (CmdletResultValue.RemoteIPRanges contains \\\"0.0.0.0\\\" or CmdletResultValue.RemoteIPRanges contains \\\"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\\\") in ({NoIPRestriction})\\r\\n| where CmdletResultValue.PermissionGroupsString contains \\\"Anonymous\\\" //> 12 and CmdletResultValue.PermissionGroups != 14 and CmdletResultValue.PermissionGroups != 16\\r\\n| project CmdletResultValue\\r\\n| extend Server = tostring(CmdletResultValue.Server.Name)\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend TransportRole = iff(CmdletResultValue.TransportRole== \\\"32\\\" , \\\"HubTransport\\\", \\\"FrontendTransport\\\")\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend PermissionGroups = tostring(CmdletResultValue.PermissionGroupsString) \\r\\n| extend AuthMechanism = tostring(CmdletResultValue.AuthMechanismString)\\r\\n| mv-expand RemoteIPall=CmdletResultValue.RemoteIPRanges\\r\\n| mv-expand BindingAllall=CmdletResultValue.Bindings\\r\\n| extend RemoteIP= RemoteIPall.Expression\\r\\n| extend IP= strcat (BindingAllall.Address,\\\"-\\\",BindingAllall.Port)\\r\\n| summarize Bindings = make_set(tostring(IP)),RemoteIPRange = make_set(tostring(RemoteIP)) by Server,Name,TransportRole,Enabled,PermissionGroups,AuthMechanism\\r\\n| sort  by Server asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Receive Connectors configure with Anonymous Permission\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Server\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Receive Connectors configure with Anonymous Permission\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Rules with specific actions to monitor\",\"items\":[{\"type\":1,\"content\":{\"json\":\"A  common way used by attackers to exfiltrate data is to set Transport Rules that send all or sensitive messages outside the organization or to a mailbox where they already have full control.\\r\\n\\r\\nThis section shows your Transport rules with sentitive actions that can lead to data leaks:\\r\\n- BlindCopyTo\\r\\n- RedirectMessageTo\\r\\n- CopyTo\\r\\n\\r\\n\\r\\nFor more information :\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rules?view=exchserver-2019\\\" target=\\\"_blank\\\">Mail flow rules in Exchange Serve</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"TransportRule\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Identity = iif( CmdletResultValue.Identity contains \\\"OrgHierarchyToIgnore\\\",tostring(CmdletResultValue.Identity.Name),tostring(CmdletResultValue.Identity))\\r\\n//| extend State = tostring(CmdletResultValue.State)\\r\\n| extend Status= iff ( tostring(CmdletResultValue.State)== \\\"Enabled\\\" or tostring(CmdletResultValue.State)== \\\"1\\\" , \\\"Enabled\\\",iff(tostring(CmdletResultValue.State)==\\\"\\\",\\\"\\\", \\\"Disabled\\\"))\\r\\n| extend SentTo = tostring(CmdletResultValue.SentToString)\\r\\n| extend BlindCopyTo = tostring(CmdletResultValue.BlindCopyToString)\\r\\n| extend CopyTo = tostring(CmdletResultValue.CopyToString)\\r\\n| extend RedirectMessageTo = tostring(CmdletResultValue.RedirectMessageToString)\\r\\n| extend Mode = tostring(CmdletResultValue.Identity.Mode)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Identity asc\\r\\n| sort  by Status desc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Transport Rules actions to monitor\"},{\"type\":1,\"content\":{\"json\":\"### Journal Mailboxes\"},\"name\":\"JournalMailboxHelp\"},{\"type\":1,\"content\":{\"json\":\"The **Journal Mailboxes** contain emails sent and received by specific or all users. The content of these mailboxes is very sensitives.\\r\\n\\r\\nJournal Rules should be reviewed to check if they are still needed. Mailbox audit should be set on these mailboxes. Also by default, no one should access to these mailboxes.\\r\\n\\r\\nThen, it is recommended to regularly check who have Full Access mailbox or Receive As on these mailboxes.\\r\\nAdditional information :\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling in Exchange Server</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling-procedures?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling procedures</a>\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Mailbox audit logging in Exchange Server</a>\\r\\n\\r\\n\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"JournalHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"JournalRule\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Identity = tostring(CmdletResultValue.Identity)\\r\\n| extend Status= iff ( tostring(CmdletResultValue.Enabled)== \\\"Enabled\\\" or tostring(CmdletResultValue.Enabled)== \\\"1\\\" , \\\"Enabled\\\", iff(tostring(CmdletResultValue.Enabled)==\\\"\\\",\\\"\\\", \\\"Disabled\\\"))\\r\\n//| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend JournalEmailAddress = tostring(CmdletResultValue.JournalEmailAddress)\\r\\n| extend Recipient = tostring(CmdletResultValue.Recipient)\\r\\n| sort  by Identity asc\\r\\n| sort  by Status desc\\r\\n| project-away CmdletResultValue\\r\\n\",\"size\":1,\"showAnalytics\":true,\"title\":\"Journal Rules configured in your environment\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"JournalQuery\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Journal Recipients on mailbox databases configured in your environment\",\"items\":[{\"type\":1,\"content\":{\"json\":\"As Journal Recipient on databases send all the mail send to users in this database to a specific mailbox. The content of these mailboxes is very sensitive.\\r\\n\\r\\nJournal Recipients configuration should be reviewed to check if they are still needed. Mailbox audit should be set on these mailboxes. No one should have access to these mailboxes by default.\\r\\n\\r\\nIt is recommended to regularly check who have Full Access or Receive As on these mailboxes.\\r\\n\\r\\nAdditional information :\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling in Exchange Server</a>\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/journaling/journaling-procedures?view=exchserver-2019\\\" target=\\\"_blank\\\">Journaling procedures</a>\\r\\n\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging?view=exchserver-2019\\\" target=\\\"_blank\\\">Mailbox audit logging in Exchange Server</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"JournalRecipientsHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MbxDBJournaling\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| where CmdletResultValue.JournalRecipient !=\\\"\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Identity = tostring(CmdletResultValue.Identity.Name)\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend JournalRecipient = tostring(CmdletResultValue.JournalRecipient)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Identity asc\\r\\n\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"JournalRecipientsGroup\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Remote Domain Autofoward Configuration - * should not allow AutoForwardEnabled\",\"items\":[{\"type\":1,\"content\":{\"json\":\"If **AutoForwardEnabled** is set to True for an SMTP domain, then users in Outlook are allowed to set automatic transfer of all their emails to addresses in this domain.\\r\\n\\r\\nWhen the Default Remote domain is set to * and has the AutoForwardEnabled set True, any user can configure an Outlook rule to automatically forward all emails to any SMTP domain domains outside the organization. This is a high risk configuration as it might allow accounts to leak information. \\r\\n\\r\\nAlso, when setting AutoForwardEnabled to a specific domain, it is strongly recommended enable TLS encryption.\\r\\n\\r\\nAdditional information:\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/remote-domains-exchange-2013-help\\\" target=\\\"_blank\\\">Remote Domains</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"AutoForwardHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RemoteDomain\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name =  tostring(CmdletResultValue.Name)\\r\\n| extend Address =  tostring(CmdletResultValue.DomainName.Address)\\r\\n| extend AutoForwardEnabled =  iff (CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.Address == \\\"*\\\", strcat (\\\"❌\\\",tostring(CmdletResultValue.AutoForwardEnabled)),iff(CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.Address != \\\"*\\\", strcat (\\\"⚠️\\\",tostring(CmdletResultValue.AutoForwardEnabled)),strcat (\\\"✅\\\",tostring(CmdletResultValue.AutoForwardEnabled))))\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Address asc \",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"Accepted domains set to * authorize Open Relay.\\r\\n\\r\\nMore information:\\r\\n\\r\\n<a href=\\\"https://learn.microsoft.com/exchange/mail-flow/accepted-domains/accepted-domains?view=exchserver-2019\\\" target=\\\"_blank\\\">Accepted domains</a>\\r\\n\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"AcceptedDomain\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"On-Premises\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.DomainName.Address == \\\"*\\\"\\r\\n| extend Name =  tostring(CmdletResultValue.Name)\\r\\n| extend Address =  tostring(CmdletResultValue.DomainName.Address)\\r\\n| extend Address =  \\\"* : ❌ OpenRelay configuration\\\"\\r\\n| extend DomainType =  case(CmdletResultValue.DomainType==\\\"0\\\",\\\"Authoritative Domain\\\",CmdletResultValue.DomainType==\\\"1\\\",\\\"ExternalRelay\\\",CmdletResultValue.DomainType==\\\"2\\\",\\\"InternalRelay\\\",\\\"NotApplicable\\\")\\r\\n| project-away CmdletResultValue\",\"size\":1,\"showAnalytics\":true,\"title\":\"Accepted domain with *\",\"noDataMessage\":\"Accepted Domain * not confirgured (no Open Relay)\",\"noDataMessageStyle\":3,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ForwardGroup\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Transport\"},\"name\":\"Transport Security configuration\"}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeSecurityReview\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -2793,9 +2753,9 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
@@ -2811,43 +2771,36 @@
                     {
                       "contentId": "ESI-ExchangeAdminAuditLogEvents",
                       "kind": "DataConnector"
-                    }
+                                        }
                   ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId4')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook4-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId4')]",
+        "id": "[variables('_workbookcontentProductId4')]",
+        "version": "[variables('workbookVersion4')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange On-Premises Analytics Rule 1 with template",
-        "displayName": "Microsoft Exchange Security - Exchange On-Premises AR template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CriticalCmdletsUsageDetection_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "CriticalCmdletsUsageDetection_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion1')]",
@@ -2856,7 +2809,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId1')]",
+              "name": "[variables('analyticRulecontentId1')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2875,10 +2828,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "ESI-ExchangeAdminAuditLogEvents",
                     "dataTypes": [
                       "Event"
-                    ]
+                    ],
+                    "connectorId": "ESI-ExchangeAdminAuditLogEvents"
                   }
                 ],
                 "tactics": [
@@ -2959,44 +2912,37 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "VIP Mailbox manipulation",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange On-Premises Analytics Rule 2 with template",
-        "displayName": "Microsoft Exchange Security - Exchange On-Premises AR template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ServerOrientedWithUserOrientedAdministration_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "ServerOrientedWithUserOrientedAdministration_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion2')]",
@@ -3005,7 +2951,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId2')]",
+              "name": "[variables('analyticRulecontentId2')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -3024,10 +2970,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "ESI-ExchangeAdminAuditLogEvents",
                     "dataTypes": [
                       "Event"
-                    ]
+                    ],
+                    "connectorId": "ESI-ExchangeAdminAuditLogEvents"
                   }
                 ],
                 "tactics": [
@@ -3108,24 +3054,42 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Server Oriented Cmdlet And User Oriented Cmdlet used",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.0",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Microsoft Exchange Security - Exchange On-Premises",
+        "publisherDisplayName": "Community",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The Exchange Security Audit and Configuration Insight solution analyze Exchange On-Premises configuration and logs from a security lens to provide insights and alerts.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><p><a href=\"https://learn.microsoft.com/azure/azure-monitor/agents/data-sources-windows-events\">Windows Event logs collection, including MS Exchange Management Event logs</a></p>\n</li>\n<li><p><a href=\"https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell\">Custom logs ingestion via Data Collector REST API</a></p>\n</li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 3, <strong>Workbooks:</strong> 4, <strong>Analytic Rules:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -3138,9 +3102,9 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "dependencies": {
           "operator": "AND",
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.txt b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.txt
deleted file mode 100644
index 75c7471c2ae..00000000000
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeAdminAuditLogs.txt	
+++ /dev/null
@@ -1,61 +0,0 @@
-// Title:           ESI - Exchange Admin Audit Logs Parser
-// Author:          Microsoft
-// Version:         1.0
-// Last Updated:    15/11/2022
-// Comment:  
-//      v1.0 : 
-//          - Function initilisation for Sentinel Solution
-//  
-// DESCRIPTION:
-// This parser takes raw Exchange Admin Audit Logs and add elements like ESI Environment, VIP information, sensitive information, etc...
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name "ExchangeAdminAuditLogs".
-// 3. Function App usually take 10-15 minutes to activate. You can then use Function Alias for other queries
-//
-// DEPENDENCY:
-// This parser is linked to "ExchangeVIP" whatchlist
-//
-// REFERENCE: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-//
-// LOG SAMPLES:
-// This parser assumes that MS Exchange Management Logs from Exchange Servers Event Logs are collected in Log Analytics.
-//
-//
-let cVIPs = _GetWatchlist('ExchangeVIP') | project tostring(canonicalName) ;
-let sVIPs = _GetWatchlist('ExchangeVIP') | project tostring(sAMAccountName) ;
-let CmdletCheck = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv"]with(format="csv",ignoreFirstRecord=true);
-let SensitiveCmdlets = externaldata (Cmdlet:string, UserOriented:string, RestrictToParameter:string, Parameters:string)[h"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/CmdletWatchlist.csv"]with(format="csv",ignoreFirstRecord=true) | project tostring(Cmdlet) ;
-let Env = ExchangeConfiguration(SpecificSectionList="ESIEnvironment")
-| extend DomainFQDN_ = tostring(CmdletResultValue.DomainFQDN)
-| project DomainFQDN_, ESIEnvironment;
-let MSExchange_Management = (){
-    Event
-    | where EventLog == 'MSExchange Management'
-    | where EventID in (1,6) // 1 = Success, 6 = Failure
-    | parse ParameterXml with '<Param>' CmdletName '</Param><Param>' CmdletParameters '</Param><Param>' Caller '</Param><Param>' *
-    | extend TargetObject = iif( CmdletParameters has "-Identity ", split(split(CmdletParameters,'-Identity ')[1],'"')[1], iif( CmdletParameters has "-Name ", split(split(CmdletParameters,'-Name ')[1],'"')[1], ""))
-    | extend Status = case( EventID == 1, 'Success', 'Failure')
-    | extend IsVIP = iif(TargetObject in (cVIPs) or TargetObject in (sVIPs), true, false)
-    | extend CmdletNameJoin = tolower(CmdletName)
-    | join kind=leftouter  ( 
-        CmdletCheck
-    | extend CmdletNameJoin = tolower(Cmdlet)
-    ) on CmdletNameJoin
-    | extend DomainEnv = replace_string(Computer,strcat(tostring(split(Computer,'.',0)[0]),'.'),'')
-    | join kind=leftouter  ( 
-        Env
-    ) on $left.DomainEnv == $right.DomainFQDN_
-    | extend ESIEnvironment = iif (isnotempty(ESIEnvironment), ESIEnvironment, strcat("Unknown-",DomainEnv))
-    | extend IsSenstiveCmdlet = iif( isnotempty(CmdletNameJoin1) , true, false) 
-    | extend IsRestrictedCmdLet = iif(IsSenstiveCmdlet == true, iif( RestrictToParameter == "Yes", true, false), dynamic(null))
-    | extend RestrictedParameters = iif(IsSenstiveCmdlet == true, split(tolower(Parameters),';'), dynamic(null))
-    | extend ExtractedParameters = iif(IsSenstiveCmdlet == true,extract_all(@"\B(-\w+)", tolower(CmdletParameters)), dynamic(null))
-    | extend IsSenstiveCmdletParameters = iif(IsSenstiveCmdlet == true,iif( array_length(set_difference(ExtractedParameters,RestrictedParameters)) == array_length(ExtractedParameters), false, true ) , false)
-    | extend IsSensitive = iif( ( IsSenstiveCmdlet == true and IsRestrictedCmdLet == false ) or (IsSenstiveCmdlet == true and IsRestrictedCmdLet == true and IsSenstiveCmdletParameters == true ), true, false )
-    //| project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters
-    | project TimeGenerated,Computer,Status,Caller,TargetObject,IsVIP,CmdletName,CmdletParameters,IsSenstiveCmdlet,IsRestrictedCmdLet,ExtractedParameters,RestrictedParameters,IsSenstiveCmdletParameters,IsSensitive,UserOriented, ESIEnvironment
-};
-MSExchange_Management
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.txt b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.txt
deleted file mode 100644
index 151ccaa2dee..00000000000
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.txt	
+++ /dev/null
@@ -1,72 +0,0 @@
-// Title:           ESI - Exchange Configuration Parser
-// Author:          Microsoft
-// Version:         1.6
-// Last Updated:    13/10/2022
-// Comment:  
-//      v1.6 : 
-//          - Change consumption of Identity_Name_S by IdentityString_s. Requires CollectExchSecIns Script version 7.5.1 minimum
-//      v1.5 : 
-//          - Change the usage of TimeGenerated instead of EntryDate for filtering BaseRequest.
-//          - Change alllife duration to 1080 days instead of 90 days.  
-//      v1.4 : 
-//          - Capacity to find all configuration without date limitation with the keyword "alllife" in SpecificConfigurationDate    
-//      v1.3 : 
-//          - Adding fuzzy mode to be able to have only On-Premises or Online tables
-//          - Simplify the request
-//  
-// DESCRIPTION:
-// This parser takes raw ESI Exchange Configuration Collector to pivot raw information and retrieve a specific date configuration. This is the same parser for Exchange On-Premises version and Exchange online version of the solution.
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name "ExchangeConfiguration".
-// Parameters : 4 parameters to add during creation. 
-//    1. SpecificSectionList, type string, default value ""
-//    2. SpecificConfigurationDate, type string, default value "lastdate"
-//    3. Target, type string, default value "On-Premises"
-//    4. SpecificConfigurationEnv, type string, default value "All"
-// 3. Function App usually take 10-15 minutes to activate. You can then use Function Alias for other queries
-//
-//
-// REFERENCE: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-//
-// LOG SAMPLES:
-// This parser assumes the raw log from the ESI Exchange Collector are on the ESIExchangeConfig_CL and/or ESIExchangeOnlineConfig_CL tables and are uploaded using the builtin REST API uploader of the Collector.
-//
-//
-// Parameters
-let _SpecificSectionList = split(SpecificSectionList,',');
-let _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),"lastdate",tostring(SpecificConfigurationDate));
-let _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == "all","All",tostring(SpecificConfigurationEnv)),',');
-let _target = iff(isnull(Target) or isempty(Target),"On-Premises",Target);
-// Building Base Request
-let _targetDate = iff(_configurationDate == "lastdate", ago(7d), iif(_configurationDate == "alllife",ago(1080d),todatetime(_configurationDate)));
-let baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* 
-    | where TimeGenerated > _targetDate
-    | extend Source = iff (TableName contains "Online", "Online", "On-Premises")
-    | where _target == 'All' or Source == _target
-    | extend ScopedEnvironment = iff(_configurationEnv contains "All", "All",ESIEnvironment_s) 
-    | where ScopedEnvironment in (_configurationEnv)
-    | extend EntryDate = todatetime(EntryDate_s)
-    | project-away EntryDate_s);
-// Find Config Id (can be multiple id in all)
-let findConfigDate = baseRequest
-    | extend Env =strcat(Source, "_",ESIEnvironment_s)
-    | summarize count() by GenerationInstanceID_g,Env,EntryDate
-    | extend distance = iff(_configurationDate == "lastdate" or _configurationDate == "alllife", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))
-    | top-nested of Env by Ignore0=max(1), 
-        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, 
-        top-nested of GenerationInstanceID_g by Ignore2=max(2) 
-    | project GenerationInstanceID_g;
-// Parse Result
-let ParseExchangeConfig = () { baseRequest 
- | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g
- | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)
- | extend TimeGenerated = EntryDate
- | extend Identity = IdentityString_s
- | extend CmdletResultValue = parse_json(rawData_s)
- | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s
- | project-away TenantId,SourceSystem,Type,EntryDate
-};
-ParseExchangeConfig
\ No newline at end of file
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml
index 2cb0c5fff34..37d0526c648 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeConfiguration.yaml	
@@ -6,7 +6,25 @@ Function:
 Category: Microsoft Sentinel Parser
 FunctionName: ExchangeConfiguration
 FunctionAlias: ExchangeConfiguration
+FunctionParams:
+    - Name: SpecificSectionList
+      Type: string
+      Description: The list of section to query. Default is all.
+      DefaultValue: ''
+    - Name: SpecificConfigurationDate
+      Type: string
+      Description: The date to query. Default is last 7 days.
+      DefaultValue: 'lastdate'
+    - Name: SpecificConfigurationEnv
+      Type: string
+      Description: The environment to query. Default is all.
+      DefaultValue: 'All'
+    - Name: Target
+      Type: string
+      Description: The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises".
+      DefaultValue: 'On-Premises'
 FunctionQuery: |
+    // Parameters definition
     let _SpecificSectionList = split(SpecificSectionList,',');
     let _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),"lastdate",tostring(SpecificConfigurationDate));
     let _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == "all","All",tostring(SpecificConfigurationEnv)),',');
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.txt b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.txt
deleted file mode 100644
index bde6f25ebdf..00000000000
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.txt	
+++ /dev/null
@@ -1,33 +0,0 @@
-// Title:           ESI - Exchange Configuration Environment List Generator
-// Author:          Microsoft
-// Version:         1.2
-// Last Updated:    19/09/2022
-// Comment:         
-//      v1.2 : 
-//          - Adding fuzzy mode to be able to have only On-Premises or Online tables
-//  
-// DESCRIPTION:
-// This parser takes raw ESI Exchange Configuration Collector to list Exchange Environments that are loaded in the tables. This is the same parser for Exchange On-Premises version and Exchange online version of the solution.
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name "ESI_ExchConfigAvailableEnvironments".
-// Parameters : 1 parameter to add during creation. 
-//    1. Target, type string, default value "On-Premises"
-// 3. Function App usually take 10-15 minutes to activate. You can then use Function Alias for other queries
-//
-//
-// REFERENCE: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-//
-// LOG SAMPLES:
-// This parser assumes the raw log from the ESI Exchange Collector are on the ESIExchangeConfig_CL and/or ESIExchangeOnlineConfig_CL tables and are uploaded using the builtin REST API uploader of the Collector.
-//
-//
-// Parameters
-let _target = iff(isnull(Target) or isempty(Target),"On-Premises",Target);
-let ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*
-    | extend Source = iff (TableName contains "Online", "Online", "On-Premises")
-    | where _target == 'All' or Source == _target;
-// Base Request
-ScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s
\ No newline at end of file
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.yaml b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.yaml
index 7a75a162d1b..76bab8257d3 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.yaml	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Parsers/ExchangeEnvironmentList.yaml	
@@ -1,4 +1,4 @@
-id: 1acab329-1c11-42a7-b5ea-41264947947a
+id: fa748dc3-00ee-41cb-b54e-8acd56041b2a
 Function:
   Title: Parser for ExchangeEnvironmentList
   Version: '1.0.0'
@@ -6,7 +6,13 @@ Function:
 Category: Microsoft Sentinel Parser
 FunctionName: ExchangeEnvironmentList
 FunctionAlias: ExchangeEnvironmentList
+FunctionParams:
+  - Name: Target
+    Type: string
+    Description: The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises".
+    DefaultValue: 'On-Premises'
 FunctionQuery: |
+    // Parameters definition
     let _target = iff(isnull(Target) or isempty(Target),"On-Premises",Target);
     let ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*
         | extend Source = iff (TableName contains "Online", "Online", "On-Premises")
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/ReleaseNotes.md b/Solutions/Microsoft Exchange Security - Exchange On-Premises/ReleaseNotes.md
new file mode 100644
index 00000000000..2c5f059d277
--- /dev/null
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/ReleaseNotes.md	
@@ -0,0 +1,4 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
+|-------------|--------------------------------|---------------------------------------------|
+| 3.0.0       | 08-23-2023                     | **ExchangeEnvironmentList**   parser name   |
+|             |                                | corrected in Workbooks.                     |
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Least Privilege with RBAC.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Least Privilege with RBAC.json
index 5df60b3ffb6..a1e67bf6702 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Least Privilege with RBAC.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Least Privilege with RBAC.json	
@@ -16,7 +16,7 @@
             "multiSelect": true,
             "quote": "'",
             "delimiter": ",",
-            "query": "ESI_ExchConfigAvailableEnvironments(Target=\"On-Premises\") | where ESIEnvironment != \"\"",
+            "query": "ExchangeEnvironmentList(Target=\"On-Premises\") | where ESIEnvironment != \"\"",
             "typeSettings": {
               "limitSelectTo": 1,
               "showDefault": false
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Security Review.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Security Review.json
index 57b0e06c7e7..50428e48bc4 100644
--- a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Security Review.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Workbooks/Microsoft Exchange Security Review.json	
@@ -23,7 +23,7 @@
             "multiSelect": true,
             "quote": "'",
             "delimiter": ",",
-            "query": "ESI_ExchConfigAvailableEnvironments(Target=\"On-Premises\") | where ESIEnvironment != \"\"",
+            "query": "ExchangeEnvironmentList(Target=\"On-Premises\") | where ESIEnvironment != \"\"",
             "typeSettings": {
               "limitSelectTo": 1,
               "showDefault": false
@@ -143,7 +143,7 @@
           {
             "type": 1,
             "content": {
-              "json": "# Workbook goals\r\n\r\nThe goal of this workbook is to outline key security configurations of your Exchange on-premises environment.\r\n\r\nMost of Exchange organizations have were installed years ago (sometimes more than 10 years). Many configurations have been done and might not have been documented. For most environments, the core commitment was maintaining a high availability of the users’ mailboxes putting aside other consideration (even security considerations). Recommended security practices have also evolved since the first released and a regular review is necessary.\r\n\r\nThis workbook is designed to show your Exchange organization is configured with a security point of view. Indeed, some configurations easy to display as there are no UI available.\r\n\r\nFor each configuration, you will find explanations and recommendations when applicable.\r\n\r\n- This workbook does not pretend to show you every weak Security configurations, but the most common issues and known to be used by attackers. \r\n- It will not show you if you have been comprised, but will help you identify unexpected configuration.\r\n\r\n----\r\n\r\n## Quick reminder of how Exchange works\r\n\r\nDuring Exchange installation two very important groups are created :\r\n- Exchange Trusted Subsystem : Contain all the computer accounts for Exchange Server\r\n- Exchange Windows Permissions : Contain the group Exchange trusted Subsystem\r\n\r\nThese groups have :\r\n- Very high privileges in ALL AD domains including the root domain\r\n- Right on any Exchange including mailboxes\r\n\r\nAs each Exchange server computer account is member of Exchange Trusted Subsystem, it means by taking control of the computer account or being System on an Exchange server you will gain access to all the permissions granted to Exchange Trusted Subsystem and Exchange Windows Permissions.\r\n\r\nTo protect AD and Exchange, it is very important to ensure the following:\r\n- There is a very limited number of persons that are local Administrator on Exchange server\r\n- To protect user right like : Act part of the operating System, Debug\r\n\r\nEvery service account or application that have high privileges on Exchange need to be considered as sensitive\r\n\r\n** 💡 Exchange servers need to be considered as very sensitive servers**\r\n\r\n-----\r\n\r\n\r\n## Tabs\r\n\r\n### Mailbox Access\r\n\r\nThis tab will show you several top sensitive delegations that allow an account to access, modify, act as another user, search, export the content of a mailbox.\r\n\r\n### Exchange & AD Groups\r\n\r\nThis tab will show you the members of Exchange groups and Sensitive AD groups.\r\n\r\n### Local Administrators\r\n\r\nThis tab will show you the non standard content of the local Administrators group. Remember that a member of the local Administrators group can take control of the computer account of the server and then it will have all the permissions associated with Exchange Trusted Subsytem and Exchange Windows Permissions\r\n\r\nThe information is displayed with different views : \r\n- List of nonstandard users\r\n- Number of servers with a nonstandard a user\r\n- Nonstandard groups content\r\n- For each user important information are displayed like last logon, last password set, enabled\r\n\r\n### Exchange Security configuration\r\n\r\nThis tab will show you some important configuration for your Exchange Organization\r\n- Status of Admin Audit Log configuration\r\n- Status of POP and IMAP configuration : especially, is Plaintext Authentication configured ?\r\n- Nonstandard permissions on the Exchange container in the Configuration Partition\r\n\r\n### Transport Configuration\r\n\r\nThis tab will show you the configuration of the main Transport components\r\n- Receive Connectors configured with Anonymous and/or Open Relay\r\n- Remote Domain Autoforward configuration\r\n- Transport Rules configured with BlindCopyTo, SendTo, RedirectTo\r\n- Journal Rule and Journal Recipient configurations\r\n- Accepted Domains with *\r\n\r\n"
+              "json": "# Workbook goals\r\n\r\nThe goal of this workbook is to outline key security configurations of your Exchange On-Premises environment.\r\n\r\nMost of Exchange organizations have were installed years ago (sometimes more than 10 years). Many configurations have been done and might not have been documented. For most environments, the core commitment was maintaining a high availability of the users’ mailboxes putting aside other consideration (even security considerations). Recommended security practices have also evolved since the first released and a regular review is necessary.\r\n\r\nThis workbook is designed to show your Exchange organization is configured with a security point of view. Indeed, some configurations easy to display as there are no UI available.\r\n\r\nFor each configuration, you will find explanations and recommendations when applicable.\r\n\r\n- This workbook does not pretend to show you every weak Security configurations, but the most common issues and known to be used by attackers. \r\n- It will not show you if you have been comprised, but will help you identify unexpected configuration.\r\n\r\n----\r\n\r\n## Quick reminder of how Exchange works\r\n\r\nDuring Exchange installation two very important groups are created :\r\n- Exchange Trusted Subsystem : Contain all the computer accounts for Exchange Server\r\n- Exchange Windows Permissions : Contain the group Exchange trusted Subsystem\r\n\r\nThese groups have :\r\n- Very high privileges in ALL AD domains including the root domain\r\n- Right on any Exchange including mailboxes\r\n\r\nAs each Exchange server computer account is member of Exchange Trusted Subsystem, it means by taking control of the computer account or being System on an Exchange server you will gain access to all the permissions granted to Exchange Trusted Subsystem and Exchange Windows Permissions.\r\n\r\nTo protect AD and Exchange, it is very important to ensure the following:\r\n- There is a very limited number of persons that are local Administrator on Exchange server\r\n- To protect user right like : Act part of the operating System, Debug\r\n\r\nEvery service account or application that have high privileges on Exchange need to be considered as sensitive\r\n\r\n** 💡 Exchange servers need to be considered as very sensitive servers**\r\n\r\n-----\r\n\r\n\r\n## Tabs\r\n\r\n### Mailbox Access\r\n\r\nThis tab will show you several top sensitive delegations that allow an account to access, modify, act as another user, search, export the content of a mailbox.\r\n\r\n### Exchange & AD Groups\r\n\r\nThis tab will show you the members of Exchange groups and Sensitive AD groups.\r\n\r\n### Local Administrators\r\n\r\nThis tab will show you the non standard content of the local Administrators group. Remember that a member of the local Administrators group can take control of the computer account of the server and then it will have all the permissions associated with Exchange Trusted Subsytem and Exchange Windows Permissions\r\n\r\nThe information is displayed with different views : \r\n- List of nonstandard users\r\n- Number of servers with a nonstandard a user\r\n- Nonstandard groups content\r\n- For each user important information are displayed like last logon, last password set, enabled\r\n\r\n### Exchange Security configuration\r\n\r\nThis tab will show you some important configuration for your Exchange Organization\r\n- Status of Admin Audit Log configuration\r\n- Status of POP and IMAP configuration : especially, is Plaintext Authentication configured ?\r\n- Nonstandard permissions on the Exchange container in the Configuration Partition\r\n\r\n### Transport Configuration\r\n\r\nThis tab will show you the configuration of the main Transport components\r\n- Receive Connectors configured with Anonymous and/or Open Relay\r\n- Remote Domain Autoforward configuration\r\n- Transport Rules configured with BlindCopyTo, SendTo, RedirectTo\r\n- Journal Rule and Journal Recipient configurations\r\n- Accepted Domains with *\r\n\r\n"
             },
             "name": "WorkbookInfo"
           }
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Data Connectors/ESI-ExchangeOnlineCollector.json b/Solutions/Microsoft Exchange Security - Exchange Online/Data Connectors/ESI-ExchangeOnlineCollector.json
index 06f7580a28b..2d2be503ce4 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Data Connectors/ESI-ExchangeOnlineCollector.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Data Connectors/ESI-ExchangeOnlineCollector.json	
@@ -19,14 +19,14 @@
     "dataTypes": [
         {
             "name": "ESIExchangeOnlineConfig_CL",
-            "lastDataReceivedQuery": "ESIExchangeOnlineConfig_CL\n            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n            | where isnotempty(Time)"
+            "lastDataReceivedQuery": "ESIExchangeOnlineConfig_CL            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s            | where isnotempty(Time)"
         }
     ],
     "connectivityCriterias": [
         {
             "type": "IsConnectedQuery",
             "value": [
-                "ESIExchangeOnlineConfig_CL\n            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n |take 1\n  | project IsConnected = true"
+                "ESIExchangeOnlineConfig_CL            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s |take 1  | project IsConnected = true"
             ]
         }
     ],
@@ -70,7 +70,7 @@
     },
     "instructionSteps": [
         {
-            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ESI_ExchConfigAvailableEnvironments**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser) \n\n**STEP 1 - Parsers deployment**",
+            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser) \n\n**STEP 1 - Parsers deployment**",
             "instructions": [ 
                 {
                     "parameters": {
@@ -78,7 +78,7 @@
                         "instructionSteps": [
                             {
                                 "title": "1. Download the Parser files",
-                                "description": "The latest version of the 2 files [**ExchangeConfiguration.txt**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList.txt**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser)"
+                                "description": "The latest version of the 2 files [**ExchangeConfiguration.yaml**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList.yaml**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser)"
                             },
                             {
                                 "title": "2. Create Parser **ExchangeConfiguration** function",
@@ -89,8 +89,8 @@
                                 "description": "Click on save button.\n Define the parameters as asked on the header of the parser file.\nClick save again."
                             },
                             {
-                                "title": "4. Reproduce the same steps for Parser **ESI_ExchConfigAvailableEnvironments**",
-                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.txt' file"
+                                "title": "4. Reproduce the same steps for Parser **ExchangeEnvironmentList**",
+                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.yaml' file"
                             }
                         ]
                     },
@@ -210,10 +210,9 @@
             "name": "ESI - Exchange Online Security Configuration Analyzer"
         },
         "support": {
-            "tier": "Microsoft",
-            "name": "Microsoft Corporation",
-            "email": "support@microsoft.com",
-            "link": "https://support.microsoft.com/"
+            "name": "Community",
+            "tier": "Community",
+            "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "author": {
             "name": "Microsoft"
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Data/Solution_MicrosoftExchangeSecurityExchangeOnline.json b/Solutions/Microsoft Exchange Security - Exchange Online/Data/Solution_MicrosoftExchangeSecurityExchangeOnline.json
index 82a299b1fbd..a7a78abf932 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Data/Solution_MicrosoftExchangeSecurityExchangeOnline.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Data/Solution_MicrosoftExchangeSecurityExchangeOnline.json	
@@ -7,8 +7,8 @@
 	"Data Connectors/ESI-ExchangeOnlineCollector.json"
   ],
   "Parsers": [
-	"Parsers/ExchangeConfiguration.txt",
-	"Parsers/ExchangeEnvironmentList.txt"
+	"Parsers/ExchangeConfiguration.yaml",
+	"Parsers/ExchangeEnvironmentList.yaml"
   ],
    "Workbooks": [
     "Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json",
@@ -16,7 +16,7 @@
   ],
   "Analytic Rules": [],
   "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange Online",
-  "Version": "2.0.0",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Package/3.0.0.zip b/Solutions/Microsoft Exchange Security - Exchange Online/Package/3.0.0.zip
new file mode 100644
index 00000000000..a6a21ee85c7
Binary files /dev/null and b/Solutions/Microsoft Exchange Security - Exchange Online/Package/3.0.0.zip differ
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Package/createUiDefinition.json b/Solutions/Microsoft Exchange Security - Exchange Online/Package/createUiDefinition.json
index db0a7827149..0cbf0f7948e 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Package/createUiDefinition.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe Microsoft Exchange Security Audit and Configuration Insights solution analyzes Exchange online configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)\n\n**Data Connectors:** 1, **Parsers:** 2, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Exchange%20Security%20-%20Exchange%20Online/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Exchange Security Audit and Configuration Insight solution analyze Exchange Online configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)\n\n**Data Connectors:** 1, **Parsers:** 2, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -55,33 +55,33 @@
         "name": "dataconnectors",
         "label": "Data Connectors",
         "bladeTitle": "Data Connectors",
-        "elements": [
+"elements": [
           {
             "name": "dataconnectors1",
             "type": "Microsoft.Common.Section",
             "label": "Data Connectors",
-            "elements": [
-              {
+        "elements": [
+          {
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
               "text": "This solution installs the data connector for collecting exchange online custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
-              }
+}
             ]
           },
-          {
+{
             "name": "dataconnectors-parser",
             "type": "Microsoft.Common.Section",
             "label": "Parsers",
             "elements": [
-              {
+          {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-                  "text": "The solution installs two (2) parsers that transform ingested data. The transformed logs can be accessed using the ExchangeConfiguration and ESI_ExchConfigAvailableEnvironments Kusto Function aliases."
+              "text": "The solution installs two (2) parsers that transform ingested data. The transformed logs can be accessed using the ExchangeConfiguration and ExchangeEnvironmentList Kusto Function aliases."
             }
-              }
+}
             ]
           },
           {
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Package/mainTemplate.json b/Solutions/Microsoft Exchange Security - Exchange Online/Package/mainTemplate.json
index 688c45edfce..9865240561e 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Package/mainTemplate.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Package/mainTemplate.json	
@@ -46,75 +46,65 @@
     }
   },
   "variables": {
-    "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-esionline",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "Microsoft Exchange Security - Exchange Online",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-esionline",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "ESI-ExchangeOnlineCollector",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "ESI-ExchangeOnlineCollector",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.1.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "ExchangeConfiguration-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "parserName1": "ExchangeConfiguration",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]",
-    "parserVersion2": "1.0.0",
-    "parserContentId2": "ExchangeEnvironmentList-Parser",
-    "_parserContentId2": "[variables('parserContentId2')]",
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "ExchangeConfiguration-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
     "parserName2": "ExchangeEnvironmentList",
     "_parserName2": "[concat(parameters('workspace'),'/',variables('parserName2'))]",
     "parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName2'))]",
     "_parserId2": "[variables('parserId2')]",
-    "parserTemplateSpecName2": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId2')))]",
+    "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId2'))))]",
+    "parserVersion2": "1.0.0",
+    "parserContentId2": "ExchangeEnvironmentList-Parser",
+    "_parserContentId2": "[variables('parserContentId2')]",
+    "_parsercontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId2'),'-', variables('parserVersion2'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "MicrosoftExchangeLeastPrivilegewithRBAC-Online",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "workbookVersion2": "1.0.0",
     "workbookContentId2": "MicrosoftExchangeSecurityReview-Online",
     "workbookId2": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId2'))]",
-    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2')))]",
-    "_workbookContentId2": "[variables('workbookContentId2')]"
+    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
+    "_workbookContentId2": "[variables('workbookContentId2')]",
+    "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange Online data connector with template",
-        "displayName": "Microsoft Exchange Security - Exchange Online template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Security - Exchange Online data connector with template version 2.0.0",
+        "description": "Microsoft Exchange Security - Exchange Online data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -149,14 +139,14 @@
                   "dataTypes": [
                     {
                       "name": "ESIExchangeOnlineConfig_CL",
-                      "lastDataReceivedQuery": "ESIExchangeOnlineConfig_CL\n            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n            | where isnotempty(Time)"
+                      "lastDataReceivedQuery": "ESIExchangeOnlineConfig_CL            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s            | where isnotempty(Time)"
                     }
                   ],
                   "connectivityCriterias": [
                     {
                       "type": "IsConnectedQuery",
                       "value": [
-                        "ESIExchangeOnlineConfig_CL\n            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n |take 1\n  | project IsConnected = true"
+                        "ESIExchangeOnlineConfig_CL            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s |take 1  | project IsConnected = true"
                       ]
                     }
                   ],
@@ -200,7 +190,7 @@
                   },
                   "instructionSteps": [
                     {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ESI_ExchConfigAvailableEnvironments**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser) \n\n**STEP 1 - Parsers deployment**",
+                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser) \n\n**STEP 1 - Parsers deployment**",
                       "instructions": [
                         {
                           "parameters": {
@@ -208,7 +198,7 @@
                             "instructionSteps": [
                               {
                                 "title": "1. Download the Parser files",
-                                "description": "The latest version of the 2 files [**ExchangeConfiguration.txt**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList.txt**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser)"
+                                "description": "The latest version of the 2 files [**ExchangeConfiguration.yaml**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList.yaml**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser)"
                               },
                               {
                                 "title": "2. Create Parser **ExchangeConfiguration** function",
@@ -219,8 +209,8 @@
                                 "description": "Click on save button.\n Define the parameters as asked on the header of the parser file.\nClick save again."
                               },
                               {
-                                "title": "4. Reproduce the same steps for Parser **ESI_ExchConfigAvailableEnvironments**",
-                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.txt' file"
+                                "title": "4. Reproduce the same steps for Parser **ExchangeEnvironmentList**",
+                                "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.yaml' file"
                               }
                             ]
                           },
@@ -340,9 +330,9 @@
                       "name": "ESI - Exchange Online Security Configuration Analyzer"
                     },
                     "support": {
-                        "name": "Community",
-                        "tier": "Community",
-                        "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                      "name": "Community",
+                      "tier": "Community",
+                      "link": "https://github.com/Azure/Azure-Sentinel/issues"
                     },
                     "author": {
                       "name": "Microsoft"
@@ -353,7 +343,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -370,19 +360,30 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Exchange Security Insights Online Collector (using Azure Functions)",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -403,9 +404,9 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
@@ -430,14 +431,14 @@
           "dataTypes": [
             {
               "name": "ESIExchangeOnlineConfig_CL",
-              "lastDataReceivedQuery": "ESIExchangeOnlineConfig_CL\n            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n            | where isnotempty(Time)"
+              "lastDataReceivedQuery": "ESIExchangeOnlineConfig_CL            | summarize Time = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s            | where isnotempty(Time)"
             }
           ],
           "connectivityCriterias": [
             {
               "type": "IsConnectedQuery",
               "value": [
-                "ESIExchangeOnlineConfig_CL\n            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s\n |take 1\n  | project IsConnected = true"
+                "ESIExchangeOnlineConfig_CL            | summarize LastLogReceived = max(EntryDate_s) by GenerationInstanceID_g, ESIEnvironment_s |take 1  | project IsConnected = true"
               ]
             }
           ],
@@ -487,7 +488,7 @@
           },
           "instructionSteps": [
             {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ESI_ExchConfigAvailableEnvironments**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser) \n\n**STEP 1 - Parsers deployment**",
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps for each Parser to create the Kusto Functions alias : [**ExchangeConfiguration**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser) \n\n**STEP 1 - Parsers deployment**",
               "instructions": [
                 {
                   "parameters": {
@@ -495,7 +496,7 @@
                     "instructionSteps": [
                       {
                         "title": "1. Download the Parser files",
-                        "description": "The latest version of the 2 files [**ExchangeConfiguration.txt**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList.txt**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser)"
+                        "description": "The latest version of the 2 files [**ExchangeConfiguration.yaml**](https://aka.ms/sentinel-ESI-ExchangeConfiguration-Online-parser) and [**ExchangeEnvironmentList.yaml**](https://aka.ms/sentinel-ESI-ExchangeEnvironmentList-Online-parser)"
                       },
                       {
                         "title": "2. Create Parser **ExchangeConfiguration** function",
@@ -506,8 +507,8 @@
                         "description": "Click on save button.\n Define the parameters as asked on the header of the parser file.\nClick save again."
                       },
                       {
-                        "title": "4. Reproduce the same steps for Parser **ESI_ExchConfigAvailableEnvironments**",
-                        "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.txt' file"
+                        "title": "4. Reproduce the same steps for Parser **ExchangeEnvironmentList**",
+                        "description": "Reproduce the step 2 and 3 with the content of 'ExchangeEnvironmentList.yaml' file"
                       }
                     ]
                   },
@@ -623,33 +624,15 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "ExchangeConfiguration Data Parser with template",
-        "displayName": "ExchangeConfiguration Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ExchangeConfiguration Data Parser with template version 2.0.0",
+        "description": "ExchangeConfiguration Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -658,21 +641,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "ExchangeConfiguration",
-                "category": "Samples",
+                "displayName": "Parser for ExchangeConfiguration",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ExchangeConfiguration",
+                "query": "let _SpecificSectionList = split(SpecificSectionList,',');\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\n// Building Base Request\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \n    | where TimeGenerated > _targetDate\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \n    | where ScopedEnvironment in (_configurationEnv)\n    | extend EntryDate = todatetime(EntryDate_s)\n    | project-away EntryDate_s);\n// Find Config Id (can be multiple id in all)\nlet findConfigDate = baseRequest\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\n    | top-nested of Env by Ignore0=max(1), \n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \n    | project GenerationInstanceID_g;\n// Parse Result\nlet ParseExchangeConfig = () { baseRequest \n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\n | extend TimeGenerated = EntryDate\n | extend Identity = IdentityString_s\n | extend CmdletResultValue = parse_json(rawData_s)\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\n | project-away TenantId,SourceSystem,Type,EntryDate\n};\nParseExchangeConfig\n",
                 "functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
-                "query": "\nlet _SpecificSectionList = split(SpecificSectionList,',');\r\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\r\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\r\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\r\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \r\n    | where TimeGenerated > _targetDate\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target\r\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \r\n    | where ScopedEnvironment in (_configurationEnv)\r\n    | extend EntryDate = todatetime(EntryDate_s)\r\n    | project-away EntryDate_s);\r\nlet findConfigDate = baseRequest\r\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\r\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\r\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\r\n    | top-nested of Env by Ignore0=max(1), \r\n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \r\n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \r\n    | project GenerationInstanceID_g;\r\nlet ParseExchangeConfig = () { baseRequest \r\n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\r\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\r\n | extend TimeGenerated = EntryDate\r\n | extend Identity = IdentityString_s\r\n | extend CmdletResultValue = parse_json(rawData_s)\r\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\r\n | project-away TenantId,SourceSystem,Type,EntryDate\r\n};\r\nParseExchangeConfig",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "ExchangeConfiguration"
+                    "value": ""
                   }
                 ]
               }
@@ -699,14 +682,25 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "Parser for ExchangeConfiguration",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
@@ -716,12 +710,18 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "ExchangeConfiguration",
-        "category": "Samples",
+        "displayName": "Parser for ExchangeConfiguration",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "ExchangeConfiguration",
+        "query": "let _SpecificSectionList = split(SpecificSectionList,',');\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\n// Building Base Request\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \n    | where TimeGenerated > _targetDate\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \n    | where ScopedEnvironment in (_configurationEnv)\n    | extend EntryDate = todatetime(EntryDate_s)\n    | project-away EntryDate_s);\n// Find Config Id (can be multiple id in all)\nlet findConfigDate = baseRequest\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\n    | top-nested of Env by Ignore0=max(1), \n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \n    | project GenerationInstanceID_g;\n// Parse Result\nlet ParseExchangeConfig = () { baseRequest \n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\n | extend TimeGenerated = EntryDate\n | extend Identity = IdentityString_s\n | extend CmdletResultValue = parse_json(rawData_s)\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\n | project-away TenantId,SourceSystem,Type,EntryDate\n};\nParseExchangeConfig\n",
         "functionParameters": "SpecificSectionList:string = \"\", SpecificConfigurationDate:string = \"lastdate\", Target:string = \"On-Premises\", SpecificConfigurationEnv:string = \"All\"",
-        "query": "\nlet _SpecificSectionList = split(SpecificSectionList,',');\r\nlet _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),\"lastdate\",tostring(SpecificConfigurationDate));\r\nlet _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == \"all\",\"All\",tostring(SpecificConfigurationEnv)),',');\r\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet _targetDate = iff(_configurationDate == \"lastdate\", ago(7d), iif(_configurationDate == \"alllife\",ago(1080d),todatetime(_configurationDate)));\r\nlet baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* \r\n    | where TimeGenerated > _targetDate\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target\r\n    | extend ScopedEnvironment = iff(_configurationEnv contains \"All\", \"All\",ESIEnvironment_s) \r\n    | where ScopedEnvironment in (_configurationEnv)\r\n    | extend EntryDate = todatetime(EntryDate_s)\r\n    | project-away EntryDate_s);\r\nlet findConfigDate = baseRequest\r\n    | extend Env =strcat(Source, \"_\",ESIEnvironment_s)\r\n    | summarize count() by GenerationInstanceID_g,Env,EntryDate\r\n    | extend distance = iff(_configurationDate == \"lastdate\" or _configurationDate == \"alllife\", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))\r\n    | top-nested of Env by Ignore0=max(1), \r\n        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, \r\n        top-nested of GenerationInstanceID_g by Ignore2=max(2) \r\n    | project GenerationInstanceID_g;\r\nlet ParseExchangeConfig = () { baseRequest \r\n | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g\r\n | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)\r\n | extend TimeGenerated = EntryDate\r\n | extend Identity = IdentityString_s\r\n | extend CmdletResultValue = parse_json(rawData_s)\r\n | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s\r\n | project-away TenantId,SourceSystem,Type,EntryDate\r\n};\r\nParseExchangeConfig",
-        "version": 1
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -747,40 +747,22 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('parserTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "ExchangeEnvironmentList Data Parser with template",
-        "displayName": "ExchangeEnvironmentList Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName2'),'/',variables('parserVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ExchangeEnvironmentList Data Parser with template version 2.0.0",
+        "description": "ExchangeEnvironmentList Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion2')]",
@@ -789,21 +771,21 @@
           "resources": [
             {
               "name": "[variables('_parserName2')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "ExchangeEnvironmentList",
-                "category": "Samples",
+                "displayName": "Parser for ExchangeEnvironmentList",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ExchangeEnvironmentList",
+                "query": "let _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target;\n// Base Request\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s\n",
                 "functionParameters": "Target:string = \"On-Premises\"",
-                "query": "\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target;\r\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "ExchangeEnvironmentList"
+                    "value": ""
                   }
                 ]
               }
@@ -830,14 +812,25 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId2')]",
+        "contentKind": "Parser",
+        "displayName": "Parser for ExchangeEnvironmentList",
+        "contentProductId": "[variables('_parsercontentProductId2')]",
+        "id": "[variables('_parsercontentProductId2')]",
+        "version": "[variables('parserVersion2')]"
       }
     },
     {
@@ -847,12 +840,18 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "ExchangeEnvironmentList",
-        "category": "Samples",
+        "displayName": "Parser for ExchangeEnvironmentList",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "ExchangeEnvironmentList",
+        "query": "let _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\n    | where _target == 'All' or Source == _target;\n// Base Request\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s\n",
         "functionParameters": "Target:string = \"On-Premises\"",
-        "query": "\nlet _target = iff(isnull(Target) or isempty(Target),\"On-Premises\",Target);\r\nlet ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*\r\n    | extend Source = iff (TableName contains \"Online\", \"Online\", \"On-Premises\")\r\n    | where _target == 'All' or Source == _target;\r\nScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s",
-        "version": 1
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -878,40 +877,22 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange Online Workbook with template",
-        "displayName": "Microsoft Exchange Security - Exchange Online workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Least Privilege with RBAC - OnlineWorkbook with template version 2.0.0",
+        "description": "Microsoft Exchange Least Privilege with RBAC - Online Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -929,7 +910,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"e59f0f7f-fd05-4ec8-9f59-e4d9c3b589f2\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Current RBAC Delegation\",\"subTarget\":\"RBACDelegation\",\"preText\":\"RBAC Delegation\",\"postText\":\"\",\"style\":\"link\"},{\"id\":\"26056188-7abf-4913-a927-806099e616eb\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Custom Roles\",\"subTarget\":\"CustomRole\",\"style\":\"link\"},{\"id\":\"5eeebe10-be67-4f8a-9d91-4bc6c70c3e16\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Help\",\"subTarget\":\"start\",\"style\":\"link\"}]},\"name\":\"links - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9ae328d6-99c8-4c44-8d59-42ca4d999098\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ESI_ExchConfigAvailableEnvironments(Target=\\\"Online\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeOnlineConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeOnlineConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| where TimeGenerated > ago(90d)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize by Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,Collection1), Label = iif(Selected,\\\"Last Known date\\\",Collection1), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The current delegation are compared to an export of default delegation available on Exchange Online.\\r\\n\\r\\nTo find which is used for the comparaison please follow this link.\\r\\nThe export is located on the public GitHub of the project.\\r\\n\\r\\ncheck this link : <a href=\\\"https://aka.ms/esiwatchlist\\\" target=\\\"_blank\\\\\\\">https://aka.ms/esiwatchlist</a>\\r\\n\\r\\nIt will be updated by the team project.\",\"style\":\"info\"},\"name\":\"text - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation on User Accounts\",\"items\":[{\"type\":1,\"content\":{\"json\":\" Custom Delegation on User Accounts\"},\"name\":\"text - 2 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"d9d4e0a2-b75d-4825-9f4e-7606516500e1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"User\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"cf5959fa-a833-4bb2-90bd-d4c90dca5506\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role=tostring (CmdletResultValue.Role)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"User\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| project Name, Role, RoleAssigneeName,Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope\\r\\n| sort by RoleAssigneeName asc\\r\\n\",\"size\":3,\"showAnalytics\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"31.5ch\"}},{\"columnMatch\":\"Total\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"9.3ch\"}},{\"columnMatch\":\"Count\",\"formatter\":21,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"330px\"}},{\"columnMatch\":\"Anomalies\",\"formatter\":10,\"formatOptions\":{\"palette\":\"redBright\",\"customColumnWidthSetting\":\"330px\"}}],\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegation on User Accounts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done directly to a user account.\\r\\n\\r\\nDetailed information for the user accounts will be displayed.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegation for Exchange 2019 CU11.\\r\\n\\r\\nThese types of delegations are not available on the Exchange Admin Center.\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done directly to service account. Being able to see this delegation will help to sanityze the environment as some delegations may be no more necessary\\r\\n\\r\\n  - Delegation done by mistake directly to Administrator Accounts\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\n\\r\\nDetailed information for the user accounts will be displayed in below sections\\r\\n\"},\"name\":\"text - 0\"}]},\"name\":\"group - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation on Groups\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Custom Delegation on Groups\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"c548eb09-54e3-41bf-a99d-be3534f7018b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"RoleGroup\\\"  and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"f5511a2b-9bf6-48ae-a968-2d1f879c8bfa\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role=tostring (CmdletResultValue.Role)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nlet RoleG = ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n   | project RoleAssigneeName=tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"RoleGroup\\\"  and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| project CmdletResultValue\\r\\n| extend ManagementRoleAssignment = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n|lookup RoleG on RoleAssigneeName \\r\\n| project-away CmdletResultValue\\r\\n| sort by RoleAssigneeName asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegation on Groups\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done for standard and non standard groups. Indeed, default groups have a list of default delegations but an Exchange administrators can add also new roles to the default groups.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegation for Exchange 2019 CU11.\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done for Organization Management to role like Mailbox Import Export or Mailbox Search\\r\\n\\r\\n  - Delegation done by mistake\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\nDetailed information for the user accounts present in the groups will be displayed in below sections\\r\\n\"},\"name\":\"text - 0\"}]},\"name\":\"group - 4\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Custom Delegation\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee User account\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Detailed Information on User account Role Assignee\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"27e4c2e9-d113-4bf9-808f-0f8f68b5152e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"User\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"DirectRoleAssignments\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.SamAccountName contains \\\"{RoleAssignee}\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Account = tostring(CmdletResultValue.SamAccountName)\\r\\n| extend LastLogon = CmdletResultValue.LastLogonString\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by Account asc\",\"size\":3,\"showAnalytics\":true,\"color\":\"green\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee User account\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays detailed information for user account found with non standard delegation :\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\"},\"name\":\"text - 0\"}]},\"name\":\"group - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Detailed information for Group delegation\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"75c3cdf3-d0c3-46c3-83ae-429979774234\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"RoleGroup\\\"  and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Parentgroup contains \\\"{RoleAssignee}\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| project CmdletResultValue\\r\\n| extend Level_ = tostring(CmdletResultValue.Level)\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend LastLogon = CmdletResultValue.LastLogonString\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by Parentgroup asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays detailed information for user account present in the found groups with non standard delegation :\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\"},\"name\":\"text - 0\"}]},\"name\":\"group - 3\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Information for Role Assignee\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"### How to user this tab\\r\\n**1 - Select an account** : All the Cmdlet launched by the account during the selected time frame will be displayer.\\r\\n\\r\\n**2 - Select a cmdlet** : All the roles that contain will be displayed\\r\\n\\r\\n**3 - Review the list of roles** : This table contains all the roles that contain the selected Cmdlet\\r\\n\\r\\n\",\"style\":\"info\"},\"name\":\"text - 1\"},{\"type\":1,\"content\":{\"json\":\"### How to undertand the \\\"List of Roles with this CmdLet\\\" table ? \\r\\n\\r\\n**WeightRole :** Display the wieight of this role based on its importance in terms of security risk\\r\\n\\r\\n**SumRole :** Among all the Cmdlet launched by the account during the defined time frame, this role available for x cmdlet. This role include x cmdlet run by the user.\\r\\n\\r\\n**OrgMgmtRole :** This role is really in the scope of Organization Management group. If the selected Cmdlet is not included is any other role, it make sense that this user is member of the Organization Management group\\r\\n\\r\\n \",\"style\":\"upsell\"},\"name\":\"text - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let CounUserCmdlet = (ExchangeAdminAuditLogs\\r\\n| where Status == \\\"Success\\\"\\r\\n| extend Caller = tostring(split(Caller,\\\"/\\\")[countof(Caller,\\\"/\\\")])\\r\\n| summarize Count=count() by Caller);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| search CmdletResultValue.Parentgroup == \\\"Organization Management\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| where CmdletResultValue.ObjectClass == \\\"user\\\"\\r\\n//| project CmdletResultValue,Count\\r\\n| extend Account = tostring(CmdletResultValue.SamAccountName)\\r\\n| join kind=leftouter (CounUserCmdlet) on $left.Account == $right.Caller\\r\\n| project Account,Count\\r\\n//| project-away  CmdletResultValue\\r\\n| sort by Account asc\",\"size\":3,\"title\":\"Organization Management Members\",\"exportFieldName\":\"Account\",\"exportParameterName\":\"Account\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"formatters\":[{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"palette\":\"purple\"}}]}},\"customWidth\":\"20\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"100%\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeAdminAuditLogs\\r\\n| where Caller contains \\\"{Account}\\\"\\r\\n| where Status == \\\"Success\\\"\\r\\n| distinct CmdletName\\r\\n| sort by CmdletName asc\",\"size\":3,\"title\":\"List of CmdLet run by the account\",\"exportFieldName\":\"CmdletName\",\"exportParameterName\":\"CmdletName\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"CmdletName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"CmdletName\",\"sortOrder\":1}]},\"customWidth\":\"33\",\"name\":\"query - 3\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let RBACRoleCmdlet = _GetWatchlist('RBACRoleCmdlet');\\r\\nlet UserRoleList = ExchangeAdminAuditLogs | where Caller contains \\\"{Account}\\\" | where Status == \\\"Success\\\" | distinct CmdletName;\\r\\nlet countRole = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize SumRole = count()by Role);\\r\\nlet RolevsCmdlet = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize make_set(Name) by Role);\\r\\nRolevsCmdlet\\r\\n| join kind=leftouter  ( countRole ) on Role\\r\\n| project Role,CmdletList=set_Name,SumRole\\r\\n| join kind=leftouter  ( RBACRoleCmdlet ) on Role\\r\\n| where Name has \\\"{CmdletName}\\\"\\r\\n| extend PossibleRoles = Role\\r\\n| extend OrgMgmtRole = OrgM\\r\\n| extend RoleWeight = Priority\\r\\n|distinct PossibleRoles,RoleWeight,tostring(SumRole),OrgMgmtRole,tostring(CmdletList)\\r\\n|sort by SumRole,RoleWeight\\r\\n\",\"size\":3,\"title\":\"List of Roles with this CmdLet\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"PossibleRoles\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"PossibleRoles\",\"sortOrder\":1}]},\"customWidth\":\"40\",\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"0\",\"maxWidth\":\"100%\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let RBACRoleCmdlet = _GetWatchlist('RBACRoleCmdlet');\\r\\nlet UserRoleList = ExchangeAdminAuditLogs | where TimeGenerated {TimeRange} | where Caller contains \\\"{Account}\\\" | where Status == \\\"Success\\\" | distinct CmdletName;\\r\\nlet countRole = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize SumRole = count()by Role);\\r\\nlet RolevsCmdlet = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize make_set(Name) by Role);\\r\\nRolevsCmdlet\\r\\n| join kind=leftouter  ( countRole ) on Role\\r\\n| project Role,CmdletList=set_Name,SumRole\\r\\n| join kind=leftouter  ( RBACRoleCmdlet ) on Role\\r\\n| extend Roles = Role\\r\\n| extend OrgMgmtRole = OrgM\\r\\n| extend RoleWeight = Priority\\r\\n| extend CmdletList=tostring(CmdletList)\\r\\n| summarize by Roles,CmdletList,RoleWeight,tostring(SumRole),OrgMgmtRole\\r\\n| distinct Roles,RoleWeight,tostring(SumRole),OrgMgmtRole,tostring(CmdletList)\\r\\n|sort by Roles asc\",\"size\":0,\"title\":\"Recommended Roles for selected users\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Roles\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Roles\",\"sortOrder\":1}]},\"name\":\"query - 3\"}]},\"name\":\"group - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Leastprivileges\"},\"name\":\"group - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Role details\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"List of Custom Roles\",\"items\":[{\"type\":1,\"content\":{\"json\":\"List of existing custom Roles\"},\"customWidth\":\"50\",\"name\":\"text - 3\"},{\"type\":1,\"content\":{\"json\":\"List of Custom with a Management Role Assignement (associated with a group or a user). Display the target account and scope if set\"},\"customWidth\":\"50\",\"name\":\"text - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| extend ParentRole =split(tostring(CmdletResultValue.Parent),\\\"\\\\\\\\\\\")[1]\\r\\n| project Identity, ParentRole, WhenCreated, WhenChanged\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| project Role, Scope, RoleAssigneeName\\r\\n| join kind=inner (MRcustomRoles) on Role\\r\\n| project Role,RoleAssigneeName,Scope\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='ITSY', Target = \\\"Online\\\")\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| project Role= tostring(CmdletResultValue.Role), Scope, RoleAssigneeName\\r\\n| join kind=rightouter (MRcustomRoles) on Role\\r\\n| project Role = Role1, Scope, RoleAssigneeName,Comment = iff(Role == \\\"\\\", \\\"⚠️ No existing delegation for this role\\\", \\\"✅ This role is delegated with a Management Role Assignment\\\")\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Role)\\r\\n| join  kind=rightouter     (MRcustomRoles) on Role\\r\\n| summarize acount = count() by iff( Role==\\\"\\\",\\\"Number of non assigned roles\\\", Role)\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 5\"}]},\"name\":\"List of Custom Roles\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Roles delegation on group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows delegation associated with the Custom Roles\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| project RoleAssigneeName, Role, Status,CustomRecipientWriteScope, CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,WhenCreated, WhenChanged\\r\\n| join kind=inner (MRcustomRoles) on Role\\r\\n| project  RoleAssigneeName, Role, Status,CustomRecipientWriteScope, CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,WhenCreated, WhenChanged\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\"}]},\"name\":\"group - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Details for Custom Roles Cmdlets \",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays for the chosen custom management roles all Cmdlets and their parameters associated with this custom role.\\r\\nRemember that for a cmdlet, some parameters can be removed.\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"07c8ac83-371d-4702-ab66-72aeb2a20053\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CustomRole\",\"type\":2,\"isRequired\":true,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| project Identity\",\"typeSettings\":{\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend CustomRoleName = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = CmdletResultValue.Name\\r\\n| extend Parameters = CmdletResultValue.Parameters\\r\\n| project CmdletName,Parameters\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Details for Custom Roles Cmdlets \"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"CustomRole\"},\"name\":\"Custom Role\"}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeLeastPrivilegewithRBAC-Online\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"e59f0f7f-fd05-4ec8-9f59-e4d9c3b589f2\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Current RBAC Delegation\",\"subTarget\":\"RBACDelegation\",\"preText\":\"RBAC Delegation\",\"postText\":\"\",\"style\":\"link\"},{\"id\":\"26056188-7abf-4913-a927-806099e616eb\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Custom Roles\",\"subTarget\":\"CustomRole\",\"style\":\"link\"},{\"id\":\"5eeebe10-be67-4f8a-9d91-4bc6c70c3e16\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Help\",\"subTarget\":\"start\",\"style\":\"link\"}]},\"name\":\"links - 3\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9ae328d6-99c8-4c44-8d59-42ca4d999098\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ExchangeEnvironmentList(Target=\\\"Online\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeOnlineConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeOnlineConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| where TimeGenerated > ago(90d)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize by Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,Collection1), Label = iif(Selected,\\\"Last Known date\\\",Collection1), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation\",\"items\":[{\"type\":1,\"content\":{\"json\":\"The current delegation are compared to an export of default delegation available on Exchange Online.\\r\\n\\r\\nTo find which is used for the comparaison please follow this link.\\r\\nThe export is located on the public GitHub of the project.\\r\\n\\r\\ncheck this link : <a href=\\\"https://aka.ms/esiwatchlist\\\" target=\\\"_blank\\\\\\\">https://aka.ms/esiwatchlist</a>\\r\\n\\r\\nIt will be updated by the team project.\",\"style\":\"info\"},\"name\":\"text - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation on User Accounts\",\"items\":[{\"type\":1,\"content\":{\"json\":\" Custom Delegation on User Accounts\"},\"name\":\"text - 2 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"d9d4e0a2-b75d-4825-9f4e-7606516500e1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"User\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"cf5959fa-a833-4bb2-90bd-d4c90dca5506\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role=tostring (CmdletResultValue.Role)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"User\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| project Name, Role, RoleAssigneeName,Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope\\r\\n| sort by RoleAssigneeName asc\\r\\n\",\"size\":3,\"showAnalytics\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"31.5ch\"}},{\"columnMatch\":\"Total\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"9.3ch\"}},{\"columnMatch\":\"Count\",\"formatter\":21,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"330px\"}},{\"columnMatch\":\"Anomalies\",\"formatter\":10,\"formatOptions\":{\"palette\":\"redBright\",\"customColumnWidthSetting\":\"330px\"}}],\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegation on User Accounts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done directly to a user account.\\r\\n\\r\\nDetailed information for the user accounts will be displayed.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegation for Exchange 2019 CU11.\\r\\n\\r\\nThese types of delegations are not available on the Exchange Admin Center.\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done directly to service account. Being able to see this delegation will help to sanityze the environment as some delegations may be no more necessary\\r\\n\\r\\n  - Delegation done by mistake directly to Administrator Accounts\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\n\\r\\nDetailed information for the user accounts will be displayed in below sections\\r\\n\"},\"name\":\"text - 0\"}]},\"name\":\"group - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Delegation on Groups\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Custom Delegation on Groups\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"c548eb09-54e3-41bf-a99d-be3534f7018b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"RoleGroup\\\"  and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"f5511a2b-9bf6-48ae-a968-2d1f879c8bfa\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Role\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role=tostring (CmdletResultValue.Role)\\r\\n| distinct Role\\r\\n| sort by Role asc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nlet RoleG = ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n   | project RoleAssigneeName=tostring(CmdletResultValue.Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where  CmdletResultValue.RoleAssigneeName endswith  \\\"{RoleAssignee}\\\" \\r\\n| where  CmdletResultValue.Role contains \\\"{Role}\\\"\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"RoleGroup\\\"  and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| project CmdletResultValue\\r\\n| extend ManagementRoleAssignment = tostring(CmdletResultValue.Name)\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n|lookup RoleG on RoleAssigneeName \\r\\n| project-away CmdletResultValue\\r\\n| sort by RoleAssigneeName asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"RoleAssigneeName\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Custom Delegation on Groups\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays all the nonstandard delegations done for standard and non standard groups. Indeed, default groups have a list of default delegations but an Exchange administrators can add also new roles to the default groups.\\r\\n\\r\\nThis status is done by comparing current delegation with the default delegation for Exchange 2019 CU11.\\r\\n\\r\\nUsual results :\\r\\n\\r\\n  - Delegations done for Organization Management to role like Mailbox Import Export or Mailbox Search\\r\\n\\r\\n  - Delegation done by mistake\\r\\n\\r\\n  - Suspicious delegations\\r\\n\\r\\nDetailed information for the user accounts present in the groups will be displayed in below sections\\r\\n\"},\"name\":\"text - 0\"}]},\"name\":\"group - 4\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Custom Delegation\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee User account\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Detailed Information on User account Role Assignee\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"27e4c2e9-d113-4bf9-808f-0f8f68b5152e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"User\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"DirectRoleAssignments\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.SamAccountName contains \\\"{RoleAssignee}\\\"\\r\\n| project CmdletResultValue\\r\\n| extend Account = tostring(CmdletResultValue.SamAccountName)\\r\\n| extend LastLogon = CmdletResultValue.LastLogonString\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by Account asc\",\"size\":3,\"showAnalytics\":true,\"color\":\"green\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee User account\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays detailed information for user account found with non standard delegation :\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\"},\"name\":\"text - 0\"}]},\"name\":\"group - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Information for Role Assignee group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Detailed information for Group delegation\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"75c3cdf3-d0c3-46c3-83ae-429979774234\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"RoleAssignee\",\"type\":2,\"isRequired\":true,\"query\":\"let DefMRA = externaldata (Name:string)[h\\\"https://raw.githubusercontent.com/nlepagnez/ESI-PublicContent/main/Operations/Watchlists/standardMRAOnline.csv\\\"]with(format=\\\"csv\\\",ignoreFirstRecord=true)| summarize make_list(Name);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !in (DefMRA) and CmdletResultValue.RoleAssigneeType == \\\"RoleGroup\\\"  and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\"\\r\\n| project CmdletResultValue\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| distinct RoleAssigneeName\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Parentgroup contains \\\"{RoleAssignee}\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| project CmdletResultValue\\r\\n| extend Level_ = tostring(CmdletResultValue.Level)\\r\\n| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n| extend LastLogon = CmdletResultValue.LastLogonString\\r\\n| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend DN = tostring(CmdletResultValue.DN)\\r\\n| project-away  CmdletResultValue\\r\\n| sort by Parentgroup asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Information for Role Assignee group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Explanations\",\"expandable\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays detailed information for user account present in the found groups with non standard delegation :\\r\\n  - Last logon\\r\\n  - Last Password changed\\r\\n  - Account enabled\"},\"name\":\"text - 0\"}]},\"name\":\"group - 3\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"RBACDelegation\"},\"name\":\"Information for Role Assignee\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"### How to user this tab\\r\\n**1 - Select an account** : All the Cmdlet launched by the account during the selected time frame will be displayer.\\r\\n\\r\\n**2 - Select a cmdlet** : All the roles that contain will be displayed\\r\\n\\r\\n**3 - Review the list of roles** : This table contains all the roles that contain the selected Cmdlet\\r\\n\\r\\n\",\"style\":\"info\"},\"name\":\"text - 1\"},{\"type\":1,\"content\":{\"json\":\"### How to undertand the \\\"List of Roles with this CmdLet\\\" table ? \\r\\n\\r\\n**WeightRole :** Display the wieight of this role based on its importance in terms of security risk\\r\\n\\r\\n**SumRole :** Among all the Cmdlet launched by the account during the defined time frame, this role available for x cmdlet. This role include x cmdlet run by the user.\\r\\n\\r\\n**OrgMgmtRole :** This role is really in the scope of Organization Management group. If the selected Cmdlet is not included is any other role, it make sense that this user is member of the Organization Management group\\r\\n\\r\\n \",\"style\":\"upsell\"},\"name\":\"text - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let CounUserCmdlet = (ExchangeAdminAuditLogs\\r\\n| where Status == \\\"Success\\\"\\r\\n| extend Caller = tostring(split(Caller,\\\"/\\\")[countof(Caller,\\\"/\\\")])\\r\\n| summarize Count=count() by Caller);\\r\\nExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| search CmdletResultValue.Parentgroup == \\\"Organization Management\\\"\\r\\n| where CmdletResultValue.Level != 0\\r\\n| where CmdletResultValue.ObjectClass == \\\"user\\\"\\r\\n//| project CmdletResultValue,Count\\r\\n| extend Account = tostring(CmdletResultValue.SamAccountName)\\r\\n| join kind=leftouter (CounUserCmdlet) on $left.Account == $right.Caller\\r\\n| project Account,Count\\r\\n//| project-away  CmdletResultValue\\r\\n| sort by Account asc\",\"size\":3,\"title\":\"Organization Management Members\",\"exportFieldName\":\"Account\",\"exportParameterName\":\"Account\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"formatters\":[{\"columnMatch\":\"Count\",\"formatter\":3,\"formatOptions\":{\"palette\":\"purple\"}}]}},\"customWidth\":\"20\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"100%\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeAdminAuditLogs\\r\\n| where Caller contains \\\"{Account}\\\"\\r\\n| where Status == \\\"Success\\\"\\r\\n| distinct CmdletName\\r\\n| sort by CmdletName asc\",\"size\":3,\"title\":\"List of CmdLet run by the account\",\"exportFieldName\":\"CmdletName\",\"exportParameterName\":\"CmdletName\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"CmdletName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"CmdletName\",\"sortOrder\":1}]},\"customWidth\":\"33\",\"name\":\"query - 3\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let RBACRoleCmdlet = _GetWatchlist('RBACRoleCmdlet');\\r\\nlet UserRoleList = ExchangeAdminAuditLogs | where Caller contains \\\"{Account}\\\" | where Status == \\\"Success\\\" | distinct CmdletName;\\r\\nlet countRole = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize SumRole = count()by Role);\\r\\nlet RolevsCmdlet = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize make_set(Name) by Role);\\r\\nRolevsCmdlet\\r\\n| join kind=leftouter  ( countRole ) on Role\\r\\n| project Role,CmdletList=set_Name,SumRole\\r\\n| join kind=leftouter  ( RBACRoleCmdlet ) on Role\\r\\n| where Name has \\\"{CmdletName}\\\"\\r\\n| extend PossibleRoles = Role\\r\\n| extend OrgMgmtRole = OrgM\\r\\n| extend RoleWeight = Priority\\r\\n|distinct PossibleRoles,RoleWeight,tostring(SumRole),OrgMgmtRole,tostring(CmdletList)\\r\\n|sort by SumRole,RoleWeight\\r\\n\",\"size\":3,\"title\":\"List of Roles with this CmdLet\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"PossibleRoles\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"PossibleRoles\",\"sortOrder\":1}]},\"customWidth\":\"40\",\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"0\",\"maxWidth\":\"100%\",\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let RBACRoleCmdlet = _GetWatchlist('RBACRoleCmdlet');\\r\\nlet UserRoleList = ExchangeAdminAuditLogs | where TimeGenerated {TimeRange} | where Caller contains \\\"{Account}\\\" | where Status == \\\"Success\\\" | distinct CmdletName;\\r\\nlet countRole = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize SumRole = count()by Role);\\r\\nlet RolevsCmdlet = (RBACRoleCmdlet | where Name has_any (UserRoleList)| summarize make_set(Name) by Role);\\r\\nRolevsCmdlet\\r\\n| join kind=leftouter  ( countRole ) on Role\\r\\n| project Role,CmdletList=set_Name,SumRole\\r\\n| join kind=leftouter  ( RBACRoleCmdlet ) on Role\\r\\n| extend Roles = Role\\r\\n| extend OrgMgmtRole = OrgM\\r\\n| extend RoleWeight = Priority\\r\\n| extend CmdletList=tostring(CmdletList)\\r\\n| summarize by Roles,CmdletList,RoleWeight,tostring(SumRole),OrgMgmtRole\\r\\n| distinct Roles,RoleWeight,tostring(SumRole),OrgMgmtRole,tostring(CmdletList)\\r\\n|sort by Roles asc\",\"size\":0,\"title\":\"Recommended Roles for selected users\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"Roles\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"Roles\",\"sortOrder\":1}]},\"name\":\"query - 3\"}]},\"name\":\"group - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Leastprivileges\"},\"name\":\"group - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Role details\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"List of Custom Roles\",\"items\":[{\"type\":1,\"content\":{\"json\":\"List of existing custom Roles\"},\"customWidth\":\"50\",\"name\":\"text - 3\"},{\"type\":1,\"content\":{\"json\":\"List of Custom with a Management Role Assignement (associated with a group or a user). Display the target account and scope if set\"},\"customWidth\":\"50\",\"name\":\"text - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| extend ParentRole =split(tostring(CmdletResultValue.Parent),\\\"\\\\\\\\\\\")[1]\\r\\n| project Identity, ParentRole, WhenCreated, WhenChanged\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| project Role, Scope, RoleAssigneeName\\r\\n| join kind=inner (MRcustomRoles) on Role\\r\\n| project Role,RoleAssigneeName,Scope\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"lastdate\\\", SpecificConfigurationEnv='ITSY', Target = \\\"Online\\\")\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Scope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| project Role= tostring(CmdletResultValue.Role), Scope, RoleAssigneeName\\r\\n| join kind=rightouter (MRcustomRoles) on Role\\r\\n| project Role = Role1, Scope, RoleAssigneeName,Comment = iff(Role == \\\"\\\", \\\"⚠️ No existing delegation for this role\\\", \\\"✅ This role is delegated with a Management Role Assignment\\\")\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Role)\\r\\n| join  kind=rightouter     (MRcustomRoles) on Role\\r\\n| summarize acount = count() by iff( Role==\\\"\\\",\\\"Number of non assigned roles\\\", Role)\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 5\"}]},\"name\":\"List of Custom Roles\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Custom Roles delegation on group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows delegation associated with the Custom Roles\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MRcustomRoles = (ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project Role = tostring(CmdletResultValue.Name));\\r\\nExchangeConfiguration(SpecificSectionList=\\\"MRA\\\", SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Role = tostring(CmdletResultValue.Role)\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| project RoleAssigneeName, Role, Status,CustomRecipientWriteScope, CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,WhenCreated, WhenChanged\\r\\n| join kind=inner (MRcustomRoles) on Role\\r\\n| project  RoleAssigneeName, Role, Status,CustomRecipientWriteScope, CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,WhenCreated, WhenChanged\",\"size\":0,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\"}]},\"name\":\"group - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Details for Custom Roles Cmdlets \",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section displays for the chosen custom management roles all Cmdlets and their parameters associated with this custom role.\\r\\nRemember that for a cmdlet, some parameters can be removed.\"},\"name\":\"text - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"07c8ac83-371d-4702-ab66-72aeb2a20053\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CustomRole\",\"type\":2,\"isRequired\":true,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustom\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| extend Identity = CmdletResultValue.Name\\r\\n| project Identity\",\"typeSettings\":{\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRCustomDetails\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where (replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")) contains \\\"{CustomRole}\\\"\\r\\n| extend CustomRoleName = replace_string(replace_string(tostring(split(CmdletResultValue.Role.DistinguishedName,\\\",\\\",0)),\\\"[\\\\\\\"CN=\\\",\\\"\\\"),\\\"\\\\\\\"]\\\",\\\"\\\")\\r\\n| extend CmdletName = CmdletResultValue.Name\\r\\n| extend Parameters = CmdletResultValue.Parameters\\r\\n| project CmdletName,Parameters\",\"size\":1,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Details for Custom Roles Cmdlets \"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"CustomRole\"},\"name\":\"Custom Role\"}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeLeastPrivilegewithRBAC-Online\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -955,9 +936,9 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
@@ -983,37 +964,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft Exchange Security - Exchange Online Workbook with template",
-        "displayName": "Microsoft Exchange Security - Exchange Online workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName2'),'/',variables('workbookVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Exchange Security Review - OnlineWorkbook with template version 2.0.0",
+        "description": "Microsoft Exchange Security Review - Online Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -1031,7 +1005,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Microsoft Exchange Security Review Online\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9ae328d6-99c8-4c44-8d59-42ca4d999098\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ESI_ExchConfigAvailableEnvironments(Target=\\\"Online\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"ITSY\"]},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeOnlineConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeOnlineConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| where TimeGenerated > ago(90d)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize by Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,Collection1), Label = iif(Selected,\\\"Last Known date\\\",Collection1), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":1,\"content\":{\"json\":\"This workbook helps review your Exchange Security configuration.\\r\\nAdjust the time range, and when needed select an item in the dropdownlist\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"34188faf-7a02-4697-9b36-2afa986afc0f\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Mailbox Access\",\"subTarget\":\"Delegation\",\"postText\":\"t\",\"style\":\"link\",\"icon\":\"3\",\"linkIsContextBlade\":true},{\"id\":\"be02c735-6150-4b6e-a386-b2b023e754e5\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"EXO & Azure AD Groups\",\"subTarget\":\"ExchAD\",\"style\":\"link\"},{\"id\":\"26c68d90-925b-4c3c-a837-e3cecd489b2d\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Transport Configuration\",\"subTarget\":\"Transport\",\"style\":\"link\"},{\"id\":\"eb2888ca-7fa6-4e82-88db-1bb3663a801e\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Help\",\"subTarget\":\"Start\",\"style\":\"link\"}]},\"name\":\"TopMenuTabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Workbook goals\\r\\n\\r\\nThe goal of this workbook is to outline key security configurations of your Exchange on-premises environment.\\r\\n\\r\\nMost of Exchange organizations have were installed years ago (sometimes more than 10 years). Many configurations have been done and might not have been documented. For most environments, the core commitment was maintaining a high availability of the users’ mailboxes putting aside other consideration (even security considerations). Recommended security practices have also evolved since the first released and a regular review is necessary.\\r\\n\\r\\nThis workbook is designed to show your Exchange organization is configured with a security point of view. Indeed, some configurations easy to display as there are no UI available.\\r\\n\\r\\nFor each configuration, you will find explanations and recommendations when applicable.\\r\\n\\r\\n- This workbook does not pretend to show you every weak Security configurations, but the most common issues and known to be used by attackers. \\r\\n- It will not show you if you have been comprised, but will help you identify unexpected configuration.\\r\\n\\r\\n----\\r\\n\\r\\n## Quick reminder of how Exchange works\\r\\n\\r\\nDuring Exchange installation two very important groups are created :\\r\\n- Exchange Trusted Subsystem : Contain all the computer accounts for Exchange Server\\r\\n- Exchange Windows Permissions : Contain the group Exchange trusted Subsystem\\r\\n\\r\\nThese groups have :\\r\\n- Very high privileges in ALL AD domains including the root domain\\r\\n- Right on any Exchange including mailboxes\\r\\n\\r\\nAs each Exchange server computer account is member of Exchange Trusted Subsystem, it means by taking control of the computer account or being System on an Exchange server you will gain access to all the permissions granted to Exchange Trusted Subsystem and Exchange Windows Permissions.\\r\\n\\r\\nTo protect AD and Exchange, it is very important to ensure the following:\\r\\n- There is a very limited number of persons that are local Administrator on Exchange server\\r\\n- To protect user right like : Act part of the operating System, Debug\\r\\n\\r\\nEvery service account or application that have high privileges on Exchange need to be considered as sensitive\\r\\n\\r\\n** 💡 Exchange servers need to be considered as very sensitive servers**\\r\\n\\r\\n-----\\r\\n\\r\\n\\r\\n## Tabs\\r\\n\\r\\n### Mailbox Access\\r\\n\\r\\nThis tab will show you several top sensitive delegations that allow an account to access, modify, act as another user, search, export the content of a mailbox.\\r\\n\\r\\n### Exchange & AD Groups\\r\\n\\r\\nThis tab will show you the members of Exchange groups and Sensitive AD groups.\\r\\n\\r\\n### Local Administrators\\r\\n\\r\\nThis tab will show you the non standard content of the local Administrators group. Remember that a member of the local Administrators group can take control of the computer account of the server and then it will have all the permissions associated with Exchange Trusted Subsytem and Exchange Windows Permissions\\r\\n\\r\\nThe information is displayed with different views : \\r\\n- List of nonstandard users\\r\\n- Number of servers with a nonstandard a user\\r\\n- Nonstandard groups content\\r\\n- For each user important information are displayed like last logon, last password set, enabled\\r\\n\\r\\n### Exchange Security configuration\\r\\n\\r\\nThis tab will show you some important configuration for your Exchange Organization\\r\\n- Status of Admin Audit Log configuration\\r\\n- Status of POP and IMAP configuration : especially, is Plaintext Authentication configured ?\\r\\n- Nonstandard permissions on the Exchange container in the Configuration Partition\\r\\n\\r\\n### Transport Configuration\\r\\n\\r\\nThis tab will show you the configuration of the main Transport components\\r\\n- Receive Connectors configured with Anonymous and/or Open Relay\\r\\n- Remote Domain Autoforward configuration\\r\\n- Transport Rules configured with BlindCopyTo, SendTo, RedirectTo\\r\\n- Journal Rule and Journal Recipient configurations\\r\\n- Accepted Domains with *\\r\\n\\r\\n\"},\"name\":\"WorkbookInfo\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Start\"},\"name\":\"InformationTab\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Display important security configurations that allow to mailboxes content (direct delegation on mailboxes are not listed (Full Access mailboxes or direct delegation on mailboxes  folders)\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !contains \\\"Deleg\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and  CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\" and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\"\\r\\n| where CmdletResultValue.Role contains \\\"Export\\\" or CmdletResultValue.Role contains \\\"Impersonation\\\" or CmdletResultValue.Role contains \\\"Search\\\"\\r\\n| summarize dcount(tostring(CmdletResultValue.RoleAssigneeName)) by role=tostring(CmdletResultValue.Role)\",\"size\":3,\"title\":\"Number of accounts with sensitive RBAC roles\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"role\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_RoleAssigneeName\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"role\",\"sortOrderField\":1}},\"name\":\"MRAQuery\"},{\"type\":1,\"content\":{\"json\":\"**ApplicationImpersonation** is an RBAC role that allows access (read and modify) to the content of all mailboxes using EWS. This role is very powerfull and should be carefully delegated. When a delegation is necessary, RBAC scopes should be configured to limit the list of impacted mailboxes.\\r\\n\\r\\nIt is common to see service accounts for backup solution, antivirus software, MDM...\\r\\n\\r\\nNote that the default configuration to the group Hygiene Management is excluded. this group is a sensitive group. Remember to monitor the content of this group\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SensitiveRBACHelp\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Application Impersonation Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows the delegated account to access and modify the content of every mailboxes using EWS.\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Role contains \\\"Impersonation\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = iff(CmdletResultValue.RoleAssigneeType== \\\"User\\\" , \\\"User\\\", \\\"RoleGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",RoleAssigneeName), strcat(\\\"👪 \\\", RoleAssigneeName) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,ManagementRoleAssignement,WhenChanged,WhenCreated\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Application Impersonation Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Import Export Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to export the content all  mailboxes in a scope in PST file.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Import Export**  is an RBAC role that allows an account to export the content of any maibox in a PST. It also allows search in all mailboxes.\\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nBy default, this role is not delegated to any user or group. The members of the group Organization Management by default do not have this role but are able to delegate it.\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n- create an empty group with this delegation\\r\\n- monitor the group content and  alert when the group modified\\r\\n- add administrators in this group only for a short period of time\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SearchRBACHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Role contains \\\"export\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = iff(CmdletResultValue.RoleAssigneeType== \\\"User\\\" , \\\"User\\\", \\\"RoleGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",RoleAssigneeName), strcat(\\\"👪 \\\", RoleAssigneeName) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,ManagementRoleAssignement,WhenChanged,WhenCreated\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Import Export Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Search Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to search inside all or in a scope of mailboxes and export the result in PST.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\nExchange Online-ApplicationAccount\\r\\nDiscovery Management has been excluded\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Search** is an RBAC role that allows an account to search in any mailbox and export the results to a PST.\\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nBy default, this role is only delegated to the group Discovery Management. The members of the group Organization Management do not have this role but are able to delegate it.\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n\\r\\n- add the administrators in the Discovery Management group\\r\\n- monitor the group content and alert when the group modified\\r\\n- add administrators in this group only for a short period of time\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SearchRBACHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Role contains \\\"search\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| where CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\"\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = iff(CmdletResultValue.RoleAssigneeType== \\\"User\\\" , \\\"User\\\", \\\"Group\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",RoleAssigneeName), strcat(\\\"👪 \\\", RoleAssigneeName) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,ManagementRoleAssignement,WhenChanged,WhenCreated\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Search Role\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Delegation\"},\"name\":\"Importantsecurityconfiguration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange and AD GRoup\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"ℹ️ Recommendations\\r\\n\\r\\n- Ensure that no service account are a member of the high privilege groups. Use RBAC to delegate the exact required permissions.\\r\\n- Limit the usage of nested group for administration.\\r\\n- Ensure that accounts are given only the required pernissions to execute their tasks.\\r\\n- Use just in time administration principle by adding users in a group only when they need the permissions, then remove them when their operation is over.\\r\\n- Limit the number of Organization management members. When you review the Admin Audit logs you might see that the administrators rarely needed Organization Management privileges.\\r\\n- Monitor the content of the following groups:\\r\\n  - TenantAdmins_-xxx (Membership in this role group is synchronized across services and managed centrally)\\r\\n  - Organization Management\\r\\n  - ExchangeServiceAdmins_-xxx (Membership in this role group is synchronized across services and managed centrally)\\r\\n  - Recipient Management (Member of this group have at least the following rights : set-mailbox, Add-MailboxPermission)\\r\\n  - Discovery Management\\r\\n  - Hygiene Management\\r\\n  - Security Administrator (Membership in this role group is synchronized across services and managed centrally)\\r\\n  - xxx High privilege group (not an exhaustive list)\\r\\n  - Compliance Management\\r\\n  - All RBAC groups that have high roles delegation\\r\\n  - All nested groups in high privileges groups\\r\\n  - Note that this is not a complete list. The content of all the groups that have high privileges should be monitored.\\r\\n- Each time a new RBAC group is created, decide if the content of this groups should be monitored\\r\\n- Periodically review the members of the groups\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"To groups  - Number of  direct members per group with RecipientType User\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroupMember\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n//| where CmdletResultValue.RecipientType !contains \\\"group\\\"\\r\\n| extend Members= tostring(CmdletResultValue.Identity)\\r\\n| summarize dcount(tostring(Members)) by RoleGroup = tostring(CmdletResultValue.RoleGroup)\\r\\n| where RoleGroup has_any (\\\"TenantAdmins\\\",\\\"Organization Management\\\", \\\"Discovery Management\\\", \\\"Compliance  Management\\\", \\\"Server Management\\\", \\\"ExchangeServiceAdmins\\\",\\\"Security Administrator\\\", \\\"SecurityAdmins\\\", \\\"Recipient Manangement\\\", \\\"Records Manangement\\\",\\\"Impersonation\\\",\\\"Export\\\")\\r\\n| sort by dcount_Members\\r\\n\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"RoleGroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_Members\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true,\"sortCriteriaField\":\"dcount_Members\",\"sortOrderField\":2,\"size\":\"auto\"}},\"name\":\"query - 0\"}]},\"name\":\"ExchangeGroupsList\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Number of  direct members per group with RecipientType User\",\"expandable\":true,\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroupMember\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.RecipientType !contains \\\"group\\\"\\r\\n| extend Members= tostring(CmdletResultValue.Identity)\\r\\n| summarize dcount(tostring(Members)) by RoleGroup = tostring(CmdletResultValue.RoleGroup)\\r\\n| sort by dcount_Members\\r\\n\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"RoleGroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_Members\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true,\"sortCriteriaField\":\"dcount_Members\",\"sortOrderField\":2,\"size\":\"auto\"}},\"name\":\"query - 0\"}]},\"name\":\"ExchangeGroupsList - Copy\"},{\"type\":1,\"content\":{\"json\":\"Exchange groups content (Extract for the OU \\\"Microsoft Exchange Security Groups\\\").\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b4b7a6ad-381a-48d6-9938-bf7cb812b474\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Trusted Subsystem\\\"\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Windows Permissions\\\"\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Name)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\nExchangeConfiguration(SpecificSectionList=\\\"RoleGroupMember\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| search CmdletResultValue.RoleGroup == \\\"{Group}\\\"\\r\\n//| where CmdletResultValue.Level != 0\\r\\n| project CmdletResultValue\\r\\n| extend Members = tostring(CmdletResultValue.Identity)\\r\\n//| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n//| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n//| extend Level = tostring(CmdletResultValue.Level)\\r\\n//| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n//| extend LastLogon = CmdletResultValue.LastLogonString\\r\\n//| extend LastLogon = iif ( todatetime (CmdletResultValue.LastLogonString) < ago(-366d), CmdletResultValue.LastLogonString,strcat(\\\"💥\\\",CmdletResultValue.LastLogonString))\\r\\n//| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n//| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend Members = case( CmdletResultValue.RecipientType == \\\"Group\\\", strcat( \\\"👪 \\\", Members), strcat( \\\"🧑‍🦰 \\\", Members) )\\r\\n| extend RecipientType = tostring(CmdletResultValue.RecipientType)\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletResultValue\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true}},\"name\":\"ExchangeServersGroupsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Exchange group\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"ExchAD\"},\"name\":\"Exchange and AD GRoup\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Security configuration\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Inbound Connector configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows the configuration of the Inbound connnectors\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"InBoundC\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend State = tostring(CmdletResultValue.Enabled)\\r\\n| extend ConnectorType = tostring(CmdletResultValue.ConnectorType)\\r\\n| extend ConnectorSource = tostring(CmdletResultValue.ConnectorSource)\\r\\n| extend SenderIPAddresses = tostring(CmdletResultValue.SenderIPAddresses)\\r\\n| extend SenderDomains = tostring(CmdletResultValue.SenderDomains)\\r\\n| extend TrustedOrganizations = tostring(CmdletResultValue.TrustedOrganizations)\\r\\n| extend AssociatedAcceptedDomainsRequireTls = tostring(CmdletResultValue.AssociatedAcceptedDomainsRequireTls)\\r\\n| extend RestrictDomainsToIPAddresses = tostring(CmdletResultValue.RestrictDomainsToIPAddresses)\\r\\n| extend RestrictDomainsToCertificate = tostring(CmdletResultValue.RestrictDomainsToCertificate)\\r\\n| extend CloudServicesMailEnabled = tostring(CmdletResultValue.CloudServicesMailEnabled)\\r\\n| extend TreatMessagesAsInternal = tostring(CmdletResultValue.TreatMessagesAsInternal)\\r\\n| extend TlsSenderCertificateName = tostring(CmdletResultValue.TlsSenderCertificateName)\\r\\n| extend ScanAndDropRecipients = tostring(CmdletResultValue.ScanAndDropRecipients)\\r\\n| extend Comment = tostring(CmdletResultValue.Comment)\\r\\n| extend WhenChanged = tostring(CmdletResultValue.WhenChanged)\\r\\n| extend WhenCreated = tostring(CmdletResultValue.WhenCreated)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Name asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Inbound Connector configuration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Outbound Connector configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows the configuration of the Outbound connnectors\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"OutBoundC\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend State = tostring(CmdletResultValue.Enabled)\\r\\n| extend UseMXRecord = tostring(CmdletResultValue.UseMXRecord)\\r\\n| extend ConnectorType = tostring(CmdletResultValue.ConnectorType)\\r\\n| extend ConnectorSource = tostring(CmdletResultValue.ConnectorSource)\\r\\n| extend RecipientDomains = tostring(CmdletResultValue.RecipientDomains)\\r\\n| extend SmartHosts = tostring(CmdletResultValue.SmartHosts)\\r\\n| extend TlsDomain = tostring(CmdletResultValue.TlsDomain)\\r\\n| extend TlsSettings = tostring(CmdletResultValue.TlsSettings)\\r\\n| extend IsTransportRuleScoped = tostring(CmdletResultValue.IsTransportRuleScoped)\\r\\n| extend RouteAllMessagesViaOnPremises = tostring(CmdletResultValue.RouteAllMessagesViaOnPremises)\\r\\n| extend CloudServicesMailEnabled = tostring(CmdletResultValue.CloudServicesMailEnabled)\\r\\n| extend AllAcceptedDomains = tostring(CmdletResultValue.AllAcceptedDomains)\\r\\n| extend SenderRewritingEnabled = tostring(CmdletResultValue.SenderRewritingEnabled)\\r\\n| extend TestMode = tostring(CmdletResultValue.TestMode)\\r\\n| extend LinkForModifiedConnector = tostring(CmdletResultValue.LinkForModifiedConnector)\\r\\n| extend ValidationRecipients = tostring(CmdletResultValue.ValidationRecipients)\\r\\n| extend IsValidated = tostring(CmdletResultValue.IsValidated)\\r\\n| extend LastValidationTimestamp = tostring(CmdletResultValue.LastValidationTimestamp)\\r\\n| extend Comment = tostring(CmdletResultValue.Comment)\\r\\n| extend WhenChanged = tostring(CmdletResultValue.WhenChanged)\\r\\n| extend WhenCreated = tostring(CmdletResultValue.WhenCreated)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Name asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Outbound Connector configuration - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Rules with specific actions to monitor\",\"items\":[{\"type\":1,\"content\":{\"json\":\"A  common way used by attackers to exfiltrate data is to set Transport Rules that send all or sensitive messages outside the organization or to a mailbox where they already have full control.\\r\\n\\r\\nThis section shows your Transport rules with sentitive actions that can lead to data leaks:\\r\\n- BlindCopyTo\\r\\n- SentTo\\r\\n- CopyTo\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"TransportRule\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Identity = iif( CmdletResultValue.Identity contains \\\"OrgHierarchyToIgnore\\\",tostring(CmdletResultValue.Identity.Name),tostring(CmdletResultValue.Identity))\\r\\n| extend State = tostring(CmdletResultValue.State)\\r\\n| extend SentTo = tostring(CmdletResultValue.SentToString)\\r\\n| extend BlindCopyTo = tostring(CmdletResultValue.BlindCopyToString)\\r\\n| extend CopyTo = tostring(CmdletResultValue.CopyToString)\\r\\n| extend RedirectMessageTo = tostring(CmdletResultValue.RedirectMessageToString)\\r\\n| extend Mode = tostring(CmdletResultValue.Identity.Mode)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Identity asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Transport Rules actions to monitor\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Remote Domain Autofoward Configuration - * should not allow AutoForwardEnabled\",\"items\":[{\"type\":1,\"content\":{\"json\":\"If **AutoForwardEnabled** is set to True for an SMTP domain, then users in Outlook are allowed to set automatic transfer of all their emails to addresses in this domain.\\r\\n\\r\\nWhen the Default Remote domain is set to * and has the AutoForwardEnabled set True, any user can configure an Outlook rule to automatically forward all emails to any SMTP domain domains outside the organization. This is a high risk configuration as it might allow accounts to leak information. \\r\\n\\r\\nAlso, when setting AutoForwardEnabled to a specific domain, it is strongly recommended enable TLS encryption.\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"AutoForwardHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RemoteDomain\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name =  tostring(CmdletResultValue.Name)\\r\\n| extend Address =  tostring(CmdletResultValue.DomainName)\\r\\n| extend AutoForwardEnabled =  iff (CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.DomainName == \\\"*\\\", strcat (\\\"❌ \\\",tostring(CmdletResultValue.AutoForwardEnabled)),iff(CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.DomainName != \\\"*\\\", strcat (\\\"⚠️ \\\",tostring(CmdletResultValue.AutoForwardEnabled)),strcat (\\\"✅ \\\",tostring(CmdletResultValue.AutoForwardEnabled))))\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Address asc \",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ForwardGroup\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Transport\"},\"name\":\"Transport Security configuration\"}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeSecurityReview-Online\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Microsoft Exchange Security Review Online\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9ae328d6-99c8-4c44-8d59-42ca4d999098\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EnvironmentList\",\"label\":\"Environment\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"ExchangeEnvironmentList(Target=\\\"Online\\\") | where ESIEnvironment != \\\"\\\"\",\"typeSettings\":{\"limitSelectTo\":1,\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"ITSY\"]},{\"id\":\"a88b4e41-eb2f-41bf-92d8-27c83650a4b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DateOfConfiguration\",\"label\":\"Collection time\",\"type\":2,\"isRequired\":true,\"query\":\"let _configurationEnv = split(iff(isnull({EnvironmentList}) or isempty({EnvironmentList}) or tolower({EnvironmentList}) == \\\"all\\\",\\\"All\\\",tostring({EnvironmentList})),',');\\r\\nESIExchangeOnlineConfig_CL\\r\\n| extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize Collection = max(Collection)\\r\\n| project Collection = \\\"lastdate\\\", Selected = true\\r\\n| join kind= fullouter  ( ESIExchangeOnlineConfig_CL | extend ScopedEnvironment = iff(_configurationEnv contains \\\"All\\\", \\\"All\\\",ESIEnvironment_s) \\r\\n| where ScopedEnvironment in (_configurationEnv)\\r\\n| where TimeGenerated > ago(90d)\\r\\n| extend Collection = format_datetime(todatetime(EntryDate_s), 'yyyy-MM-dd')\\r\\n| summarize by Collection\\r\\n) on Collection\\r\\n| project Value = iif(Selected,Collection,Collection1), Label = iif(Selected,\\\"Last Known date\\\",Collection1), Selected\\r\\n| sort by Selected, Value desc\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8ac96eb3-918b-4a36-bcc4-df50d8f46175\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"isRequired\":true,\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n { \\\\\\\"value\\\\\\\": \\\\\\\"Yes\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"Yes\\\\\\\"},\\\\r\\\\n {\\\\\\\"value\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"label\\\\\\\": \\\\\\\"No\\\\\\\", \\\\\\\"selected\\\\\\\":true }\\\\r\\\\n]\\\\r\\\\n\\\"}\",\"timeContext\":{\"durationMs\":2592000000},\"queryType\":8}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"TimeRange\"},{\"type\":1,\"content\":{\"json\":\"This workbook helps review your Exchange Security configuration.\\r\\nAdjust the time range, and when needed select an item in the dropdownlist\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"34188faf-7a02-4697-9b36-2afa986afc0f\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Mailbox Access\",\"subTarget\":\"Delegation\",\"postText\":\"t\",\"style\":\"link\",\"icon\":\"3\",\"linkIsContextBlade\":true},{\"id\":\"be02c735-6150-4b6e-a386-b2b023e754e5\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"EXO & Azure AD Groups\",\"subTarget\":\"ExchAD\",\"style\":\"link\"},{\"id\":\"26c68d90-925b-4c3c-a837-e3cecd489b2d\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Transport Configuration\",\"subTarget\":\"Transport\",\"style\":\"link\"},{\"id\":\"eb2888ca-7fa6-4e82-88db-1bb3663a801e\",\"cellValue\":\"selected\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workbook Help\",\"subTarget\":\"Start\",\"style\":\"link\"}]},\"name\":\"TopMenuTabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Workbook goals\\r\\n\\r\\nThe goal of this workbook is to outline key security configurations of your Exchange on-premises environment.\\r\\n\\r\\nMost of Exchange organizations have were installed years ago (sometimes more than 10 years). Many configurations have been done and might not have been documented. For most environments, the core commitment was maintaining a high availability of the users’ mailboxes putting aside other consideration (even security considerations). Recommended security practices have also evolved since the first released and a regular review is necessary.\\r\\n\\r\\nThis workbook is designed to show your Exchange organization is configured with a security point of view. Indeed, some configurations easy to display as there are no UI available.\\r\\n\\r\\nFor each configuration, you will find explanations and recommendations when applicable.\\r\\n\\r\\n- This workbook does not pretend to show you every weak Security configurations, but the most common issues and known to be used by attackers. \\r\\n- It will not show you if you have been comprised, but will help you identify unexpected configuration.\\r\\n\\r\\n----\\r\\n\\r\\n## Quick reminder of how Exchange works\\r\\n\\r\\nDuring Exchange installation two very important groups are created :\\r\\n- Exchange Trusted Subsystem : Contain all the computer accounts for Exchange Server\\r\\n- Exchange Windows Permissions : Contain the group Exchange trusted Subsystem\\r\\n\\r\\nThese groups have :\\r\\n- Very high privileges in ALL AD domains including the root domain\\r\\n- Right on any Exchange including mailboxes\\r\\n\\r\\nAs each Exchange server computer account is member of Exchange Trusted Subsystem, it means by taking control of the computer account or being System on an Exchange server you will gain access to all the permissions granted to Exchange Trusted Subsystem and Exchange Windows Permissions.\\r\\n\\r\\nTo protect AD and Exchange, it is very important to ensure the following:\\r\\n- There is a very limited number of persons that are local Administrator on Exchange server\\r\\n- To protect user right like : Act part of the operating System, Debug\\r\\n\\r\\nEvery service account or application that have high privileges on Exchange need to be considered as sensitive\\r\\n\\r\\n** 💡 Exchange servers need to be considered as very sensitive servers**\\r\\n\\r\\n-----\\r\\n\\r\\n\\r\\n## Tabs\\r\\n\\r\\n### Mailbox Access\\r\\n\\r\\nThis tab will show you several top sensitive delegations that allow an account to access, modify, act as another user, search, export the content of a mailbox.\\r\\n\\r\\n### Exchange & AD Groups\\r\\n\\r\\nThis tab will show you the members of Exchange groups and Sensitive AD groups.\\r\\n\\r\\n### Local Administrators\\r\\n\\r\\nThis tab will show you the non standard content of the local Administrators group. Remember that a member of the local Administrators group can take control of the computer account of the server and then it will have all the permissions associated with Exchange Trusted Subsytem and Exchange Windows Permissions\\r\\n\\r\\nThe information is displayed with different views : \\r\\n- List of nonstandard users\\r\\n- Number of servers with a nonstandard a user\\r\\n- Nonstandard groups content\\r\\n- For each user important information are displayed like last logon, last password set, enabled\\r\\n\\r\\n### Exchange Security configuration\\r\\n\\r\\nThis tab will show you some important configuration for your Exchange Organization\\r\\n- Status of Admin Audit Log configuration\\r\\n- Status of POP and IMAP configuration : especially, is Plaintext Authentication configured ?\\r\\n- Nonstandard permissions on the Exchange container in the Configuration Partition\\r\\n\\r\\n### Transport Configuration\\r\\n\\r\\nThis tab will show you the configuration of the main Transport components\\r\\n- Receive Connectors configured with Anonymous and/or Open Relay\\r\\n- Remote Domain Autoforward configuration\\r\\n- Transport Rules configured with BlindCopyTo, SendTo, RedirectTo\\r\\n- Journal Rule and Journal Recipient configurations\\r\\n- Accepted Domains with *\\r\\n\\r\\n\"},\"name\":\"WorkbookInfo\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Start\"},\"name\":\"InformationTab\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Display important security configurations that allow to mailboxes content (direct delegation on mailboxes are not listed (Full Access mailboxes or direct delegation on mailboxes  folders)\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Name !contains \\\"Deleg\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and  CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\" and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\"\\r\\n| where CmdletResultValue.Role contains \\\"Export\\\" or CmdletResultValue.Role contains \\\"Impersonation\\\" or CmdletResultValue.Role contains \\\"Search\\\"\\r\\n| summarize dcount(tostring(CmdletResultValue.RoleAssigneeName)) by role=tostring(CmdletResultValue.Role)\",\"size\":3,\"title\":\"Number of accounts with sensitive RBAC roles\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"role\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_CmdletResultValue_RoleAssigneeName\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortCriteriaField\":\"role\",\"sortOrderField\":1}},\"name\":\"MRAQuery\"},{\"type\":1,\"content\":{\"json\":\"**ApplicationImpersonation** is an RBAC role that allows access (read and modify) to the content of all mailboxes using EWS. This role is very powerfull and should be carefully delegated. When a delegation is necessary, RBAC scopes should be configured to limit the list of impacted mailboxes.\\r\\n\\r\\nIt is common to see service accounts for backup solution, antivirus software, MDM...\\r\\n\\r\\nNote that the default configuration to the group Hygiene Management is excluded. this group is a sensitive group. Remember to monitor the content of this group\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SensitiveRBACHelp\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Application Impersonation Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows the delegated account to access and modify the content of every mailboxes using EWS.\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Role contains \\\"Impersonation\\\" and CmdletResultValue.RoleAssigneeName != \\\"Hygiene Management\\\" and CmdletResultValue.RoleAssigneeName !contains \\\"RIM-MailboxAdmins\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = iff(CmdletResultValue.RoleAssigneeType== \\\"User\\\" , \\\"User\\\", \\\"RoleGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",RoleAssigneeName), strcat(\\\"👪 \\\", RoleAssigneeName) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,ManagementRoleAssignement,WhenChanged,WhenCreated\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Application Impersonation Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Import Export Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to export the content all  mailboxes in a scope in PST file.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Import Export**  is an RBAC role that allows an account to export the content of any maibox in a PST. It also allows search in all mailboxes.\\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nBy default, this role is not delegated to any user or group. The members of the group Organization Management by default do not have this role but are able to delegate it.\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n- create an empty group with this delegation\\r\\n- monitor the group content and  alert when the group modified\\r\\n- add administrators in this group only for a short period of time\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SearchRBACHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Role contains \\\"export\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = iff(CmdletResultValue.RoleAssigneeType== \\\"User\\\" , \\\"User\\\", \\\"RoleGroup\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",RoleAssigneeName), strcat(\\\"👪 \\\", RoleAssigneeName) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,ManagementRoleAssignement,WhenChanged,WhenCreated\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Import Export Role\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Mailbox Search Role\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This delegation allows to search inside all or in a scope of mailboxes and export the result in PST.\\r\\nExcluded from the result as default configuration :\\r\\nDelegating delegation to Organization Management\\r\\nExchange Online-ApplicationAccount\\r\\nDiscovery Management has been excluded\\r\\n\"},\"name\":\"text - 0\"},{\"type\":1,\"content\":{\"json\":\"**Mailbox Search** is an RBAC role that allows an account to search in any mailbox and export the results to a PST.\\r\\n\\r\\n⚡ This role is very powerfull.\\r\\n\\r\\nBy default, this role is only delegated to the group Discovery Management. The members of the group Organization Management do not have this role but are able to delegate it.\\r\\n\\r\\nℹ️ Recommendations\\r\\n\\r\\nIf you temporarily need this delegation, consider the following:\\r\\n\\r\\n- add the administrators in the Discovery Management group\\r\\n- monitor the group content and alert when the group modified\\r\\n- add administrators in this group only for a short period of time\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"SearchRBACHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"MRA\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| where CmdletResultValue.Role contains \\\"search\\\" and CmdletResultValue.Name !contains \\\"Deleg\\\"\\r\\n| where CmdletResultValue.RoleAssigneeName != \\\"Exchange Online-ApplicationAccount\\\" and CmdletResultValue.RoleAssigneeName != \\\"Discovery Management\\\"\\r\\n| extend RoleAssigneeName = tostring(CmdletResultValue.RoleAssigneeName)\\r\\n| extend RoleAssigneeType = iff(CmdletResultValue.RoleAssigneeType== \\\"User\\\" , \\\"User\\\", \\\"Group\\\")\\r\\n| extend CustomRecipientWriteScope = tostring(CmdletResultValue.CustomRecipientWriteScope)\\r\\n| extend CustomConfigWriteScope = tostring(CmdletResultValue.CustomConfigWriteScope)\\r\\n| extend CustomResourceScope = tostring(CmdletResultValue.CustomResourceScope)\\r\\n| extend RecipientWriteScope = CmdletResultValue.RecipientWriteScope\\r\\n| extend ConfigWriteScope = CmdletResultValue.ConfigWriteScope\\r\\n| extend ManagementRoleAssignement = tostring(CmdletResultValue.Name)\\r\\n| extend Status= tostring(CmdletResultValue.Enabled)\\r\\n| extend RoleAssigneeName = iff( RoleAssigneeType == \\\"User\\\", strcat(\\\"🧑‍🦰 \\\",RoleAssigneeName), strcat(\\\"👪 \\\", RoleAssigneeName) )\\r\\n| project RoleAssigneeName, RoleAssigneeType, Status,CustomRecipientWriteScope,CustomConfigWriteScope,CustomResourceScope,RecipientWriteScope,ConfigWriteScope,ManagementRoleAssignement,WhenChanged,WhenCreated\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"ConfigWriteScope\",\"sortOrder\":1}]},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Mailbox Search Role\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Delegation\"},\"name\":\"Importantsecurityconfiguration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange and AD GRoup\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Exchange group\",\"items\":[{\"type\":1,\"content\":{\"json\":\"ℹ️ Recommendations\\r\\n\\r\\n- Ensure that no service account are a member of the high privilege groups. Use RBAC to delegate the exact required permissions.\\r\\n- Limit the usage of nested group for administration.\\r\\n- Ensure that accounts are given only the required pernissions to execute their tasks.\\r\\n- Use just in time administration principle by adding users in a group only when they need the permissions, then remove them when their operation is over.\\r\\n- Limit the number of Organization management members. When you review the Admin Audit logs you might see that the administrators rarely needed Organization Management privileges.\\r\\n- Monitor the content of the following groups:\\r\\n  - TenantAdmins_-xxx (Membership in this role group is synchronized across services and managed centrally)\\r\\n  - Organization Management\\r\\n  - ExchangeServiceAdmins_-xxx (Membership in this role group is synchronized across services and managed centrally)\\r\\n  - Recipient Management (Member of this group have at least the following rights : set-mailbox, Add-MailboxPermission)\\r\\n  - Discovery Management\\r\\n  - Hygiene Management\\r\\n  - Security Administrator (Membership in this role group is synchronized across services and managed centrally)\\r\\n  - xxx High privilege group (not an exhaustive list)\\r\\n  - Compliance Management\\r\\n  - All RBAC groups that have high roles delegation\\r\\n  - All nested groups in high privileges groups\\r\\n  - Note that this is not a complete list. The content of all the groups that have high privileges should be monitored.\\r\\n- Each time a new RBAC group is created, decide if the content of this groups should be monitored\\r\\n- Periodically review the members of the groups\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"To groups  - Number of  direct members per group with RecipientType User\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroupMember\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n//| where CmdletResultValue.RecipientType !contains \\\"group\\\"\\r\\n| extend Members= tostring(CmdletResultValue.Identity)\\r\\n| summarize dcount(tostring(Members)) by RoleGroup = tostring(CmdletResultValue.RoleGroup)\\r\\n| where RoleGroup has_any (\\\"TenantAdmins\\\",\\\"Organization Management\\\", \\\"Discovery Management\\\", \\\"Compliance  Management\\\", \\\"Server Management\\\", \\\"ExchangeServiceAdmins\\\",\\\"Security Administrator\\\", \\\"SecurityAdmins\\\", \\\"Recipient Manangement\\\", \\\"Records Manangement\\\",\\\"Impersonation\\\",\\\"Export\\\")\\r\\n| sort by dcount_Members\\r\\n\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"RoleGroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_Members\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true,\"sortCriteriaField\":\"dcount_Members\",\"sortOrderField\":2,\"size\":\"auto\"}},\"name\":\"query - 0\"}]},\"name\":\"ExchangeGroupsList\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Number of  direct members per group with RecipientType User\",\"expandable\":true,\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroupMember\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| where CmdletResultValue.RecipientType !contains \\\"group\\\"\\r\\n| extend Members= tostring(CmdletResultValue.Identity)\\r\\n| summarize dcount(tostring(Members)) by RoleGroup = tostring(CmdletResultValue.RoleGroup)\\r\\n| sort by dcount_Members\\r\\n\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"RoleGroup\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_Members\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":true,\"sortCriteriaField\":\"dcount_Members\",\"sortOrderField\":2,\"size\":\"auto\"}},\"name\":\"query - 0\"}]},\"name\":\"ExchangeGroupsList - Copy\"},{\"type\":1,\"content\":{\"json\":\"Exchange groups content (Extract for the OU \\\"Microsoft Exchange Security Groups\\\").\\r\\nSelect a group to display detailed information of its contents.\\r\\nLevel attribute helps you understand the level of nested groups.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b4b7a6ad-381a-48d6-9938-bf7cb812b474\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Group\",\"type\":2,\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RoleGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Trusted Subsystem\\\"\\r\\n//| where CmdletResultValue.Parentgroup != \\\"Exchange Windows Permissions\\\"\\r\\n| project CmdletResultValue\\r\\n| extend GroupName = tostring(CmdletResultValue.Name)\\r\\n| distinct GroupName\\r\\n| sort by GroupName asc\\r\\n\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//ExchangeConfiguration(SpecificSectionList=\\\"ExGroup\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\nExchangeConfiguration(SpecificSectionList=\\\"RoleGroupMember\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| search CmdletResultValue.RoleGroup == \\\"{Group}\\\"\\r\\n//| where CmdletResultValue.Level != 0\\r\\n| project CmdletResultValue\\r\\n| extend Members = tostring(CmdletResultValue.Identity)\\r\\n//| extend Parentgroup = tostring(CmdletResultValue.Parentgroup)\\r\\n//| extend MemberPath = tostring(CmdletResultValue.MemberPath)\\r\\n//| extend Level = tostring(CmdletResultValue.Level)\\r\\n//| extend ObjectClass = tostring(CmdletResultValue.ObjectClass)\\r\\n//| extend LastLogon = CmdletResultValue.LastLogonString\\r\\n//| extend LastLogon = iif ( todatetime (CmdletResultValue.LastLogonString) < ago(-366d), CmdletResultValue.LastLogonString,strcat(\\\"💥\\\",CmdletResultValue.LastLogonString))\\r\\n//| extend LastPwdSet = CmdletResultValue.LastPwdSetString\\r\\n//| extend Enabled = tostring(CmdletResultValue.Enabled)\\r\\n| extend Members = case( CmdletResultValue.RecipientType == \\\"Group\\\", strcat( \\\"👪 \\\", Members), strcat( \\\"🧑‍🦰 \\\", Members) )\\r\\n| extend RecipientType = tostring(CmdletResultValue.RecipientType)\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"CmdletResultValue\",\"formatter\":5}],\"rowLimit\":10000,\"filter\":true}},\"name\":\"ExchangeServersGroupsGrid\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Exchange group\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"ExchAD\"},\"name\":\"Exchange and AD GRoup\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Security configuration\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Inbound Connector configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows the configuration of the Inbound connnectors\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"InBoundC\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend State = tostring(CmdletResultValue.Enabled)\\r\\n| extend ConnectorType = tostring(CmdletResultValue.ConnectorType)\\r\\n| extend ConnectorSource = tostring(CmdletResultValue.ConnectorSource)\\r\\n| extend SenderIPAddresses = tostring(CmdletResultValue.SenderIPAddresses)\\r\\n| extend SenderDomains = tostring(CmdletResultValue.SenderDomains)\\r\\n| extend TrustedOrganizations = tostring(CmdletResultValue.TrustedOrganizations)\\r\\n| extend AssociatedAcceptedDomainsRequireTls = tostring(CmdletResultValue.AssociatedAcceptedDomainsRequireTls)\\r\\n| extend RestrictDomainsToIPAddresses = tostring(CmdletResultValue.RestrictDomainsToIPAddresses)\\r\\n| extend RestrictDomainsToCertificate = tostring(CmdletResultValue.RestrictDomainsToCertificate)\\r\\n| extend CloudServicesMailEnabled = tostring(CmdletResultValue.CloudServicesMailEnabled)\\r\\n| extend TreatMessagesAsInternal = tostring(CmdletResultValue.TreatMessagesAsInternal)\\r\\n| extend TlsSenderCertificateName = tostring(CmdletResultValue.TlsSenderCertificateName)\\r\\n| extend ScanAndDropRecipients = tostring(CmdletResultValue.ScanAndDropRecipients)\\r\\n| extend Comment = tostring(CmdletResultValue.Comment)\\r\\n| extend WhenChanged = tostring(CmdletResultValue.WhenChanged)\\r\\n| extend WhenCreated = tostring(CmdletResultValue.WhenCreated)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Name asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Inbound Connector configuration\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Outbound Connector configuration\",\"items\":[{\"type\":1,\"content\":{\"json\":\"This section shows the configuration of the Outbound connnectors\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"OutBoundC\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name = tostring(CmdletResultValue.Name)\\r\\n| extend State = tostring(CmdletResultValue.Enabled)\\r\\n| extend UseMXRecord = tostring(CmdletResultValue.UseMXRecord)\\r\\n| extend ConnectorType = tostring(CmdletResultValue.ConnectorType)\\r\\n| extend ConnectorSource = tostring(CmdletResultValue.ConnectorSource)\\r\\n| extend RecipientDomains = tostring(CmdletResultValue.RecipientDomains)\\r\\n| extend SmartHosts = tostring(CmdletResultValue.SmartHosts)\\r\\n| extend TlsDomain = tostring(CmdletResultValue.TlsDomain)\\r\\n| extend TlsSettings = tostring(CmdletResultValue.TlsSettings)\\r\\n| extend IsTransportRuleScoped = tostring(CmdletResultValue.IsTransportRuleScoped)\\r\\n| extend RouteAllMessagesViaOnPremises = tostring(CmdletResultValue.RouteAllMessagesViaOnPremises)\\r\\n| extend CloudServicesMailEnabled = tostring(CmdletResultValue.CloudServicesMailEnabled)\\r\\n| extend AllAcceptedDomains = tostring(CmdletResultValue.AllAcceptedDomains)\\r\\n| extend SenderRewritingEnabled = tostring(CmdletResultValue.SenderRewritingEnabled)\\r\\n| extend TestMode = tostring(CmdletResultValue.TestMode)\\r\\n| extend LinkForModifiedConnector = tostring(CmdletResultValue.LinkForModifiedConnector)\\r\\n| extend ValidationRecipients = tostring(CmdletResultValue.ValidationRecipients)\\r\\n| extend IsValidated = tostring(CmdletResultValue.IsValidated)\\r\\n| extend LastValidationTimestamp = tostring(CmdletResultValue.LastValidationTimestamp)\\r\\n| extend Comment = tostring(CmdletResultValue.Comment)\\r\\n| extend WhenChanged = tostring(CmdletResultValue.WhenChanged)\\r\\n| extend WhenCreated = tostring(CmdletResultValue.WhenCreated)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Name asc\",\"size\":3,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Outbound Connector configuration - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Transport Rules with specific actions to monitor\",\"items\":[{\"type\":1,\"content\":{\"json\":\"A  common way used by attackers to exfiltrate data is to set Transport Rules that send all or sensitive messages outside the organization or to a mailbox where they already have full control.\\r\\n\\r\\nThis section shows your Transport rules with sentitive actions that can lead to data leaks:\\r\\n- BlindCopyTo\\r\\n- SentTo\\r\\n- CopyTo\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"TransportRulesHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"TransportRule\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Identity = iif( CmdletResultValue.Identity contains \\\"OrgHierarchyToIgnore\\\",tostring(CmdletResultValue.Identity.Name),tostring(CmdletResultValue.Identity))\\r\\n| extend State = tostring(CmdletResultValue.State)\\r\\n| extend SentTo = tostring(CmdletResultValue.SentToString)\\r\\n| extend BlindCopyTo = tostring(CmdletResultValue.BlindCopyToString)\\r\\n| extend CopyTo = tostring(CmdletResultValue.CopyToString)\\r\\n| extend RedirectMessageTo = tostring(CmdletResultValue.RedirectMessageToString)\\r\\n| extend Mode = tostring(CmdletResultValue.Identity.Mode)\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Identity asc\",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"Transport Rules actions to monitor\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Remote Domain Autofoward Configuration - * should not allow AutoForwardEnabled\",\"items\":[{\"type\":1,\"content\":{\"json\":\"If **AutoForwardEnabled** is set to True for an SMTP domain, then users in Outlook are allowed to set automatic transfer of all their emails to addresses in this domain.\\r\\n\\r\\nWhen the Default Remote domain is set to * and has the AutoForwardEnabled set True, any user can configure an Outlook rule to automatically forward all emails to any SMTP domain domains outside the organization. This is a high risk configuration as it might allow accounts to leak information. \\r\\n\\r\\nAlso, when setting AutoForwardEnabled to a specific domain, it is strongly recommended enable TLS encryption.\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"AutoForwardHelp\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ExchangeConfiguration(SpecificSectionList=\\\"RemoteDomain\\\",SpecificConfigurationDate=\\\"{DateOfConfiguration:value}\\\",SpecificConfigurationEnv={EnvironmentList},Target = \\\"Online\\\")\\r\\n| project CmdletResultValue\\r\\n| extend Name =  tostring(CmdletResultValue.Name)\\r\\n| extend Address =  tostring(CmdletResultValue.DomainName)\\r\\n| extend AutoForwardEnabled =  iff (CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.DomainName == \\\"*\\\", strcat (\\\"❌ \\\",tostring(CmdletResultValue.AutoForwardEnabled)),iff(CmdletResultValue.AutoForwardEnabled== \\\"true\\\" and CmdletResultValue.DomainName != \\\"*\\\", strcat (\\\"⚠️ \\\",tostring(CmdletResultValue.AutoForwardEnabled)),strcat (\\\"✅ \\\",tostring(CmdletResultValue.AutoForwardEnabled))))\\r\\n| project-away CmdletResultValue\\r\\n| sort  by Address asc \",\"size\":1,\"showAnalytics\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 1\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"ForwardGroup\"}]},\"conditionalVisibility\":{\"parameterName\":\"selected\",\"comparison\":\"isEqualTo\",\"value\":\"Transport\"},\"name\":\"Transport Security configuration\"}],\"fromTemplateId\":\"sentinel-MicrosoftExchangeSecurityReview-Online\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -1057,9 +1031,9 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                    "name": "Community",
-                    "tier": "Community",
-                    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
@@ -1085,17 +1059,35 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId2')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook2-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId2')]",
+        "id": "[variables('_workbookcontentProductId2')]",
+        "version": "[variables('workbookVersion2')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.0",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Microsoft Exchange Security - Exchange Online",
+        "publisherDisplayName": "Community",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The Exchange Security Audit and Configuration Insight solution analyze Exchange Online configuration and logs from a security lens to provide insights and alerts.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell\">Custom logs ingestion via Data Collector REST API</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Workbooks:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -1108,9 +1100,9 @@
           "email": "[variables('_email')]"
         },
         "support": {
-            "name": "Community",
-            "tier": "Community",
-            "link": "https://github.com/Azure/Azure-Sentinel/issues"
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "dependencies": {
           "operator": "AND",
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.txt b/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.txt
deleted file mode 100644
index 151ccaa2dee..00000000000
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.txt	
+++ /dev/null
@@ -1,72 +0,0 @@
-// Title:           ESI - Exchange Configuration Parser
-// Author:          Microsoft
-// Version:         1.6
-// Last Updated:    13/10/2022
-// Comment:  
-//      v1.6 : 
-//          - Change consumption of Identity_Name_S by IdentityString_s. Requires CollectExchSecIns Script version 7.5.1 minimum
-//      v1.5 : 
-//          - Change the usage of TimeGenerated instead of EntryDate for filtering BaseRequest.
-//          - Change alllife duration to 1080 days instead of 90 days.  
-//      v1.4 : 
-//          - Capacity to find all configuration without date limitation with the keyword "alllife" in SpecificConfigurationDate    
-//      v1.3 : 
-//          - Adding fuzzy mode to be able to have only On-Premises or Online tables
-//          - Simplify the request
-//  
-// DESCRIPTION:
-// This parser takes raw ESI Exchange Configuration Collector to pivot raw information and retrieve a specific date configuration. This is the same parser for Exchange On-Premises version and Exchange online version of the solution.
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name "ExchangeConfiguration".
-// Parameters : 4 parameters to add during creation. 
-//    1. SpecificSectionList, type string, default value ""
-//    2. SpecificConfigurationDate, type string, default value "lastdate"
-//    3. Target, type string, default value "On-Premises"
-//    4. SpecificConfigurationEnv, type string, default value "All"
-// 3. Function App usually take 10-15 minutes to activate. You can then use Function Alias for other queries
-//
-//
-// REFERENCE: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-//
-// LOG SAMPLES:
-// This parser assumes the raw log from the ESI Exchange Collector are on the ESIExchangeConfig_CL and/or ESIExchangeOnlineConfig_CL tables and are uploaded using the builtin REST API uploader of the Collector.
-//
-//
-// Parameters
-let _SpecificSectionList = split(SpecificSectionList,',');
-let _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),"lastdate",tostring(SpecificConfigurationDate));
-let _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == "all","All",tostring(SpecificConfigurationEnv)),',');
-let _target = iff(isnull(Target) or isempty(Target),"On-Premises",Target);
-// Building Base Request
-let _targetDate = iff(_configurationDate == "lastdate", ago(7d), iif(_configurationDate == "alllife",ago(1080d),todatetime(_configurationDate)));
-let baseRequest = materialize (union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange* 
-    | where TimeGenerated > _targetDate
-    | extend Source = iff (TableName contains "Online", "Online", "On-Premises")
-    | where _target == 'All' or Source == _target
-    | extend ScopedEnvironment = iff(_configurationEnv contains "All", "All",ESIEnvironment_s) 
-    | where ScopedEnvironment in (_configurationEnv)
-    | extend EntryDate = todatetime(EntryDate_s)
-    | project-away EntryDate_s);
-// Find Config Id (can be multiple id in all)
-let findConfigDate = baseRequest
-    | extend Env =strcat(Source, "_",ESIEnvironment_s)
-    | summarize count() by GenerationInstanceID_g,Env,EntryDate
-    | extend distance = iff(_configurationDate == "lastdate" or _configurationDate == "alllife", now() - EntryDate, (EntryDate - todatetime(_configurationDate)))
-    | top-nested of Env by Ignore0=max(1), 
-        top-nested 1 of distance by Ignore1 = min(distance) asc nulls last, 
-        top-nested of GenerationInstanceID_g by Ignore2=max(2) 
-    | project GenerationInstanceID_g;
-// Parse Result
-let ParseExchangeConfig = () { baseRequest 
- | join kind=leftsemi (findConfigDate) on $left.GenerationInstanceID_g == $right.GenerationInstanceID_g
- | where isempty(_SpecificSectionList[0]) or Section_s in (_SpecificSectionList)
- | extend TimeGenerated = EntryDate
- | extend Identity = IdentityString_s
- | extend CmdletResultValue = parse_json(rawData_s)
- | project-rename ConfigurationInstanceID = GenerationInstanceID_g, ESIEnvironment = ESIEnvironment_s, Section = Section_s, PSCmdlet = PSCmdL_s, CmdletResultType = ExecutionResult_s, WhenChanged = WhenChanged_t, WhenCreated = WhenCreated_t, Name = Name_s
- | project-away TenantId,SourceSystem,Type,EntryDate
-};
-ParseExchangeConfig
\ No newline at end of file
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml b/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml
index 00293a1474e..37d0526c648 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeConfiguration.yaml	
@@ -1,4 +1,4 @@
-id: f4a39262-f2a9-4799-9ac3-d9cf03942d74
+id: f2ae482d-999c-452e-b108-31880aa99620
 Function:
   Title: Parser for ExchangeConfiguration
   Version: '1.0.0'
@@ -6,7 +6,25 @@ Function:
 Category: Microsoft Sentinel Parser
 FunctionName: ExchangeConfiguration
 FunctionAlias: ExchangeConfiguration
+FunctionParams:
+    - Name: SpecificSectionList
+      Type: string
+      Description: The list of section to query. Default is all.
+      DefaultValue: ''
+    - Name: SpecificConfigurationDate
+      Type: string
+      Description: The date to query. Default is last 7 days.
+      DefaultValue: 'lastdate'
+    - Name: SpecificConfigurationEnv
+      Type: string
+      Description: The environment to query. Default is all.
+      DefaultValue: 'All'
+    - Name: Target
+      Type: string
+      Description: The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises".
+      DefaultValue: 'On-Premises'
 FunctionQuery: |
+    // Parameters definition
     let _SpecificSectionList = split(SpecificSectionList,',');
     let _configurationDate = iff(isnull(SpecificConfigurationDate) or isempty(SpecificConfigurationDate),"lastdate",tostring(SpecificConfigurationDate));
     let _configurationEnv = split(iff(isnull(SpecificConfigurationEnv) or isempty(SpecificConfigurationEnv) or tolower(SpecificConfigurationEnv) == "all","All",tostring(SpecificConfigurationEnv)),',');
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.txt b/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.txt
deleted file mode 100644
index bde6f25ebdf..00000000000
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.txt	
+++ /dev/null
@@ -1,33 +0,0 @@
-// Title:           ESI - Exchange Configuration Environment List Generator
-// Author:          Microsoft
-// Version:         1.2
-// Last Updated:    19/09/2022
-// Comment:         
-//      v1.2 : 
-//          - Adding fuzzy mode to be able to have only On-Premises or Online tables
-//  
-// DESCRIPTION:
-// This parser takes raw ESI Exchange Configuration Collector to list Exchange Environments that are loaded in the tables. This is the same parser for Exchange On-Premises version and Exchange online version of the solution.
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name "ESI_ExchConfigAvailableEnvironments".
-// Parameters : 1 parameter to add during creation. 
-//    1. Target, type string, default value "On-Premises"
-// 3. Function App usually take 10-15 minutes to activate. You can then use Function Alias for other queries
-//
-//
-// REFERENCE: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-//
-// LOG SAMPLES:
-// This parser assumes the raw log from the ESI Exchange Collector are on the ESIExchangeConfig_CL and/or ESIExchangeOnlineConfig_CL tables and are uploaded using the builtin REST API uploader of the Collector.
-//
-//
-// Parameters
-let _target = iff(isnull(Target) or isempty(Target),"On-Premises",Target);
-let ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*
-    | extend Source = iff (TableName contains "Online", "Online", "On-Premises")
-    | where _target == 'All' or Source == _target;
-// Base Request
-ScalarbaseRequest | summarize by ESIEnvironment_s | project-rename ESIEnvironment = ESIEnvironment_s
\ No newline at end of file
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml b/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml
index edde14a9176..76bab8257d3 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Parsers/ExchangeEnvironmentList.yaml	
@@ -6,7 +6,13 @@ Function:
 Category: Microsoft Sentinel Parser
 FunctionName: ExchangeEnvironmentList
 FunctionAlias: ExchangeEnvironmentList
+FunctionParams:
+  - Name: Target
+    Type: string
+    Description: The target environment to query. Valid values are "On-Premises" or "Online". Default is "On-Premises".
+    DefaultValue: 'On-Premises'
 FunctionQuery: |
+    // Parameters definition
     let _target = iff(isnull(Target) or isempty(Target),"On-Premises",Target);
     let ScalarbaseRequest = union isfuzzy=true withsource=TableName ESIAPIExchange*,ESIExchange*
         | extend Source = iff (TableName contains "Online", "Online", "On-Premises")
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/ReleaseNotes.md b/Solutions/Microsoft Exchange Security - Exchange Online/ReleaseNotes.md
new file mode 100644
index 00000000000..b4b0e1d9655
--- /dev/null
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/ReleaseNotes.md	
@@ -0,0 +1,4 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
+|-------------|--------------------------------|---------------------------------------------|
+| 3.0.0       | 08-23-2023                     |**ExchangeEnvironmentList** parser name      |
+|             |                                | corrected in Workbooks.                     |
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json b/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json
index 6db4c1c5605..fb14396d3f6 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json	
@@ -52,7 +52,7 @@
             "multiSelect": true,
             "quote": "'",
             "delimiter": ",",
-            "query": "ESI_ExchConfigAvailableEnvironments(Target=\"Online\") | where ESIEnvironment != \"\"",
+            "query": "ExchangeEnvironmentList(Target=\"Online\") | where ESIEnvironment != \"\"",
             "typeSettings": {
               "limitSelectTo": 1,
               "showDefault": false
diff --git a/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Security Review - Online.json b/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Security Review - Online.json
index 0177d8059c3..7a07bab5a55 100644
--- a/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Security Review - Online.json	
+++ b/Solutions/Microsoft Exchange Security - Exchange Online/Workbooks/Microsoft Exchange Security Review - Online.json	
@@ -23,7 +23,7 @@
             "multiSelect": true,
             "quote": "'",
             "delimiter": ",",
-            "query": "ESI_ExchConfigAvailableEnvironments(Target=\"Online\") | where ESIEnvironment != \"\"",
+            "query": "ExchangeEnvironmentList(Target=\"Online\") | where ESIEnvironment != \"\"",
             "typeSettings": {
               "limitSelectTo": 1,
               "showDefault": false
diff --git a/Solutions/Microsoft PowerBI/Data Connectors/template_OfficePowerBI.JSON b/Solutions/Microsoft PowerBI/Data Connectors/template_OfficePowerBI.JSON
index ff1c03ce222..856e5e239dd 100644
--- a/Solutions/Microsoft PowerBI/Data Connectors/template_OfficePowerBI.JSON	
+++ b/Solutions/Microsoft PowerBI/Data Connectors/template_OfficePowerBI.JSON	
@@ -28,7 +28,7 @@
   ],
   "availability": {
     "status": 1,
-    "isPreview": false
+    "isPreview": true
   },
   "permissions": {
     "resourceProvider": [
diff --git a/Solutions/Microsoft PowerBI/Data/system_generated_metadata.json b/Solutions/Microsoft PowerBI/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..721a72cc197
--- /dev/null
+++ b/Solutions/Microsoft PowerBI/Data/system_generated_metadata.json	
@@ -0,0 +1,30 @@
+{
+  "Name": "Microsoft PowerBI",
+  "Author": "Microsoft",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/PowerBILogo.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [Microsoft PowerBI](https://docs.microsoft.com/power-bi/fundamentals/power-bi-overview) solution enables you to track user activities in your PowerBI environment. You can filter the audit data by date range, user, dashboard, report, dataset, and activity type.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Office Management API ](https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview)",
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Microsoft PowerBI",
+  "TemplateSpec": true,
+  "Is1PConnector": true,
+  "Version": "3.0.0",
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-microsoftpowerbi",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "Application"
+    ]
+  },
+  "firstPublishDate": "2022-05-23",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/template_OfficePowerBI.JSON\"\n]",
+  "Workbooks": "[\n  \"Workbooks/MicrosoftPowerBIActivityWorkbook.json\"\n]"
+}
diff --git a/Solutions/Microsoft PowerBI/Package/3.0.0.zip b/Solutions/Microsoft PowerBI/Package/3.0.0.zip
new file mode 100644
index 00000000000..0da71ed3a12
Binary files /dev/null and b/Solutions/Microsoft PowerBI/Package/3.0.0.zip differ
diff --git a/Solutions/Microsoft PowerBI/Package/createUiDefinition.json b/Solutions/Microsoft PowerBI/Package/createUiDefinition.json
index 76c1ec0eddd..bbf59fa1cef 100644
--- a/Solutions/Microsoft PowerBI/Package/createUiDefinition.json	
+++ b/Solutions/Microsoft PowerBI/Package/createUiDefinition.json	
@@ -124,4 +124,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/Solutions/Microsoft PowerBI/Package/mainTemplate.json b/Solutions/Microsoft PowerBI/Package/mainTemplate.json
index 9c6c796613b..845c1580cbc 100644
--- a/Solutions/Microsoft PowerBI/Package/mainTemplate.json	
+++ b/Solutions/Microsoft PowerBI/Package/mainTemplate.json	
@@ -40,50 +40,37 @@
   "variables": {
     "solutionId": "azuresentinel.azure-sentinel-solution-microsoftpowerbi",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "Microsoft PowerBI",
+    "_solutionVersion": "3.0.0",
     "uiConfigId1": "OfficePowerBI",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "OfficePowerBI",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "MicrosoftPowerBIActivityWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
-    "_workbookContentId1": "[variables('workbookContentId1')]"
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
+    "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Microsoft PowerBI data connector with template",
-        "displayName": "Microsoft PowerBI template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft PowerBI data connector with template version 2.0.1",
+        "description": "Microsoft PowerBI data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -128,7 +115,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -152,12 +139,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Microsoft PowerBI",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -221,33 +219,15 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Microsoft PowerBI Workbook with template",
-        "displayName": "Microsoft PowerBI workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MicrosoftPowerBIActivityWorkbookWorkbook Workbook with template version 2.0.1",
+        "description": "MicrosoftPowerBIActivityWorkbookWorkbook Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -265,7 +245,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ccd5adcd-8d59-4cfe-99ec-98075de2e253\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DefaultSubscription_Internal\",\"type\":1,\"isRequired\":true,\"query\":\"where type =~ 'microsoft.operationalinsights/workspaces'\\r\\n| take 1\\r\\n| project subscriptionId\",\"crossComponentResources\":[\"value::selected\"],\"isHiddenWhenLocked\":true,\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"1ca69445-60fc-4806-b43d-ac7e6aad630a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Subscription\",\"type\":6,\"query\":\"summarize by subscriptionId\\r\\n| project value = strcat(\\\"/subscriptions/\\\", subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ '{DefaultSubscription_Internal}', true, false)\\r\\n\",\"crossComponentResources\":[\"value::selected\"],\"typeSettings\":{\"showDefault\":false},\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"e94aafa3-c5d9-4523-89f0-4e87aa754511\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Workspace\",\"type\":5,\"query\":\"where type =~ 'microsoft.operationalinsights/workspaces'\\n| project id\",\"crossComponentResources\":[\"{Subscription}\"],\"value\":\"\",\"typeSettings\":{\"resourceTypeFilter\":{\"microsoft.operationalinsights/workspaces\":true}},\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"eafaa0ec-7c3a-4ee5-babe-9850080c909d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"resourceGroup\",\"type\":1,\"query\":\"resources\\r\\n| where type =~ 'microsoft.operationalinsights/workspaces'\\r\\n| where id == \\\"{Workspace}\\\"\\r\\n| project resourceGroup\",\"crossComponentResources\":[\"value::selected\"],\"isHiddenWhenLocked\":true,\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"c4b69c01-2263-4ada-8d9c-43433b739ff3\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":false},\"value\":{\"durationMs\":7776000000}},{\"id\":\"c71f3009-a3f4-4aa5-aaf0-d0f667100e56\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"description\":\"This will show some help information to help you understand the page you are on\",\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"Yes\\\", \\\"label\\\": \\\"Yes\\\"},\\r\\n {\\\"value\\\": \\\"No\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }]\"}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":1,\"content\":{\"json\":\"# Microsoft PowerBI Activity Workbook\"},\"name\":\"text - 11\"},{\"type\":1,\"content\":{\"json\":\"#### Please select subscription and workspace for the workbook to load.\\r\\n#### Please change the TimeRange to relead the datasets between different timeframe.\\r\\n\\r\\n#### This workbook contains\\r\\n- Overview \\r\\n\\t- Activity Over Time \\r\\n\\t- Events Occured\\r\\n\\t- Workspace Used\\r\\n\\t- Report Accessed\\r\\n\\t- Dataset Accessed\\r\\n\\t- Activity by DistributionMethod\\r\\n\\t- Activity through UserAgent\\r\\n- Datasets\\r\\n\\t- Dataset Directly Accessed\\r\\n\\t- Activity Directly on Datastes\\r\\n\\t- Direct Datasets Activities\\r\\n- Reports\\r\\n\\t- Activities Across Reports\\r\\n- IP and User Activity Trend\\r\\n\\t- IP Address Activity Trend\\r\\n\\t- User Activity Trend\\r\\n\\t- User Activity Across IP Addresses\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 11 - Copy\"},{\"type\":1,\"content\":{\"json\":\"### Overview\",\"style\":\"info\"},\"name\":\"text - 16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| summarize count() by Activity, bin(TimeGenerated,{TimeRange:grain})\",\"size\":0,\"title\":\"Activity Over Time for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"name\":\"query - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by Activity\",\"size\":0,\"title\":\"Events Occured for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 6 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by PbiWorkspaceName\",\"size\":0,\"title\":\"Workspace Used for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by ReportName\",\"size\":0,\"title\":\"Report Accessed for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"ReportName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by DatasetName\",\"size\":0,\"title\":\"Dataset used for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DatasetName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| summarize count() by DistributionMethod\",\"size\":0,\"title\":\"Activity by DistributionMethod for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 19\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| summarize count() by UserAgent\",\"size\":0,\"title\":\"Activity through UserAgent for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 19 - Copy\"},{\"type\":1,\"content\":{\"json\":\"### Datasets\",\"style\":\"info\"},\"name\":\"text - 17\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| where isempty(ReportName) and isnotempty(DatasetName)\\r\\n|summarize  count() by DatasetName\",\"size\":0,\"title\":\"Dataset dircetly accessed for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DatasetName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| where isempty(ReportName) and isnotempty(DatasetName)\\r\\n| summarize count() by Activity\",\"size\":0,\"title\":\"Activity directly on Datasets for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DatasetName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| where isnotempty(DatasetName)\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by DatasetName);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n| where isnotempty(DatasetName)\\r\\n|summarize TotalActivity = count(), CreateDataset = countif(Activity ==\\\"CreateDataset\\\"),UpdateDatasetParameters\\r\\n = countif(Activity ==\\\"UpdateDatasetParameters\\\") by DatasetName);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on DatasetName\",\"size\":0,\"title\":\"Direct Datasets Activities for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Trend\",\"formatter\":21,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"DatasetName1\",\"formatter\":5},{\"columnMatch\":\"TotalActivity\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"CreateDataset\",\"formatter\":4,\"formatOptions\":{\"palette\":\"greenDarkDark\"}},{\"columnMatch\":\"UpdateDatasetParameters\",\"formatter\":4,\"formatOptions\":{\"palette\":\"brown\"}}],\"filter\":true}},\"name\":\"query - 13\"},{\"type\":1,\"content\":{\"json\":\"### Reports\",\"style\":\"info\"},\"name\":\"text - 18\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| where isnotempty(DatasetName) and  isnotempty(ReportName)\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by ReportName, DatasetName);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n| where isnotempty(DatasetName) and  isnotempty(ReportName)\\r\\n|summarize TotalActivity = count(), ViewReport = countif(Activity ==\\\"ViewReport\\\"),CreateReport = countif(Activity ==\\\"CreateReport\\\") by ReportName, DatasetName);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on ReportName,DatasetName\",\"size\":0,\"title\":\"Activities Across Reports for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Group\",\"formatter\":1},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"ReportName1\",\"formatter\":5},{\"columnMatch\":\"DatasetName1\",\"formatter\":5},{\"columnMatch\":\"TotalActivity\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"ViewReport\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"CreateReport\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"ReportName\"],\"expandTopLevel\":true}}},\"name\":\"query - 13 - Copy\"},{\"type\":1,\"content\":{\"json\":\"### IP and User Activity Trend\",\"style\":\"info\"},\"name\":\"text - 19\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by SrcIpAddr);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n|summarize count() by SrcIpAddr);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on SrcIpAddr\",\"size\":0,\"title\":\"IP Address Activity Trend for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"SrcIpAddr1\",\"formatter\":5},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by ActorName);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n|summarize count() by ActorName);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on ActorName\",\"size\":0,\"title\":\"User Activity Trend for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"ActorName1\",\"formatter\":5},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by ActorName, SrcIpAddr\",\"size\":0,\"title\":\"User Activity Across IP Addresses for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Group\",\"formatter\":1},{\"columnMatch\":\"SrcIpAddr\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"ActorName\"]}}},\"name\":\"query - 6 - Copy - Copy - Copy - Copy - Copy - Copy - Copy\"}],\"fromTemplateId\":\"sentinel-MicrosoftPowerBIActivityWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ccd5adcd-8d59-4cfe-99ec-98075de2e253\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DefaultSubscription_Internal\",\"type\":1,\"isRequired\":true,\"query\":\"where type =~ 'microsoft.operationalinsights/workspaces'\\r\\n| take 1\\r\\n| project subscriptionId\",\"crossComponentResources\":[\"value::selected\"],\"isHiddenWhenLocked\":true,\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"1ca69445-60fc-4806-b43d-ac7e6aad630a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Subscription\",\"type\":6,\"query\":\"summarize by subscriptionId\\r\\n| project value = strcat(\\\"/subscriptions/\\\", subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ '{DefaultSubscription_Internal}', true, false)\\r\\n\",\"crossComponentResources\":[\"value::selected\"],\"typeSettings\":{\"showDefault\":false},\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"e94aafa3-c5d9-4523-89f0-4e87aa754511\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Workspace\",\"type\":5,\"query\":\"where type =~ 'microsoft.operationalinsights/workspaces'\\n| project id\",\"crossComponentResources\":[\"{Subscription}\"],\"value\":\"\",\"typeSettings\":{\"resourceTypeFilter\":{\"microsoft.operationalinsights/workspaces\":true}},\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"eafaa0ec-7c3a-4ee5-babe-9850080c909d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"resourceGroup\",\"type\":1,\"query\":\"resources\\r\\n| where type =~ 'microsoft.operationalinsights/workspaces'\\r\\n| where id == \\\"{Workspace}\\\"\\r\\n| project resourceGroup\",\"crossComponentResources\":[\"value::selected\"],\"isHiddenWhenLocked\":true,\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"c4b69c01-2263-4ada-8d9c-43433b739ff3\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":false},\"value\":{\"durationMs\":7776000000}},{\"id\":\"c71f3009-a3f4-4aa5-aaf0-d0f667100e56\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Help\",\"label\":\"Show Help\",\"type\":10,\"description\":\"This will show some help information to help you understand the page you are on\",\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{ \\\"value\\\": \\\"Yes\\\", \\\"label\\\": \\\"Yes\\\"},\\r\\n {\\\"value\\\": \\\"No\\\", \\\"label\\\": \\\"No\\\", \\\"selected\\\":true }]\"}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 1\"},{\"type\":1,\"content\":{\"json\":\"# Microsoft PowerBI Activity Workbook\"},\"name\":\"text - 11\"},{\"type\":1,\"content\":{\"json\":\"#### Please select subscription and workspace for the workbook to load.\\r\\n#### Please change the TimeRange to relead the datasets between different timeframe.\\r\\n\\r\\n#### This workbook contains\\r\\n- Overview \\r\\n\\t- Activity Over Time \\r\\n\\t- Events Occured\\r\\n\\t- Workspace Used\\r\\n\\t- Report Accessed\\r\\n\\t- Dataset Accessed\\r\\n\\t- Activity by DistributionMethod\\r\\n\\t- Activity through UserAgent\\r\\n- Datasets\\r\\n\\t- Dataset Directly Accessed\\r\\n\\t- Activity Directly on Datastes\\r\\n\\t- Direct Datasets Activities\\r\\n- Reports\\r\\n\\t- Activities Across Reports\\r\\n- IP and User Activity Trend\\r\\n\\t- IP Address Activity Trend\\r\\n\\t- User Activity Trend\\r\\n\\t- User Activity Across IP Addresses\"},\"conditionalVisibility\":{\"parameterName\":\"Help\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"text - 11 - Copy\"},{\"type\":1,\"content\":{\"json\":\"### Overview\",\"style\":\"info\"},\"name\":\"text - 16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| summarize count() by Activity, bin(TimeGenerated,{TimeRange:grain})\",\"size\":0,\"title\":\"Activity Over Time for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"name\":\"query - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by Activity\",\"size\":0,\"title\":\"Events Occured for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 6 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by PbiWorkspaceName\",\"size\":0,\"title\":\"Workspace Used for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by ReportName\",\"size\":0,\"title\":\"Report Accessed for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"ReportName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by DatasetName\",\"size\":0,\"title\":\"Dataset used for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DatasetName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| summarize count() by DistributionMethod\",\"size\":0,\"title\":\"Activity by DistributionMethod for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 19\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| summarize count() by UserAgent\",\"size\":0,\"title\":\"Activity through UserAgent for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 19 - Copy\"},{\"type\":1,\"content\":{\"json\":\"### Datasets\",\"style\":\"info\"},\"name\":\"text - 17\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| where isempty(ReportName) and isnotempty(DatasetName)\\r\\n|summarize  count() by DatasetName\",\"size\":0,\"title\":\"Dataset dircetly accessed for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DatasetName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n| where isempty(ReportName) and isnotempty(DatasetName)\\r\\n| summarize count() by Activity\",\"size\":0,\"title\":\"Activity directly on Datasets for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DatasetName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| where isnotempty(DatasetName)\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by DatasetName);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n| where isnotempty(DatasetName)\\r\\n|summarize TotalActivity = count(), CreateDataset = countif(Activity ==\\\"CreateDataset\\\"),UpdateDatasetParameters\\r\\n = countif(Activity ==\\\"UpdateDatasetParameters\\\") by DatasetName);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on DatasetName\",\"size\":0,\"title\":\"Direct Datasets Activities for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Trend\",\"formatter\":21,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"DatasetName1\",\"formatter\":5},{\"columnMatch\":\"TotalActivity\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"CreateDataset\",\"formatter\":4,\"formatOptions\":{\"palette\":\"greenDarkDark\"}},{\"columnMatch\":\"UpdateDatasetParameters\",\"formatter\":4,\"formatOptions\":{\"palette\":\"brown\"}}],\"filter\":true}},\"name\":\"query - 13\"},{\"type\":1,\"content\":{\"json\":\"### Reports\",\"style\":\"info\"},\"name\":\"text - 18\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| where isnotempty(DatasetName) and  isnotempty(ReportName)\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by ReportName, DatasetName);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n| where isnotempty(DatasetName) and  isnotempty(ReportName)\\r\\n|summarize TotalActivity = count(), ViewReport = countif(Activity ==\\\"ViewReport\\\"),CreateReport = countif(Activity ==\\\"CreateReport\\\") by ReportName, DatasetName);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on ReportName,DatasetName\",\"size\":0,\"title\":\"Activities Across Reports for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Group\",\"formatter\":1},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"ReportName1\",\"formatter\":5},{\"columnMatch\":\"DatasetName1\",\"formatter\":5},{\"columnMatch\":\"TotalActivity\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"ViewReport\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"CreateReport\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"ReportName\"],\"expandTopLevel\":true}}},\"name\":\"query - 13 - Copy\"},{\"type\":1,\"content\":{\"json\":\"### IP and User Activity Trend\",\"style\":\"info\"},\"name\":\"text - 19\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by SrcIpAddr);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n|summarize count() by SrcIpAddr);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on SrcIpAddr\",\"size\":0,\"title\":\"IP Address Activity Trend for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"SrcIpAddr1\",\"formatter\":5},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let PbiTrend = (PowerBIActivity\\r\\n| make-series Trend = count() default = 0 on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, {TimeRange:grain}) by ActorName);\\r\\nlet PbiSummary = (PowerBIActivity\\r\\n|summarize count() by ActorName);\\r\\nPbiTrend\\r\\n| join kind=inner(\\r\\nPbiSummary\\r\\n) on ActorName\",\"size\":0,\"title\":\"User Activity Trend for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"ActorName1\",\"formatter\":5},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true}},\"customWidth\":\"50\",\"name\":\"query - 6 - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PowerBIActivity\\r\\n|summarize  count() by ActorName, SrcIpAddr\",\"size\":0,\"title\":\"User Activity Across IP Addresses for {TimeRange:label}\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Group\",\"formatter\":1},{\"columnMatch\":\"SrcIpAddr\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true,\"hierarchySettings\":{\"treeType\":1,\"groupBy\":[\"ActorName\"]}}},\"name\":\"query - 6 - Copy - Copy - Copy - Copy - Copy - Copy - Copy\"}],\"fromTemplateId\":\"sentinel-MicrosoftPowerBIActivityWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -303,7 +283,7 @@
                       "kind": "DataType"
                     },
                     {
-                      "contentId": "OfficePowerBI",
+                      "contentId": "Microsoft PowerBI (Preview)",
                       "kind": "DataConnector"
                     }
                   ]
@@ -311,17 +291,35 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.1",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Microsoft PowerBI",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/power-bi/fundamentals/power-bi-overview\">Microsoft PowerBI</a> solution enables you to track user activities in your PowerBI environment. You can filter the audit data by date range, user, dashboard, report, dataset, and activity type.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview\">Office Management API </a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/PowerBILogo.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
diff --git a/Solutions/Microsoft Project/Data Connectors/template_Office365Project.JSON b/Solutions/Microsoft Project/Data Connectors/template_Office365Project.JSON
index eb158ee9805..f4ca033b0e7 100644
--- a/Solutions/Microsoft Project/Data Connectors/template_Office365Project.JSON	
+++ b/Solutions/Microsoft Project/Data Connectors/template_Office365Project.JSON	
@@ -33,7 +33,7 @@
     ],
     "availability": {
         "status": 1,
-        "isPreview": false
+        "isPreview": true
     },
     "permissions": {
         "resourceProvider": [
diff --git a/Solutions/Microsoft Project/Package/3.0.0.zip b/Solutions/Microsoft Project/Package/3.0.0.zip
new file mode 100644
index 00000000000..46a3a7decbd
Binary files /dev/null and b/Solutions/Microsoft Project/Package/3.0.0.zip differ
diff --git a/Solutions/Microsoft Project/Package/createUiDefinition.json b/Solutions/Microsoft Project/Package/createUiDefinition.json
index 81ad856bf39..d956bfb6f44 100644
--- a/Solutions/Microsoft Project/Package/createUiDefinition.json	
+++ b/Solutions/Microsoft Project/Package/createUiDefinition.json	
@@ -60,7 +60,17 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector to enable ingestion of your Microsoft Project audit logs. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Microsoft Project. You can get Microsoft Project custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
             }
           }
         ]
diff --git a/Solutions/Microsoft Project/Package/mainTemplate.json b/Solutions/Microsoft Project/Package/mainTemplate.json
index cad67167c85..09dabe37df3 100644
--- a/Solutions/Microsoft Project/Package/mainTemplate.json	
+++ b/Solutions/Microsoft Project/Package/mainTemplate.json	
@@ -30,47 +30,32 @@
     }
   },
   "variables": {
+    "_solutionName": "Microsoft Project",
+    "_solutionVersion": "3.0.0",
     "solutionId": "azuresentinel.azure-sentinel-solution-microsoftproject",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "uiConfigId1": "Office365Project",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "Office365Project",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
-    "dataConnectorVersion1": "1.0.0"
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Microsoft Project data connector with template",
-        "displayName": "Microsoft Project template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Project data connector with template version 2.0.0",
+        "description": "Microsoft Project data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -115,7 +100,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -139,16 +124,28 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Microsoft Project",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
       ],
+      "location": "[parameters('workspace-location')]",
       "properties": {
         "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
         "contentId": "[variables('_dataConnectorContentId1')]",
@@ -207,12 +204,20 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.0",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Microsoft Project",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.microsoft.com/en-us/microsoft-365/project/project-management-software\">Microsoft Project</a> solution allows you to stream your Microsoft Project audit logs into Microsoft Sentinel in order to track your project activities.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ul>\n<li><a href=\"https://docs.microsoft.com/office/office-365-management-api/office-365-management-apis-overview\">Office Management API</a></li>\n</ul>\n<p><strong>Data Connectors:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Microsoft_logo.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
diff --git a/Solutions/Morphisec/Data Connectors/Morphisec.json b/Solutions/Morphisec/Data Connectors/Morphisec.json
index 9907f67ad0d..140d7c48995 100644
--- a/Solutions/Morphisec/Data Connectors/Morphisec.json	
+++ b/Solutions/Morphisec/Data Connectors/Morphisec.json	
@@ -1,6 +1,6 @@
 {
     "id": "MorphisecUTPP",
-    "title": "Morphisec UTPP",
+    "title": "[Deprecated] Morphisec UTPP via Legacy Agent",
     "publisher": "Morphisec",
     "descriptionMarkdown": "Integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. Morphisec's Data Connector provides visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets",
     "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
diff --git a/Solutions/Morphisec/Data Connectors/template_MorphisecAMA.json b/Solutions/Morphisec/Data Connectors/template_MorphisecAMA.json
new file mode 100644
index 00000000000..42eb62e5610
--- /dev/null
+++ b/Solutions/Morphisec/Data Connectors/template_MorphisecAMA.json	
@@ -0,0 +1,115 @@
+{
+    "id": "MorphisecUTPPAma",
+    "title": "[Recommended] Morphisec UTPP via AMA",
+    "publisher": "Morphisec",
+    "descriptionMarkdown": "Integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. Morphisec's Data Connector provides visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets",
+    "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
+    "graphQueries": [{
+            "metricName": "Total data received",
+            "legend": "Morphisec",
+            "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+        }
+    ],
+    "sampleQueries": [{
+            "description": "Threats count by host",
+            "query": "\nMorphisec\n\n            | summarize Times_Attacked=count() by SourceHostName"
+        }, {
+            "description": "Threats count by username",
+            "query": "\nMorphisec\n\n            | summarize Times_Attacked=count() by SourceUserName"
+        }, {
+            "description": "Threats with high severity",
+            "query": "\nMorphisec\n\n            | where toint( LogSeverity) > 7  | order by TimeGenerated"
+        }
+    ],
+    "dataTypes": [{
+            "name": "CommonSecurityLog (Morphisec)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [{
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+		"isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [{
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "read": true,
+                    "write": true,
+                    "delete": true
+                }
+            }, {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ],
+		"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+    },
+    "instructionSteps": [
+	{
+		    "title": "",
+            "description": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
+                     "instructions": [
+			       {
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                                "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.",
+                                "instructions": [
+                                ]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ] 
+        },  
+		{
+            "title": "2. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ]
+}
diff --git a/Solutions/Morphisec/Data/Solution_Morphisec.json b/Solutions/Morphisec/Data/Solution_Morphisec.json
index 6f69c0da311..44bd75eaeb6 100644
--- a/Solutions/Morphisec/Data/Solution_Morphisec.json
+++ b/Solutions/Morphisec/Data/Solution_Morphisec.json
@@ -2,15 +2,16 @@
   "Name": "Morphisec",
   "Author": "Morphisec",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Morphisec_Logo.svg\"width=\"75px\" height=\"75px\">",
-  "Description": "The [Morphisec](https://www.morphisec.com/) solution for Microsoft Sentinel enables you to integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "Description": "The [Morphisec](https://www.morphisec.com/) solution for Microsoft Sentinel enables you to integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.\n\r\n1. **Morphisec via AMA** - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Morphisec via Legacy Agent** - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Morphisec via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Data Connectors": [
-    "Solutions/Morphisec/Data Connectors/Morphisec.JSON"
+    "Solutions/Morphisec/Data Connectors/Morphisec.json",
+	"Solutions/Morphisec/Data Connectors/template_MorphisecAMA.json"
   ],
   "Parsers": [
-    "Solutions/Morphisec/Parsers/Morphisec"
+    "Solutions/Morphisec/Parsers/Morphisec.yaml"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "2.0.1",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/Morphisec/Data/system_generated_metadata.json b/Solutions/Morphisec/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..1712658ce9b
--- /dev/null
+++ b/Solutions/Morphisec/Data/system_generated_metadata.json
@@ -0,0 +1,29 @@
+{
+  "Name": "Morphisec",
+  "Author": "Morphisec",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Morphisec_Logo.svg\"width=\"75px\" height=\"75px\">",
+  "Description": "The [Morphisec](https://www.morphisec.com/) solution for Microsoft Sentinel enables you to integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.\n\r\n1. **Morphisec via AMA** - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Morphisec via Legacy Agent** - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Morphisec via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1PConnector": false,
+  "publisherId": "morphisec",
+  "offerId": "morphisec_utpp_mss",
+  "providers": [
+    "Morphisec"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Threat Protection"
+    ]
+  },
+  "firstPublishDate": "2022-05-05",
+  "support": {
+    "name": "Morphisec",
+    "tier": "Partner",
+    "link": "https://support.morphisec.com/support/home"
+  },
+  "Data Connectors": "[\n  \"Morphisec.json\",\n  \"template_MorphisecAMA.json\"\n]",
+  "Parsers": "[\n  \"Morphisec.yaml\"\n]"
+}
diff --git a/Solutions/Morphisec/Package/3.0.0.zip b/Solutions/Morphisec/Package/3.0.0.zip
new file mode 100644
index 00000000000..949c3d370ee
Binary files /dev/null and b/Solutions/Morphisec/Package/3.0.0.zip differ
diff --git a/Solutions/Morphisec/Package/createUiDefinition.json b/Solutions/Morphisec/Package/createUiDefinition.json
index 78868d067a0..00b0a4c795d 100644
--- a/Solutions/Morphisec/Package/createUiDefinition.json
+++ b/Solutions/Morphisec/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Morphisec_Logo.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Morphisec](https://www.morphisec.com/) solution for Microsoft Sentinel enables you to integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog) ](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Morphisec_Logo.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Morphisec/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Morphisec](https://www.morphisec.com/) solution for Microsoft Sentinel enables you to integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.\n\r\n1. **Morphisec via AMA** - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Morphisec via Legacy Agent** - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Morphisec via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,14 +60,14 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector for ingesting data from Morphisec in Common Event Format (CEF), to gain visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Morphisec. You can get Morphisec CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the Morphisec Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
             }
           },
           {
@@ -80,6 +80,7 @@
               }
             }
           }
+          
         ]
       }
     ],
diff --git a/Solutions/Morphisec/Package/mainTemplate.json b/Solutions/Morphisec/Package/mainTemplate.json
index 9ca6ef72eb0..8cfe8042992 100644
--- a/Solutions/Morphisec/Package/mainTemplate.json
+++ b/Solutions/Morphisec/Package/mainTemplate.json
@@ -30,55 +30,50 @@
     }
   },
   "variables": {
+    "_solutionName": "Morphisec",
+    "_solutionVersion": "3.0.0",
     "solutionId": "morphisec.morphisec_utpp_mss",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "uiConfigId1": "MorphisecUTPP",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "MorphisecUTPP",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "Morphisec-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "MorphisecUTPPAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "MorphisecUTPPAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "parserName1": "Morphisec",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]"
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "Morphisec-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Morphisec data connector with template",
-        "displayName": "Morphisec template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Morphisec data connector with template version 2.0.1",
+        "description": "Morphisec data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -94,7 +89,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "Morphisec UTPP",
+                  "title": "[Deprecated] Morphisec UTPP via Legacy Agent",
                   "publisher": "Morphisec",
                   "descriptionMarkdown": "Integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. Morphisec's Data Connector provides visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets",
                   "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
@@ -222,7 +217,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -245,12 +240,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] Morphisec UTPP via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -284,7 +290,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "Morphisec UTPP",
+          "title": "[Deprecated] Morphisec UTPP via Legacy Agent",
           "publisher": "Morphisec",
           "descriptionMarkdown": "Integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. Morphisec's Data Connector provides visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets",
           "graphQueries": [
@@ -412,33 +418,356 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('parserTemplateSpecName1')]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Morphisec data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] Morphisec UTPP via AMA",
+                  "publisher": "Morphisec",
+                  "descriptionMarkdown": "Integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. Morphisec's Data Connector provides visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets",
+                  "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "Morphisec",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Threats count by host",
+                      "query": "\nMorphisec\n\n            | summarize Times_Attacked=count() by SourceHostName"
+                    },
+                    {
+                      "description": "Threats count by username",
+                      "query": "\nMorphisec\n\n            | summarize Times_Attacked=count() by SourceUserName"
+                    },
+                    {
+                      "description": "Threats with high severity",
+                      "query": "\nMorphisec\n\n            | where toint( LogSeverity) > 7  | order by TimeGenerated"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (Morphisec)",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                               
+                              },
+                              {
+                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                                "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address."
+                               
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Morphisec",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Morphisec"
+                },
+                "support": {
+                  "name": "Morphisec",
+                  "tier": "Partner",
+                  "link": "https://support.morphisec.com/support/home"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] Morphisec UTPP via AMA",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId2')]"
+      ],
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "properties": {
-        "description": "Morphisec Data Parser with template",
-        "displayName": "Morphisec Data Parser template"
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion2')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Morphisec",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Morphisec"
+        },
+        "support": {
+          "name": "Morphisec",
+          "tier": "Partner",
+          "link": "https://support.morphisec.com/support/home"
+        }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "[Recommended] Morphisec UTPP via AMA",
+          "publisher": "Morphisec",
+          "descriptionMarkdown": "Integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. Morphisec's Data Connector provides visibility into today's most advanced threats including sophisticated fileless attacks, in-memory exploits and zero days. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "Morphisec",
+              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (Morphisec)",
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'Morphisec'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Threats count by host",
+              "query": "\nMorphisec\n\n            | summarize Times_Attacked=count() by SourceHostName"
+            },
+            {
+              "description": "Threats count by username",
+              "query": "\nMorphisec\n\n            | summarize Times_Attacked=count() by SourceUserName"
+            },
+            {
+              "description": "Threats with high severity",
+              "query": "\nMorphisec\n\n            | where toint( LogSeverity) > 7  | order by TimeGenerated"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)",
+              "instructions": [
+                {
+                  "parameters": {
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                        
+                      },
+                      {
+                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                        "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address."
+                       
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "2. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId2')]",
+          "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"Morphisec\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/sentinel-morphisecutpp-parser)"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Morphisec Data Parser with template version 2.0.1",
+        "description": "Morphisec Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -447,20 +776,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
                 "displayName": "Morphisec",
-                "category": "Samples",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "Morphisec",
-                "query": "\n\r\nCommonSecurityLog\r\n| where DeviceVendor == 'Morphisec'\r\n| extend Start = coalesce(\r\n                            todatetime(extract(\"start=([^;]+)\",1,AdditionalExtensions)),                            \r\n                            todatetime(column_ifexists(\"StartTime\", \"\"))\r\n                        )                        \r\n, AttackedModule = extract(\"AttackedModule=([^;]+)\",1,AdditionalExtensions)\r\n, MorphisecVersion = extract(\"MorphisecVersion=([^;]+)\",1,AdditionalExtensions)\r\n, AttackName = extract(\"AttackName=([^;]+)\",1,AdditionalExtensions)\r\n, AttackCategory = extract(\"AttackCategory=([^;]+)\",1,AdditionalExtensions)\r\n, Attackdescription = extract(\"Attackdescription=([^;]+)\",1,AdditionalExtensions)\r\n, ProcessSignature = extract(\"ProcessSignature=([^;]+)\",1,AdditionalExtensions)\r\n, ParentSignature = extract(\"ParentSignature=([^;]+)\",1,AdditionalExtensions)\r\n, LastStackFunctionCall = extract(\"LastStackFunctionCall=([^;]+)\",1,AdditionalExtensions)\r\n, LastModuleLoaded = extract(\"LastModuleLoaded=([^;]+)\",1,AdditionalExtensions)\r\n, CommandLine = extract(\"CommandLine=([^;]+)\",1,AdditionalExtensions)\r\n, ParentProcessCommandLine = extract(\"ParentProcessCommandLine=([^;]+)\",1,AdditionalExtensions)\r\n, CodeProcessed = extract(\"CodeProcessed=([^;]+)\",1,AdditionalExtensions)",
-                "version": 1,
+                "query": "CommonSecurityLog\n| where DeviceVendor == 'Morphisec'\n| extend Start = coalesce(\n                            todatetime(extract(\"start=([^;]+)\",1,AdditionalExtensions)),                            \n                            todatetime(column_ifexists(\"StartTime\", \"\"))\n                        )                        \n, AttackedModule = extract(\"AttackedModule=([^;]+)\",1,AdditionalExtensions)\n, MorphisecVersion = extract(\"MorphisecVersion=([^;]+)\",1,AdditionalExtensions)\n, AttackName = extract(\"AttackName=([^;]+)\",1,AdditionalExtensions)\n, AttackCategory = extract(\"AttackCategory=([^;]+)\",1,AdditionalExtensions)\n, Attackdescription = extract(\"Attackdescription=([^;]+)\",1,AdditionalExtensions)\n, ProcessSignature = extract(\"ProcessSignature=([^;]+)\",1,AdditionalExtensions)\n, ParentSignature = extract(\"ParentSignature=([^;]+)\",1,AdditionalExtensions)\n, LastStackFunctionCall = extract(\"LastStackFunctionCall=([^;]+)\",1,AdditionalExtensions)\n, LastModuleLoaded = extract(\"LastModuleLoaded=([^;]+)\",1,AdditionalExtensions)\n, CommandLine = extract(\"CommandLine=([^;]+)\",1,AdditionalExtensions)\n, ParentProcessCommandLine = extract(\"ParentProcessCommandLine=([^;]+)\",1,AdditionalExtensions)\n, CodeProcessed = extract(\"CodeProcessed=([^;]+)\",1,AdditionalExtensions)\n",
+                "functionParameters": "",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Morphisec"
+                    "value": ""
                   }
                 ]
               }
@@ -493,7 +823,18 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "Morphisec",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
@@ -504,10 +845,17 @@
       "properties": {
         "eTag": "*",
         "displayName": "Morphisec",
-        "category": "Samples",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "Morphisec",
-        "query": "\n\r\nCommonSecurityLog\r\n| where DeviceVendor == 'Morphisec'\r\n| extend Start = coalesce(\r\n                            todatetime(extract(\"start=([^;]+)\",1,AdditionalExtensions)),                            \r\n                            todatetime(column_ifexists(\"StartTime\", \"\"))\r\n                        )                        \r\n, AttackedModule = extract(\"AttackedModule=([^;]+)\",1,AdditionalExtensions)\r\n, MorphisecVersion = extract(\"MorphisecVersion=([^;]+)\",1,AdditionalExtensions)\r\n, AttackName = extract(\"AttackName=([^;]+)\",1,AdditionalExtensions)\r\n, AttackCategory = extract(\"AttackCategory=([^;]+)\",1,AdditionalExtensions)\r\n, Attackdescription = extract(\"Attackdescription=([^;]+)\",1,AdditionalExtensions)\r\n, ProcessSignature = extract(\"ProcessSignature=([^;]+)\",1,AdditionalExtensions)\r\n, ParentSignature = extract(\"ParentSignature=([^;]+)\",1,AdditionalExtensions)\r\n, LastStackFunctionCall = extract(\"LastStackFunctionCall=([^;]+)\",1,AdditionalExtensions)\r\n, LastModuleLoaded = extract(\"LastModuleLoaded=([^;]+)\",1,AdditionalExtensions)\r\n, CommandLine = extract(\"CommandLine=([^;]+)\",1,AdditionalExtensions)\r\n, ParentProcessCommandLine = extract(\"ParentProcessCommandLine=([^;]+)\",1,AdditionalExtensions)\r\n, CodeProcessed = extract(\"CodeProcessed=([^;]+)\",1,AdditionalExtensions)",
-        "version": 1
+        "query": "CommonSecurityLog\n| where DeviceVendor == 'Morphisec'\n| extend Start = coalesce(\n                            todatetime(extract(\"start=([^;]+)\",1,AdditionalExtensions)),                            \n                            todatetime(column_ifexists(\"StartTime\", \"\"))\n                        )                        \n, AttackedModule = extract(\"AttackedModule=([^;]+)\",1,AdditionalExtensions)\n, MorphisecVersion = extract(\"MorphisecVersion=([^;]+)\",1,AdditionalExtensions)\n, AttackName = extract(\"AttackName=([^;]+)\",1,AdditionalExtensions)\n, AttackCategory = extract(\"AttackCategory=([^;]+)\",1,AdditionalExtensions)\n, Attackdescription = extract(\"Attackdescription=([^;]+)\",1,AdditionalExtensions)\n, ProcessSignature = extract(\"ProcessSignature=([^;]+)\",1,AdditionalExtensions)\n, ParentSignature = extract(\"ParentSignature=([^;]+)\",1,AdditionalExtensions)\n, LastStackFunctionCall = extract(\"LastStackFunctionCall=([^;]+)\",1,AdditionalExtensions)\n, LastModuleLoaded = extract(\"LastModuleLoaded=([^;]+)\",1,AdditionalExtensions)\n, CommandLine = extract(\"CommandLine=([^;]+)\",1,AdditionalExtensions)\n, ParentProcessCommandLine = extract(\"ParentProcessCommandLine=([^;]+)\",1,AdditionalExtensions)\n, CodeProcessed = extract(\"CodeProcessed=([^;]+)\",1,AdditionalExtensions)\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -539,13 +887,20 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.1",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Morphisec",
+        "publisherDisplayName": "Morphisec",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.morphisec.com/\">Morphisec</a> solution for Microsoft Sentinel enables you to integrate vital insights from your security products with the Morphisec Data Connector for Microsoft Sentinel and expand your analytical capabilities with search and correlation, threat intelligence, and customized alerts. With a single, cross-product view, you can make real-time, data-backed decisions to protect your most important assets.</p>\n<ol>\n<li><p><strong>Morphisec via AMA</strong> - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>Morphisec via Legacy Agent</strong> - This data connector helps in ingesting Morphisec logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of Morphisec via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Morphisec_Logo.svg\"width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -569,6 +924,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
+            },
             {
               "kind": "Parser",
               "contentId": "[variables('_parserContentId1')]",
diff --git a/Solutions/Morphisec/ReleaseNotes.md b/Solutions/Morphisec/ReleaseNotes.md
new file mode 100644
index 00000000000..cef30081ee5
--- /dev/null
+++ b/Solutions/Morphisec/ReleaseNotes.md
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 07-09-2023                     |	Addition of new Morphisec AMA **Data Connector**                | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope.zip b/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope.zip
index c7a5e5632df..67b0ed5b53f 100644
Binary files a/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope.zip and b/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope.zip differ
diff --git a/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1 b/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1
index ce4f8b3c41e..d9751c059ab 100644
--- a/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1	
+++ b/Solutions/Netskope/Data Connectors/Netskope/AzureFunctionNetskope/run.ps1	
@@ -25,18 +25,18 @@ if ($Timer.IsPastDue) {
 $logAnalyticsUri = $env:logAnalyticsUri
 
 # Function to call the Netskope API for different Event Types
-function CallNetskope($logtype) {
+function CallNetskope($LogType) {
 
 # Function to contruct the Netskope Uri for alerts, event types, and to accomodate for pagination
 function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
-    if("$logtype" -eq "alert") {
-        $url = "$uri/api/v1/alerts?token=$ApiKey&limit=$Page&starttime=$StartTime&endtime=$EndTime"
+    if("$LogType" -eq "alert") {
+        $url = "$uri/api/v2/events/data/alert?limit=$Page&starttime=$StartTime&endtime=$EndTime"
     }
     else {
-        $url = "$uri/api/v1/events?token=$ApiKey&limit=$Page&type=$LogType&starttime=$StartTime&endtime=$EndTime"
+        $url = "$uri/api/v2/events/data/${LogType}?limit=$Page&starttime=$StartTime&endtime=$EndTime"
     }
     if ($skip -ne 0) {
-        $url = "$url&skip=$Skip"
+        $url = "$url&offset=$Skip"
         Write-Host "Retrieving next page of $LogType events skipping the previous $Skip records"
         return $url
     }
@@ -46,7 +46,7 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
 }
 
     # Function for retrieving alerts and events from Netskope's APIs
-    function GetNetSkopeAPILogs($logtype) {
+    function GetNetSkopeAPILogs($LogType) {
 
         $timeInterval = [int]($env:timeInterval) * 60
         $pageLimit = 10000
@@ -57,20 +57,20 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
         $apikey = $env:apikey
         $uri = $env:uri
         $tableName = "Netskope"
-        $LastRecordObject = GetStartTime -CheckpointFile $checkPointFile -LogType $logtype -TimeInterval $timeInterval # function to create starttime
+        $LastRecordObject = GetStartTime -CheckpointFile $checkPointFile -LogType $LogType -TimeInterval $timeInterval # function to create starttime
         $LastRecordData = $LastRecordObject.Split("|");
         $startTime = [Int]($LastRecordData[0])
         $skip = $LastRecordData.Length -gt 1 ? [Int]($LastRecordData[1]) : $skip
         $endTime = [Int]($startTime + $timeInterval)
-        Write-Host "For Logtype $($logtype) starttime is $($startTime) and endtime is $($endTime)."
+        Write-Host "For Logtype $($LogType) starttime is $($startTime) and endtime is $($endTime)."
         #$netskopestartInterval = (Get-Date 01.01.1970)+([System.TimeSpan]::fromseconds($startTime))
         #netskopeendInterval = (Get-Date 01.01.1970)+([System.TimeSpan]::fromseconds($endTime))
         #$netskopetimediff = ($netskopeendInterval - $netskopestartInterval)
         #if($netskopetimediff.TotalSeconds -gt 300)
         #{
-        #   Write-Host "Time difference is > 10 minutes for Logtype :- $($logtype).Hence Resetting the endtime to add 10 minutes difference between starttime - $($startTime)  and endtime - $($endTime) "
+        #   Write-Host "Time difference is > 10 minutes for Logtype :- $($LogType).Hence Resetting the endtime to add 10 minutes difference between starttime - $($startTime)  and endtime - $($endTime) "
         #   $endTime = [Int](Get-Date -Date ($netskopestartInterval.AddSeconds(600)) -UFormat %s)
-        #   Write-Host "For Logtype $($logtype) new modified endtime is $($endTime)"
+        #   Write-Host "For Logtype $($LogType) new modified endtime is $($endTime)"
         #}
         #$alleventobjs = @()
         $count = 0
@@ -81,8 +81,8 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
                 if ($endTime -gt ((Get-Date -Date ((Get-Date).DateTime) -UFormat %s))) {
                     break
                 }
-                $response = GetLogs -Uri $uri -ApiKey $apikey -StartTime $startTime -EndTime $endTime -LogType $logtype -Page $pageLimit -Skip $skip
-                $netskopeevents = $response.data
+                $response = GetLogs -Uri $uri -ApiKey $apikey -StartTime $startTime -EndTime $endTime -LogType $LogType -Page $pageLimit -Skip $skip
+                $netskopeevents = $response.result
 
                 if($null -ne $netskopeevents)
                 {
@@ -93,7 +93,6 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
                     $netskopeevents | Add-Member -MemberType NoteProperty transactionid -Value ""
                     $netskopeevents | Add-Member -MemberType NoteProperty browser_sessionid -Value ""
                     $netskopeevents | Add-Member -MemberType NoteProperty requestid -Value ""
-
                     $netskopeevents | ForEach-Object{
                         if($_.dlp_incident_id -ne $NULL){
                                 $_.dlp_incidentid = [string]$_.dlp_incident_id
@@ -121,13 +120,13 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
                     #$dataLength = $netskopeevents.Length
                     #$alleventobjs += $netskopeevents
                     $allEventsLength = $netskopeevents.Length
-                    $responseCode = ProcessData -allEventsLength $allEventsLength -alleventobjs $netskopeevents -checkPointFile $checkPointFile -logtype $logtype -endTime $endTime
+                    $responseCode = ProcessData -allEventsLength $allEventsLength -alleventobjs $netskopeevents -checkPointFile $checkPointFile -LogType $LogType -endTime $endTime
                     # If the API response length for the given log type is equal to the page limit, it indicates there are subsquent pages, continue while loop, and increment the skip value by the records already recieved for the subquent API requests
                     if($allEventsLength -eq $pageLimit){
                         $skip = $skip + $pageLimit
                     }
                     else {
-                        # If the API response length for the given logtype is less than the page limit, it indicates there are no subsquent pages, break the while loop and move to the next logtype
+                        # If the API response length for the given LogType is less than the page limit, it indicates there are no subsquent pages, break the while loop and move to the next LogType
                         $skip = 0
                         $count = 1
                         
@@ -137,29 +136,29 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
                 if($responseCode -ne 200) {
                    Write-Error "ERROR: Log Analytics POST, Status Code: $responseCode, unsuccessful."
                     $skip =  $skip - $pageLimit -lt 0 ? 0 : $skip - $pageLimit
-                    UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $logtype -LastSuccessfulTime $startTime -skip $skip
+                    UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $LogType -LastSuccessfulTime $startTime -skip $skip
                 }elseif($count -eq 0) {
-                   UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $logtype -LastSuccessfulTime $startTime -skip $skip
+                   UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $LogType -LastSuccessfulTime $startTime -skip $skip
                 }else {
-                   UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $logtype -LastSuccessfulTime $endTime -skip $skip
+                   UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $LogType -LastSuccessfulTime $endTime -skip $skip
                     $startTime = $startTime + $timeInterval
                     $count = 0
-                    Write-Host "For Logtype $($logtype) modified starttime is $($startTime)."
+                    Write-Host "For Logtype $($LogType) modified starttime is $($startTime)."
                 }   
 
                 $functionCurrentTimeEpoch = (Get-Date -Date ((Get-Date).DateTime) -UFormat %s)
                 $TimeDifferenceEpoch = $functionCurrentTimeEpoch - $functionStartTimeEpoch
                 
                 if ($TimeDifferenceEpoch -ge 420) {
-                    Write-Host "Exiting from do while loop for logType : $($logtype) to avoid function timeout."
-                    #UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $logtype -LastSuccessfulTime $startTime -skip $skip
+                    Write-Host "Exiting from do while loop for logType : $($LogType) to avoid function timeout."
+                    #UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $LogType -LastSuccessfulTime $startTime -skip $skip
                     break
                 }
 
             }
             catch {
-                UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $logtype -LastSuccessfulTime $startTime -skip $skip
-                Write-Host "Exiting from do while loop for logType : $($logtype) because of error message as : " + $($Error[0].Exception.Message)
+                UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $LogType -LastSuccessfulTime $startTime -skip $skip
+                Write-Host "Exiting from do while loop for logType : $($LogType) because of error message as : " + $($Error[0].Exception.Message)
                 break
             }
 
@@ -167,20 +166,20 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
 
         #if($count -eq 1)
         #{
-        #    UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $logtype -LastSuccessfulTime $endTime -skip $skip
+        #    UpdateCheckpointTime -CheckpointFile $checkPointFile -LogType $LogType -LastSuccessfulTime $endTime -skip $skip
         #} 
     }
 
     # Function for processing the Netskope's API response
-    function ProcessData($allEventsLength, $alleventobjs, $checkPointFile, $logtype, $endTime, $skip) {
-        Write-Host "Process Data function:- EventsLength - $($allEventsLength), Logtype - $($logtype) and Endtime - $($endTime)"
+    function ProcessData($allEventsLength, $alleventobjs, $checkPointFile, $LogType, $endTime, $skip) {
+        Write-Host "Process Data function:- EventsLength - $($allEventsLength), Logtype - $($LogType) and Endtime - $($endTime)"
         $customerId = $env:workspaceId
-        $sharedKey = $env:workspacekey
+        $sharedKey = $env:workspaceKey
         $responseCode = 200
         if ($allEventsLength -ne 0) {
             $jsonPayload = $alleventobjs | ConvertTo-Json -Depth 3
             $mbytes = ([System.Text.Encoding]::UTF8.GetBytes($jsonPayload)).Count / 1024 / 1024
-            Write-Host "Total mbytes :- $($mbytes) for type :- $($logtype)"
+            Write-Host "Total mbytes :- $($mbytes) for type :- $($LogType)"
             # Check the payload size, if under 30MB post to Log Analytics.
             if (($mbytes -le 30)) {
                 $responseCode = Post-LogAnalyticsData -customerId $customerId -sharedKey $sharedKey -body ([System.Text.Encoding]::UTF8.GetBytes($jsonPayload)) -logType $tableName
@@ -196,7 +195,7 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
         else {
             $startInterval = (Get-Date 01.01.1970) + ([System.TimeSpan]::fromseconds($startTime))
             $endInterval = (Get-Date 01.01.1970) + ([System.TimeSpan]::fromseconds($endTime))
-            Write-Host "INFO: No new '$logtype' records created between $startInterval and $endInterval"
+            Write-Host "INFO: No new '$LogType' records created between $startInterval and $endInterval"
         }
         return $responseCode
     }
@@ -232,10 +231,13 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
     }
 
     function GetLogs ($Uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip) {
-        $url = GetUrl -Uri $Uri -ApiKey $ApiKey -StartTime $StartTime -EndTime $EndTime -logtype $LogType -Page $Page -Skip $Skip
-        $obfurl = $url -replace "token=[a-z0-9]+\&", "token=<apiToken>&"
-        Write-Host "Retrieving '$LogType' events from $obfurl"
-        $response = Invoke-RestMethod -Uri $url
+        $url = GetUrl -Uri $Uri -ApiKey $ApiKey -StartTime $StartTime -EndTime $EndTime -LogType $LogType -Page $Page -Skip $Skip
+        Write-Host "Retrieving '$LogType' events from $url"
+        #we have to set header on rest method for v2 - Netskope-Api-Token
+        $headers = @{
+            "Netskope-Api-Token"="$ApiKey"
+        }
+        $response = Invoke-RestMethod -Uri $url -Headers $headers
         if ($response.status -eq "error") {
             $errorCode = $response.errorCode
             $errors = $response.errors
@@ -246,7 +248,7 @@ function GetUrl ($uri, $ApiKey, $StartTime, $EndTime, $LogType, $Page, $Skip){
         }
     }
 
-    # Function to retrieve the checkpoint start time of the last successful API call for a given logtype. Checkpoint file will be created if none exists
+    # Function to retrieve the checkpoint start time of the last successful API call for a given LogType. Checkpoint file will be created if none exists
     function GetStartTime($CheckpointFile, $LogType, $TimeInterval) {
         
         $loggingOptions = $env:logTypes
@@ -382,7 +384,7 @@ function SplitDataAndProcess($customerId, $sharedKey, $payload, $logType) {
         Write-Host "Error, error message: $($Error[0].Exception.Message)"
     }
 }   
-    GetNetSkopeAPILogs -logtype $logtype
+    GetNetSkopeAPILogs -LogType $LogType
 }
 
 
diff --git a/Solutions/Netskope/Data Connectors/Netskope/host.json b/Solutions/Netskope/Data Connectors/Netskope/host.json
index d77b1014827..51b6c77c907 100644
--- a/Solutions/Netskope/Data Connectors/Netskope/host.json	
+++ b/Solutions/Netskope/Data Connectors/Netskope/host.json	
@@ -18,6 +18,6 @@
     },
     "extensionBundle": {
       "id": "Microsoft.Azure.Functions.ExtensionBundle",
-      "version": "[3.*, 4.0.0)"
+      "version": "[4.0.0, 5.0.0)"
     }
   }
\ No newline at end of file
diff --git a/Solutions/Netskope/Data Connectors/Netskope/requirements.psd1 b/Solutions/Netskope/Data Connectors/Netskope/requirements.psd1
index 341251dabf4..ae730570b11 100644
--- a/Solutions/Netskope/Data Connectors/Netskope/requirements.psd1	
+++ b/Solutions/Netskope/Data Connectors/Netskope/requirements.psd1	
@@ -3,5 +3,5 @@
 #
 @{
     # For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'. 
-    'Az' = '4.*'
+    'Az' = '9.*'
 }
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml
index 668df4a8645..9048302aa6d 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Access keys are not rotated for 90 days
 description: |
   'Detects access keys which were not rotated for 90 days.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml
index 0ac6f5a66b2..283083c3835 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACL allow all outbound traffic
 description: |
   'Detects network ACLs with outbound rule to allow all traffic.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml
index abeb289b3e6..017ee900491 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server admin
 description: |
   'Detects Network ACLs allow ingress traffic to server administration ports.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml
index 23ab35c2899..37bfdc3b049 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic
 description: |
   'Detects Network ACLs with Inbound rule to allow All Traffic.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml
index 677ffc0bc71..3cf62b4777b 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Anomalous access key usage
 description: |
   'Detects anomalous API key usage activity.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -29,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml
index d307363c744..851809932bf 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - High risk score alert
 description: |
   'Detects alerts with high risk score value.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -28,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml
index 3138d87d4ee..fcff10aa916 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - High severity alert opened for several days
 description: |
   'Detects high severity alert which is opened for several days.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -30,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml
index d7f9002a61c..a62418f1ead 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions
 description: |
   'Detects IAM Groups with Administrator Access Permissions.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml
index 310b5ebc02a..51d2f0fa3aa 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Inactive user
 description: |
   'Detects users inactive for 30 days.'
 severity: Low
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -25,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml
index 773ccb442c9..8fb2ee05da4 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Maximum risk score alert
 description: |
   'Detects alerts with maximum risk score value.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml
index 186340048e7..2e2cbe18505 100644
--- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml	
+++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml	
@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Multiple failed logins for user
 description: |
   'Detects multiple failed logins for the same user account.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -29,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PaloAltoPrismaCloud/Data/system_generated_metadata.json b/Solutions/PaloAltoPrismaCloud/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..778251361a4
--- /dev/null
+++ b/Solutions/PaloAltoPrismaCloud/Data/system_generated_metadata.json
@@ -0,0 +1,38 @@
+{
+  "Name": "PaloAltoPrismaCloud",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PaloAltoPrismaCloud/logo/Palo-alto-logo.png\" width=\"75px\" height=\"75px\">",
+  "Description": "The [Palo Alto Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) CSPM solution provides the capability to ingest Prisma Cloud CSPM alerts and audit logs into Microsoft Sentinel using the Prisma Cloud CSPM API. Refer to Prisma Cloud CSPM API documentation for more information. \r \n **Underlying Microsoft Technologies used:** \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r \n a.  [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \r \n b.  [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\One\\Azure\\Azure-Sentinel\\Solutions\\PaloAltoPrismaCloud",
+  "Version": "3.0.0",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-paloaltoprisma",
+  "providers": [
+    "Palo Alto Networks"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Cloud Security"
+    ]
+  },
+  "firstPublishDate": "2021-04-16",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/PrismaCloud_API_FunctionApp.json\"\n]",
+  "Parsers": "[\n  \"PaloAltoPrismaCloud.txt\"\n]",
+  "Playbooks": [
+    "Playbooks/CustomConnector/PrismaCloudCSPMCustomConnector/azuredeploy.json",
+    "Playbooks/PrismaCloudCSPMPlaybooks/PrismaCloudCSPM-Enrichment/azuredeploy.json",
+    "Playbooks/PrismaCloudCSPMPlaybooks/PrismaCloudCSPM-Remediation/azuredeploy.json"
+  ],
+  "Workbooks": "[\n  \"Workbooks/PaloAltoPrismaCloudOverview.json\"\n]",
+  "Analytic Rules": "[\n  \"PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml\",\n  \"PaloAltoPrismaCloudAclAllowAllOut.yaml\",\n  \"PaloAltoPrismaCloudAclAllowInToAdminPort.yaml\",\n  \"PaloAltoPrismaCloudAclInAllowAll.yaml\",\n  \"PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml\",\n  \"PaloAltoPrismaCloudHighRiskScoreAlert.yaml\",\n  \"PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml\",\n  \"PaloAltoPrismaCloudIamAdminGroup.yaml\",\n  \"PaloAltoPrismaCloudInactiveUser.yaml\",\n  \"PaloAltoPrismaCloudMaxRiskScoreAlert.yaml\",\n  \"PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml\"\n]",
+  "Hunting Queries": "[\n  \"PaloAltoPrismaCloudAccessKeysUsed.yaml\",\n  \"PaloAltoPrismaCloudFailedLoginsSources.yaml\",\n  \"PaloAltoPrismaCloudFailedLoginsUsers.yaml\",\n  \"PaloAltoPrismaCloudHighRiskScoreOpenedAlerts.yaml\",\n  \"PaloAltoPrismaCloudHighSeverityAlerts.yaml\",\n  \"PaloAltoPrismaCloudNewUsers.yaml\",\n  \"PaloAltoPrismaCloudOpenedAlerts.yaml\",\n  \"PaloAltoPrismaCloudTopResources.yaml\",\n  \"PaloAltoPrismaCloudUpdatedResources.yaml\"\n]"
+}
diff --git a/Solutions/PaloAltoPrismaCloud/Package/3.0.0.zip b/Solutions/PaloAltoPrismaCloud/Package/3.0.0.zip
index 6fca1afe39d..0a1ba09386e 100644
Binary files a/Solutions/PaloAltoPrismaCloud/Package/3.0.0.zip and b/Solutions/PaloAltoPrismaCloud/Package/3.0.0.zip differ
diff --git a/Solutions/PaloAltoPrismaCloud/Package/mainTemplate.json b/Solutions/PaloAltoPrismaCloud/Package/mainTemplate.json
index da5ca364019..48cdc1663ef 100644
--- a/Solutions/PaloAltoPrismaCloud/Package/mainTemplate.json
+++ b/Solutions/PaloAltoPrismaCloud/Package/mainTemplate.json
@@ -38,94 +38,128 @@
     }
   },
   "variables": {
+    "solutionId": "azuresentinel.azure-sentinel-solution-paloaltoprisma",
+    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "PaloAltoPrismaCloud",
     "_solutionVersion": "3.0.0",
-    "solutionId": "azuresentinel.azure-sentinel-solution-paloaltoprisma",
-    "_solutionId": "[variables('solutionId')]",
+    "uiConfigId1": "PaloAltoPrismaCloud",
+    "_uiConfigId1": "[variables('uiConfigId1')]",
+    "dataConnectorContentId1": "PaloAltoPrismaCloud",
+    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
+    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+    "_dataConnectorId1": "[variables('dataConnectorId1')]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "parserName1": "PaloAltoPrismaCloud Data Parser",
+    "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
+    "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
+    "_parserId1": "[variables('parserId1')]",
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "PaloAltoPrismaCloud-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
+    "PrismaCloudCSPMCustomConnector": "PrismaCloudCSPMCustomConnector",
+    "_PrismaCloudCSPMCustomConnector": "[variables('PrismaCloudCSPMCustomConnector')]",
+    "TemplateEmptyArray": "[json('[]')]",
+    "blanks": "[replace('b', 'b', '')]",
+    "playbookVersion1": "1.0",
+    "playbookContentId1": "PrismaCloudCSPMCustomConnector",
+    "_playbookContentId1": "[variables('playbookContentId1')]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
+    "PrismaCloudCSPM-Enrichment": "PrismaCloudCSPM-Enrichment",
+    "_PrismaCloudCSPM-Enrichment": "[variables('PrismaCloudCSPM-Enrichment')]",
+    "playbookVersion2": "1.0",
+    "playbookContentId2": "PrismaCloudCSPM-Enrichment",
+    "_playbookContentId2": "[variables('playbookContentId2')]",
+    "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
+    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
+    "PrismaCloudCSPM-Remediation": "PrismaCloudCSPM-Remediation",
+    "_PrismaCloudCSPM-Remediation": "[variables('PrismaCloudCSPM-Remediation')]",
+    "playbookVersion3": "1.0",
+    "playbookContentId3": "PrismaCloudCSPM-Remediation",
+    "_playbookContentId3": "[variables('playbookContentId3')]",
+    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
+    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "PaloAltoPrismaCloudWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
     "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
-    "analyticRuleVersion1": "1.0.0",
+    "analyticRuleVersion1": "1.0.1",
     "analyticRulecontentId1": "777d4993-31bb-4d45-b949-84f58e09fa2f",
     "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
     "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
     "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
     "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
-    "analyticRuleVersion2": "1.0.0",
+    "analyticRuleVersion2": "1.0.1",
     "analyticRulecontentId2": "4264e133-eec2-438f-af85-05e869308f94",
     "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
     "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
     "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
     "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
-    "analyticRuleVersion3": "1.0.0",
+    "analyticRuleVersion3": "1.0.1",
     "analyticRulecontentId3": "df89f4bf-720e-41c5-a209-15e41e400d35",
     "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
     "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
     "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
     "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
-    "analyticRuleVersion4": "1.0.0",
+    "analyticRuleVersion4": "1.0.1",
     "analyticRulecontentId4": "6098b34a-1e6b-440a-9e3b-fb4d5944ade1",
     "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]",
     "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]",
     "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4'))))]",
     "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId4'),'-', variables('analyticRuleVersion4'))))]",
-    "analyticRuleVersion5": "1.0.0",
+    "analyticRuleVersion5": "1.0.1",
     "analyticRulecontentId5": "bd602b90-f7f9-4ae9-bf8c-3672a24deb39",
     "_analyticRulecontentId5": "[variables('analyticRulecontentId5')]",
     "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId5'))]",
     "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId5'))))]",
     "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId5'),'-', variables('analyticRuleVersion5'))))]",
-    "analyticRuleVersion6": "1.0.0",
+    "analyticRuleVersion6": "1.0.1",
     "analyticRulecontentId6": "617b02d8-0f47-4f3c-afed-1926a45e7b28",
     "_analyticRulecontentId6": "[variables('analyticRulecontentId6')]",
     "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId6'))]",
     "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId6'))))]",
     "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId6'),'-', variables('analyticRuleVersion6'))))]",
-    "analyticRuleVersion7": "1.0.0",
+    "analyticRuleVersion7": "1.0.1",
     "analyticRulecontentId7": "c5bf680f-fa37-47c3-9f38-e839a9b99c05",
     "_analyticRulecontentId7": "[variables('analyticRulecontentId7')]",
     "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId7'))]",
     "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId7'))))]",
     "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId7'),'-', variables('analyticRuleVersion7'))))]",
-    "analyticRuleVersion8": "1.0.0",
+    "analyticRuleVersion8": "1.0.1",
     "analyticRulecontentId8": "ac76d9c0-17a3-4aaa-a341-48f4c0b1c882",
     "_analyticRulecontentId8": "[variables('analyticRulecontentId8')]",
     "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId8'))]",
     "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId8'))))]",
     "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId8'),'-', variables('analyticRuleVersion8'))))]",
-    "analyticRuleVersion9": "1.0.0",
+    "analyticRuleVersion9": "1.0.1",
     "analyticRulecontentId9": "7f78fa52-9833-41de-b5c5-76e61b8af9c1",
     "_analyticRulecontentId9": "[variables('analyticRulecontentId9')]",
     "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId9'))]",
     "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId9'))))]",
     "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId9'),'-', variables('analyticRuleVersion9'))))]",
-    "analyticRuleVersion10": "1.0.0",
+    "analyticRuleVersion10": "1.0.1",
     "analyticRulecontentId10": "119a574d-f37a-403a-a67a-4d6f5083d9cf",
     "_analyticRulecontentId10": "[variables('analyticRulecontentId10')]",
     "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId10'))]",
     "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId10'))))]",
     "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId10'),'-', variables('analyticRuleVersion10'))))]",
-    "analyticRuleVersion11": "1.0.0",
+    "analyticRuleVersion11": "1.0.1",
     "analyticRulecontentId11": "4f688252-bf9b-4136-87bf-d540b5be1050",
     "_analyticRulecontentId11": "[variables('analyticRulecontentId11')]",
     "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId11'))]",
     "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId11'))))]",
     "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId11'),'-', variables('analyticRuleVersion11'))))]",
-    "parserName1": "PaloAltoPrismaCloud Data Parser",
-    "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
-    "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
-    "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "PaloAltoPrismaCloud-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
-    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
     "huntingQueryVersion1": "1.0.0",
     "huntingQuerycontentId1": "f2e509e5-6eda-4626-a167-2875eb9c48af",
     "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
@@ -180,311 +214,212 @@
     "huntingQueryId9": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId9'))]",
     "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId9'))))]",
     "_huntingQuerycontentProductId9": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId9'),'-', variables('huntingQueryVersion9'))))]",
-    "uiConfigId1": "PaloAltoPrismaCloud",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "PaloAltoPrismaCloud",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "PrismaCloudCSPMCustomConnector": "PrismaCloudCSPMCustomConnector",
-    "_PrismaCloudCSPMCustomConnector": "[variables('PrismaCloudCSPMCustomConnector')]",
-    "TemplateEmptyArray": "[json('[]')]",
-    "blanks": "[replace('b', 'b', '')]",
-    "playbookVersion1": "1.0",
-    "playbookContentId1": "PrismaCloudCSPMCustomConnector",
-    "_playbookContentId1": "[variables('playbookContentId1')]",
-    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]",
-    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
-    "PrismaCloudCSPM-Enrichment": "PrismaCloudCSPM-Enrichment",
-    "_PrismaCloudCSPM-Enrichment": "[variables('PrismaCloudCSPM-Enrichment')]",
-    "playbookVersion2": "1.0",
-    "playbookContentId2": "PrismaCloudCSPM-Enrichment",
-    "_playbookContentId2": "[variables('playbookContentId2')]",
-    "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
-    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
-    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
-    "PrismaCloudCSPM-Remediation": "PrismaCloudCSPM-Remediation",
-    "_PrismaCloudCSPM-Remediation": "[variables('PrismaCloudCSPM-Remediation')]",
-    "playbookVersion3": "1.0",
-    "playbookContentId3": "PrismaCloudCSPM-Remediation",
-    "_playbookContentId3": "[variables('playbookContentId3')]",
-    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
-    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
-    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
-    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]",
+    "prismaId": "string",
+    "_prismaId": "[variables('prismaId')]",
+    "assetId": "94e06523e93b9b0f15ed03da031c95d5",
+    "_assetId": "[variables('assetId')]",
+    "accountID": "any",
+    "_accountID": "[variables('accountID')]",
+    "resourceID": "string",
+    "_resourceID": "[variables('resourceID')]",
+    "imageID": "string",
+    "_imageID": "[variables('imageID')]"
   },
   "resources": [
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('workbookTemplateSpecName1')]",
+      "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAltoPrismaCloudOverviewWorkbook Workbook with template version 3.0.0",
+        "description": "PaloAltoPrismaCloud data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('workbookVersion1')]",
+          "contentVersion": "[variables('dataConnectorVersion1')]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.Insights/workbooks",
-              "name": "[variables('workbookContentId1')]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
-              "kind": "shared",
-              "apiVersion": "2021-08-01",
-              "metadata": {
-                "description": "Sets the time name for analysis."
-              },
-              "properties": {
-                "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Palo Alto Prisma Cloud Overview\\n---\\n**NOTE**: This workbook depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"600df9d4-1fb8-4255-a77e-27f5d12a5097\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"value\":{\"durationMs\":2592000000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":7776000000}]},\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\n| make-series TotalEvents = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain};\",\"size\":0,\"title\":\"Events over time\",\"color\":\"grayBlue\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"areachart\",\"tileSettings\":{\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"query - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(ResourceRegion)\\r\\n| summarize count() by ResourceRegion\",\"size\":3,\"title\":\"Events by Region\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(ResourceCloudType)\\r\\n| summarize count() by ResourceCloudType\",\"size\":3,\"title\":\"Events by Cloud type\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 1\"}]},\"customWidth\":\"50\",\"name\":\"group - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| summarize Low = countif(AlertSeverity =~ \\\"low\\\"), Medium = countif(AlertSeverity == \\\"medium\\\"), High = countif(AlertSeverity == \\\"high\\\") by bin_at(TimeGenerated, 1h, now())\",\"size\":0,\"title\":\"Alerts over time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"scatterchart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Low\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"color\":\"orange\"},{\"seriesName\":\"High\",\"color\":\"redBright\"}]}},\"customWidth\":\"55\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where Status =~ 'open'\\r\\n| project AlertId, AlertSeverity, AlertMessage\",\"size\":0,\"title\":\"Open Alerts\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"customWidth\":\"40\",\"name\":\"query - 2\",\"styleSettings\":{\"margin\":\"20px\"}}]},\"name\":\"group - 4\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(SrcIpAddr)\\r\\n| summarize count() by SrcIpAddr\\r\\n| top 10 by count_ desc\",\"size\":3,\"title\":\"Top Sources\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"30\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let u1 = PaloAltoPrismaCloud\\r\\n| where isnotempty(PolicyLastModifiedBy)\\r\\n| project User = PolicyLastModifiedBy;\\r\\nlet u2 = PaloAltoPrismaCloud\\r\\n| where isnotempty(UserName)\\r\\n| project User = UserName;\\r\\nlet users = union u1, u2;\\r\\nusers\\r\\n| summarize Actions = count() by User\\r\\n| top 10 by Actions desc\\r\\n\\r\\n\",\"size\":3,\"title\":\"Top Users\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Actions\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"30\",\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where ResourceType =~ 'Login'\\r\\n| extend TimeFromNow = now() - TimeGenerated\\r\\n| extend TimeAgo = strcat(case(TimeFromNow < 2m, strcat(toint(TimeFromNow / 1m), ' seconds'), TimeFromNow < 2h, strcat(toint(TimeFromNow / 1m), ' minutes'), TimeFromNow < 2d, strcat(toint(TimeFromNow / 1h), ' hours'), strcat(toint(TimeFromNow / 1d), ' days')), ' ago')\\r\\n| project User= UserName, ['Source IP'] = SrcIpAddr, ['Login Result'] = strcat(iff(EventResult == 'Success', '✔️', '❌'), ' ', EventResult), ['Login Time'] = TimeAgo\",\"size\":0,\"title\":\"User Logins\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"customWidth\":\"35\",\"name\":\"query - 2\"}]},\"name\":\"group - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(AlertMessage)\\r\\n| top 10 by TimeGenerated desc\\r\\n| extend NumSeverity = case(AlertSeverity =~ 'low', 1, AlertSeverity =~ 'medium', 2, 3)\\r\\n| project ['Alert Time'] = TimeGenerated, ['Alert Message'] = AlertMessage, ['Severity'] = NumSeverity, ResourceRegionId, ResourceId\",\"size\":0,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Severity\",\"formatter\":8,\"formatOptions\":{\"min\":1,\"max\":3,\"palette\":\"orangeRed\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":false}}}]}},\"name\":\"query - 6\"}],\"fromTemplateId\":\"sentinel-PaloAltoPrismaCloudWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
-                "version": "1.0",
-                "sourceId": "[variables('workspaceResourceId')]",
-                "category": "sentinel"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
+              "kind": "GenericUI",
               "properties": {
-                "description": "@{workbookKey=PaloAltoPrismaCloudWorkbook; logoFileName=paloalto_logo.svg; description=Sets the time name for analysis.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Palo Alto Prisma; templateRelativePath=PaloAltoPrismaCloudOverview.json; subtitle=; provider=Microsoft}.description",
-                "parentId": "[variables('workbookId1')]",
-                "contentId": "[variables('_workbookContentId1')]",
-                "kind": "Workbook",
-                "version": "[variables('workbookVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                },
-                "dependencies": {
-                  "operator": "AND",
-                  "criteria": [
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId1')]",
+                  "title": "Palo Alto Prisma Cloud CSPM (using Azure Functions)",
+                  "publisher": "Palo Alto",
+                  "descriptionMarkdown": "The Palo Alto Prisma Cloud CSPM data connector provides the capability to ingest [Prisma Cloud CSPM alerts](https://prisma.pan.dev/api/cloud/cspm/alerts#operation/get-alerts) and [audit logs](https://prisma.pan.dev/api/cloud/cspm/audit-logs#operation/rl-audit-logs) into Microsoft sentinel using the Prisma Cloud CSPM API. Refer to [Prisma Cloud CSPM API documentation](https://prisma.pan.dev/api/cloud/cspm) for more information.",
+                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution.",
+                  "graphQueries": [
                     {
-                      "contentId": "PaloAltoPrismaCloudAlert_CL",
-                      "kind": "DataType"
+                      "metricName": "Prisma Cloud alerts",
+                      "legend": "PaloAltoPrismaCloudAlert_CL",
+                      "baseQuery": "PaloAltoPrismaCloudAlert_CL"
                     },
                     {
-                      "contentId": "PaloAltoPrismaCloudAudit_CL",
-                      "kind": "DataType"
+                      "metricName": "Prisma Cloud audit logs",
+                      "legend": "PaloAltoPrismaCloudAudit_CL",
+                      "baseQuery": "PaloAltoPrismaCloudAudit_CL"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "All Prisma Cloud alerts",
+                      "query": "PaloAltoPrismaCloudAlert_CL\n| sort by TimeGenerated desc"
                     },
                     {
-                      "contentId": "PaloAltoPrismaCloud",
-                      "kind": "DataConnector"
+                      "description": "All Prisma Cloud audit logs",
+                      "query": "PaloAltoPrismaCloudAudit_CL\n| sort by TimeGenerated desc"
                     }
-                  ]
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_workbookContentId1')]",
-        "contentKind": "Workbook",
-        "displayName": "[parameters('workbook1-name')]",
-        "contentProductId": "[variables('_workbookcontentProductId1')]",
-        "id": "[variables('_workbookcontentProductId1')]",
-        "version": "[variables('workbookVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudAclAccessKeysNotRotated_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId1')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects access keys which were not rotated for 90 days.",
-                "displayName": "Palo Alto Prisma Cloud - Access keys are not rotated for 90 days",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'access keys are not rotated for 90 days'\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "P1D",
-                "queryPeriod": "P1D",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1078"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 1",
-                "parentId": "[variables('analyticRuleId1')]",
-                "contentId": "[variables('_analyticRulecontentId1')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId1')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Access keys are not rotated for 90 days",
-        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
-        "id": "[variables('_analyticRulecontentProductId1')]",
-        "version": "[variables('analyticRuleVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudAclAllowAllOut_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId2')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects network ACLs with outbound rule to allow all traffic.",
-                "displayName": "Palo Alto Prisma Cloud - Network ACL allow all outbound traffic",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'Network ACLs with Outbound rule to allow All Traffic'\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1133"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "PaloAltoPrismaCloudAlert_CL",
+                      "lastDataReceivedQuery": "PaloAltoPrismaCloudAlert_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    },
+                    {
+                      "name": "PaloAltoPrismaCloudAudit_CL",
+                      "lastDataReceivedQuery": "PaloAltoPrismaCloudAudit_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "PaloAltoPrismaCloudAlert_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)",
+                        "PaloAltoPrismaCloudAudit_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions on the workspace are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
                       }
                     ],
-                    "entityType": "Account"
-                  }
-                ]
+                    "customs": [
+                      {
+                        "name": "Microsoft.Web/sites permissions",
+                        "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
+                      },
+                      {
+                        "name": "Palo Alto Prisma Cloud API Credentials",
+                        "description": "**Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key** are required for Prisma Cloud API connection. See the documentation to learn more about [creating Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and about [obtaining Prisma Cloud API Url](https://prisma.pan.dev/api/cloud/api-urls)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": ">**NOTE:** This connector uses Azure Functions to connect to the Palo Alto Prisma Cloud REST API to pull logs into Microsoft sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
+                    },
+                    {
+                      "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
+                    },
+                    {
+                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution."
+                    },
+                    {
+                      "description": "**STEP 1 - Configuration of the Prisma Cloud**\n\nFollow the documentation to [create Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and [obtain Prisma Cloud API Url](https://api.docs.prismacloud.io/reference)\n\n NOTE: Please use SYSTEM ADMIN role for giving access to Prisma Cloud API because only SYSTEM ADMIN role is allowed to View Prisma Cloud Audit Logs. Refer to [Prisma Cloud Administrator Permissions (paloaltonetworks.com)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions) for more details of administrator permissions."
+                    },
+                    {
+                      "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Prisma Cloud data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Prisma Cloud API credentials, readily available.",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "fillWith": [
+                              "WorkspaceId"
+                            ],
+                            "label": "Workspace ID"
+                          },
+                          "type": "CopyableLabel"
+                        },
+                        {
+                          "parameters": {
+                            "fillWith": [
+                              "PrimaryKey"
+                            ],
+                            "label": "Primary Key"
+                          },
+                          "type": "CopyableLabel"
+                        }
+                      ]
+                    },
+                    {
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "instructionSteps": [
+                              {
+                                "title": "Option 1 - Azure Resource Manager (ARM) Template",
+                                "description": "Use this method for automated deployment of the Prisma Cloud data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-PaloAltoPrismaCloud-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key**, **Microsoft sentinel Workspace Id**, **Microsoft sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy."
+                              },
+                              {
+                                "title": "Option 2 - Manual Deployment of Azure Functions",
+                                "description": "Use the following step-by-step instructions to deploy the Prisma Cloud data connector manually with Azure Functions (Deployment via Visual Studio Code).",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "instructionSteps": [
+                                        {
+                                          "title": "Step 1 - Deploy a Function App",
+                                          "description": "**NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-PaloAltoPrismaCloud-functionapp) file. Extract archive to your local development computer.\n2. Follow the [function app manual deployment instructions](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AzureFunctionsManualDeployment.md#function-app-manual-deployment-instructions) to deploy the Azure Functions app using VSCode.\n3. After successful deployment of the function app, follow next steps for configuring it."
+                                        },
+                                        {
+                                          "title": "Step 2 - Configure the Function App",
+                                          "description": "1. Go to Azure Portal for the Function App configuration.\n2. In the Function App, select the Function App Name and select **Configuration**.\n3. In the **Application settings** tab, select **+ New application setting**.\n4. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tPrismaCloudAPIUrl\n\t\tPrismaCloudAccessKeyID\n\t\tPrismaCloudSecretKey\n\t\tAzureSentinelWorkspaceId\n\t\tAzureSentinelSharedKey\n\t\tlogAnalyticsUri (Optional)\n - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://WORKSPACE_ID.ods.opinsights.azure.us`. \n5. Once all application settings have been entered, click **Save**."
+                                        }
+                                      ]
+                                    },
+                                    "type": "InstructionStepsGroup"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    }
+                  ]
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 2",
-                "parentId": "[variables('analyticRuleId2')]",
-                "contentId": "[variables('_analyticRulecontentId2')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion2')]",
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+                "contentId": "[variables('_dataConnectorContentId1')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion1')]",
                 "source": {
                   "kind": "Solution",
                   "name": "PaloAltoPrismaCloud",
@@ -509,72 +444,245 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId2')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Network ACL allow all outbound traffic",
-        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
-        "id": "[variables('_analyticRulecontentProductId2')]",
-        "version": "[variables('analyticRuleVersion2')]"
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Palo Alto Prisma Cloud CSPM (using Azure Functions)",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName3')]",
-      "location": "[parameters('workspace-location')]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+        "[variables('_dataConnectorId1')]"
       ],
+      "location": "[parameters('workspace-location')]",
       "properties": {
-        "description": "PaloAltoPrismaCloudAclAllowInToAdminPort_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion3')]",
-          "parameters": {},
-          "variables": {},
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "PaloAltoPrismaCloud",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Microsoft Corporation",
+          "email": "support@microsoft.com",
+          "tier": "Microsoft",
+          "link": "https://support.microsoft.com"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Palo Alto Prisma Cloud CSPM (using Azure Functions)",
+          "publisher": "Palo Alto",
+          "descriptionMarkdown": "The Palo Alto Prisma Cloud CSPM data connector provides the capability to ingest [Prisma Cloud CSPM alerts](https://prisma.pan.dev/api/cloud/cspm/alerts#operation/get-alerts) and [audit logs](https://prisma.pan.dev/api/cloud/cspm/audit-logs#operation/rl-audit-logs) into Microsoft sentinel using the Prisma Cloud CSPM API. Refer to [Prisma Cloud CSPM API documentation](https://prisma.pan.dev/api/cloud/cspm) for more information.",
+          "graphQueries": [
+            {
+              "metricName": "Prisma Cloud alerts",
+              "legend": "PaloAltoPrismaCloudAlert_CL",
+              "baseQuery": "PaloAltoPrismaCloudAlert_CL"
+            },
+            {
+              "metricName": "Prisma Cloud audit logs",
+              "legend": "PaloAltoPrismaCloudAudit_CL",
+              "baseQuery": "PaloAltoPrismaCloudAudit_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "PaloAltoPrismaCloudAlert_CL",
+              "lastDataReceivedQuery": "PaloAltoPrismaCloudAlert_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            },
+            {
+              "name": "PaloAltoPrismaCloudAudit_CL",
+              "lastDataReceivedQuery": "PaloAltoPrismaCloudAudit_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "PaloAltoPrismaCloudAlert_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)",
+                "PaloAltoPrismaCloudAudit_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "All Prisma Cloud alerts",
+              "query": "PaloAltoPrismaCloudAlert_CL\n| sort by TimeGenerated desc"
+            },
+            {
+              "description": "All Prisma Cloud audit logs",
+              "query": "PaloAltoPrismaCloudAudit_CL\n| sort by TimeGenerated desc"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions on the workspace are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "name": "Microsoft.Web/sites permissions",
+                "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
+              },
+              {
+                "name": "Palo Alto Prisma Cloud API Credentials",
+                "description": "**Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key** are required for Prisma Cloud API connection. See the documentation to learn more about [creating Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and about [obtaining Prisma Cloud API Url](https://prisma.pan.dev/api/cloud/api-urls)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": ">**NOTE:** This connector uses Azure Functions to connect to the Palo Alto Prisma Cloud REST API to pull logs into Microsoft sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
+            },
+            {
+              "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
+            },
+            {
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution."
+            },
+            {
+              "description": "**STEP 1 - Configuration of the Prisma Cloud**\n\nFollow the documentation to [create Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and [obtain Prisma Cloud API Url](https://api.docs.prismacloud.io/reference)\n\n NOTE: Please use SYSTEM ADMIN role for giving access to Prisma Cloud API because only SYSTEM ADMIN role is allowed to View Prisma Cloud Audit Logs. Refer to [Prisma Cloud Administrator Permissions (paloaltonetworks.com)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions) for more details of administrator permissions."
+            },
+            {
+              "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Prisma Cloud data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Prisma Cloud API credentials, readily available.",
+              "instructions": [
+                {
+                  "parameters": {
+                    "fillWith": [
+                      "WorkspaceId"
+                    ],
+                    "label": "Workspace ID"
+                  },
+                  "type": "CopyableLabel"
+                },
+                {
+                  "parameters": {
+                    "fillWith": [
+                      "PrimaryKey"
+                    ],
+                    "label": "Primary Key"
+                  },
+                  "type": "CopyableLabel"
+                }
+              ]
+            },
+            {
+              "instructions": [
+                {
+                  "parameters": {
+                    "instructionSteps": [
+                      {
+                        "title": "Option 1 - Azure Resource Manager (ARM) Template",
+                        "description": "Use this method for automated deployment of the Prisma Cloud data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-PaloAltoPrismaCloud-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key**, **Microsoft sentinel Workspace Id**, **Microsoft sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy."
+                      },
+                      {
+                        "title": "Option 2 - Manual Deployment of Azure Functions",
+                        "description": "Use the following step-by-step instructions to deploy the Prisma Cloud data connector manually with Azure Functions (Deployment via Visual Studio Code).",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "instructionSteps": [
+                                {
+                                  "title": "Step 1 - Deploy a Function App",
+                                  "description": "**NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-PaloAltoPrismaCloud-functionapp) file. Extract archive to your local development computer.\n2. Follow the [function app manual deployment instructions](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AzureFunctionsManualDeployment.md#function-app-manual-deployment-instructions) to deploy the Azure Functions app using VSCode.\n3. After successful deployment of the function app, follow next steps for configuring it."
+                                },
+                                {
+                                  "title": "Step 2 - Configure the Function App",
+                                  "description": "1. Go to Azure Portal for the Function App configuration.\n2. In the Function App, select the Function App Name and select **Configuration**.\n3. In the **Application settings** tab, select **+ New application setting**.\n4. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tPrismaCloudAPIUrl\n\t\tPrismaCloudAccessKeyID\n\t\tPrismaCloudSecretKey\n\t\tAzureSentinelWorkspaceId\n\t\tAzureSentinelSharedKey\n\t\tlogAnalyticsUri (Optional)\n - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://WORKSPACE_ID.ods.opinsights.azure.us`. \n5. Once all application settings have been entered, click **Save**."
+                                }
+                              ]
+                            },
+                            "type": "InstructionStepsGroup"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            }
+          ],
+          "id": "[variables('_uiConfigId1')]",
+          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution."
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloud Data Parser with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('parserVersion1')]",
+          "parameters": {},
+          "variables": {},
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId3')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
+              "name": "[variables('_parserName1')]",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Detects Network ACLs allow ingress traffic to server administration ports.",
-                "displayName": "Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'Network ACLs allow ingress traffic to server administration ports'\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1133"
-                ],
-                "entityMappings": [
+                "eTag": "*",
+                "displayName": "PaloAltoPrismaCloud Data Parser",
+                "category": "Samples",
+                "functionAlias": "PaloAltoPrismaCloud",
+                "query": "\nlet Audit_view = view () { \n    PaloAltoPrismaCloudAudit_CL\n    | extend \n        EventType='PaloAltoPrismaCloudAudit',\n        user=iff(isnotempty(column_ifexists('user_s', '')), column_ifexists('user_s', ''), column_ifexists('user_g', '')),\n        resourceName=iff(isnotempty(column_ifexists('resourceName_s', '')), column_ifexists('resourceName_s', ''), column_ifexists('resourceName_g', '')),\n        timestamp_d=column_ifexists('timestamp_d', ''),\n        IPAddress=column_ifexists('IPAddress', ''),\n        ResourceType=column_ifexists('ResourceType', ''),\n        action_s=column_ifexists('action_s', ''),\n        result_s=column_ifexists('result_s', '')\n    | project-rename  \n        UserName=user,\n        ResourceName=resourceName,\n        EventEndTime=timestamp_d,\n        SrcIpAddr=IPAddress,\n        EventMessage=action_s,\n        EventResult=result_s\n    | project-away\n        user_s,\n        resourceName_s\n};\nlet Alert_view = view () { \n    PaloAltoPrismaCloudAlert_CL\n    | extend \n        EventType='PaloAltoPrismaCloudAlert',\n        reason_s=column_ifexists('reason_s', ''),\n        policy_name_s=column_ifexists('policy_name_s', ''),\n        policy_description_s=column_ifexists('policy_description_s', ''),\n        policy_severity_s=column_ifexists('policy_severity_s', ''),\n        policy_recommendation_s=column_ifexists('policy_recommendation_s', ''),\n        policy_labels_s=column_ifexists('policy_labels_s', ''),\n        policy_lastModifiedOn_d=column_ifexists('policy_lastModifiedOn_d', ''),\n        policy_lastModifiedBy_s=column_ifexists('policy_lastModifiedBy_s', ''),\n        policy_deleted_b=column_ifexists('policy_deleted_b', ''),\n        policy_remediation_description_s=column_ifexists('policy_remediation_description_s', ''),\n        policy_remediation_impact_s=column_ifexists('policy_remediation_impact_s', ''),\n        policy_remediation_cliScriptTemplate_s=column_ifexists('policy_remediation_cliScriptTemplate_s', ''),\n        history_s=column_ifexists('history_s', ''),\n        resource_data_mfa_active_b=column_ifexists('resource_data_mfa_active_b', ''),\n        resource_data_cert_1_active_b=column_ifexists('resource_data_cert_1_active_b', ''),\n        resource_data_cert_2_active_b=column_ifexists('resource_data_cert_2_active_b', ''),\n        resource_data_password_enabled_s=column_ifexists('resource_data_password_enabled_s', ''),\n        resource_data_password_last_used_s=column_ifexists('resource_data_password_last_used_s', ''),\n        resource_data_user_creation_time_t=column_ifexists('resource_data_user_creation_time_t', ''),\n        resource_data_access_key_1_active_b=column_ifexists('resource_data_access_key_1_active_b', ''),\n        resource_data_access_key_2_active_b=column_ifexists('resource_data_access_key_2_active_b', ''),\n        resource_data_cert_1_last_rotated_s=column_ifexists('resource_data_cert_1_last_rotated_s', ''),\n        resource_data_cert_2_last_rotated_s=column_ifexists('resource_data_cert_2_last_rotated_s', ''),\n        resource_data_password_last_changed_s=column_ifexists('resource_data_password_last_changed_s', ''),\n        resource_data_password_next_rotation_s=column_ifexists('resource_data_password_next_rotation_s', ''),\n        resource_data_access_key_1_last_rotated_t=column_ifexists('resource_data_access_key_1_last_rotated_t', ''),\n        resource_data_access_key_2_last_rotated_s=column_ifexists('resource_data_access_key_2_last_rotated_s', ''),\n        resource_data_access_key_1_last_used_date_t=column_ifexists('resource_data_access_key_1_last_used_date_t', ''),\n        resource_data_access_key_2_last_used_date_s=column_ifexists('resource_data_access_key_2_last_used_date_s', ''),\n        resource_data_access_key_1_last_used_region_s=column_ifexists('resource_data_access_key_1_last_used_region_s', ''),\n        resource_data_access_key_2_last_used_region_s=column_ifexists('resource_data_access_key_2_last_used_region_s', ''),\n        resource_data_access_key_1_last_used_service_s=column_ifexists('resource_data_access_key_1_last_used_service_s', ''),\n        resource_data_access_key_2_last_used_service_s=column_ifexists('resource_data_access_key_2_last_used_service_s', ''),\n        resource_rrn_s=column_ifexists('resource_rrn_s', ''),\n        resource_name_s=column_ifexists('resource_name_s', ''),\n        resource_account_s=column_ifexists('resource_account_s', ''),\n        resource_accountId_s=column_ifexists('resource_accountId_s', ''),\n        resource_cloudAccountGroups_s=column_ifexists('resource_cloudAccountGroups_s', ''),\n        resource_region_s=column_ifexists('resource_region_s', ''),\n        resource_regionId_s=column_ifexists('resource_regionId_s', ''),\n        resource_resourceType_s=column_ifexists('resource_resourceType_s', ''),\n        resource_resourceApiName_s=column_ifexists('resource_resourceApiName_s', ''),\n        resource_url_s=column_ifexists('resource_url_s', ''),\n        resource_data_arn_s=column_ifexists('resource_data_arn_s', ''),\n        resource_data_user_s=column_ifexists('resource_data_user_s', ''),\n        resource_additionalInfo_accessKeyAge_s=column_ifexists('resource_additionalInfo_accessKeyAge_s', ''),\n        resource_additionalInfo_inactiveSinceTs_s=column_ifexists('resource_additionalInfo_inactiveSinceTs_s', ''),\n        resource_cloudType_s=column_ifexists('resource_cloudType_s', ''),\n        resource_resourceTs_d=column_ifexists('resource_resourceTs_d', ''),\n        id_s=column_ifexists('id_s', ''),\n        policy_policyId_g=column_ifexists('policy_policyId_g', ''),\n        policy_policyType_s=column_ifexists('policy_policyType_s', ''),\n        policy_systemDefault_b=column_ifexists('policy_systemDefault_b', ''),\n        policy_remediable_b=column_ifexists('policy_remediable_b', ''),\n        alertRules_s=column_ifexists('alertRules_s', ''),\n        riskDetail_riskScore_score_d=column_ifexists('riskDetail_riskScore_score_d', ''),\n        riskDetail_riskScore_maxScore_d=column_ifexists('riskDetail_riskScore_maxScore_d', ''),\n        riskDetail_rating_s=column_ifexists('riskDetail_rating_s', ''),\n        riskDetail_score_s=column_ifexists('riskDetail_score_s', ''),\n        status_s=column_ifexists('status_s', ''),\n        firstSeen_d=column_ifexists('firstSeen_d', ''),\n        lastSeen_d=column_ifexists('lastSeen_d', ''),\n        alertTime_d=column_ifexists('alertTime_d', ''),\n        resource_id=iff(isnotempty(column_ifexists('resource_id_s', '')), column_ifexists('resource_id_s', ''), column_ifexists('resource_id_g', ''))\n    | project-rename\n        Reason=reason_s,\n        AlertMessage=policy_name_s,\n        AlertDescription=policy_description_s,\n        AlertSeverity=policy_severity_s,\n        PolicyRecommendation=policy_recommendation_s,\n        PolicyLabels=policy_labels_s,\n        PolicyLastModifiedOn=policy_lastModifiedOn_d,\n        PolicyLastModifiedBy=policy_lastModifiedBy_s,\n        PolicyDeleted=policy_deleted_b,\n        PolicyRemediationDescription=policy_remediation_description_s,\n        PolicyRemediationImpact=policy_remediation_impact_s,\n        PolicyRemediationCliScriptTemplate=policy_remediation_cliScriptTemplate_s,\n        ResourceId=resource_id,\n        History=history_s,\n        ResourceDataMfaActive=resource_data_mfa_active_b,\n        ResourceDataCert1Active=resource_data_cert_1_active_b,\n        ResourceDataCert2Active=resource_data_cert_2_active_b,\n        ResourceDataPasswordEnabled=resource_data_password_enabled_s,\n        ResourceDataPasswordLastUsed=resource_data_password_last_used_s,\n        ResourceDataUserCreationTime=resource_data_user_creation_time_t,\n        ResourceDataAccessKey1Active=resource_data_access_key_1_active_b,\n        ResourceDataAccessKey2Active=resource_data_access_key_2_active_b,\n        ResourceDataCert1LastRotated=resource_data_cert_1_last_rotated_s,\n        ResourceDataCert2LastRotated=resource_data_cert_2_last_rotated_s,\n        ResourceDataPasswordLastChanged=resource_data_password_last_changed_s,\n        ResourceDataPasswordNextRotation=resource_data_password_next_rotation_s,\n        ResourceDataAccessKey1LastRotated=resource_data_access_key_1_last_rotated_t,\n        ResourceDataAccessKey2LastRotated=resource_data_access_key_2_last_rotated_s,\n        ResourceDataAccessKey1LastUsedDate=resource_data_access_key_1_last_used_date_t,\n        ResourceDataAccessKey2LastUsedDate=resource_data_access_key_2_last_used_date_s,\n        ResourceDataAccessKey1LastUsedRegion=resource_data_access_key_1_last_used_region_s,\n        ResourceDataAccessKey2LastUsedRegion=resource_data_access_key_2_last_used_region_s,\n        ResourceDataAccessKey1LastUsedService=resource_data_access_key_1_last_used_service_s,\n        ResourceDataAccessKey2LastUsedService=resource_data_access_key_2_last_used_service_s,\n        ResourceRrn=resource_rrn_s,\n        ResourceName=resource_name_s,\n        ResourceAccount=resource_account_s,\n        ResourceAccountId=resource_accountId_s,\n        ResourceCloudAccountGroups=resource_cloudAccountGroups_s,\n        ResourceRegion=resource_region_s,\n        ResourceRegionId=resource_regionId_s,\n        ResourceResourceType=resource_resourceType_s,\n        ResourceResourceApiName=resource_resourceApiName_s,\n        ResourceUrl=resource_url_s,\n        ResourceDataArn=resource_data_arn_s,\n        ResourceDataUser=resource_data_user_s,\n        ResourceAdditionalInfoAccessKeyAge=resource_additionalInfo_accessKeyAge_s,\n        ResourceAdditionalInfoInactiveSinceTs=resource_additionalInfo_inactiveSinceTs_s,\n        ResourceCloudType=resource_cloudType_s,\n        ResourceResourceTs=resource_resourceTs_d,\n        AlertId=id_s,\n        PolicyPolicyId=policy_policyId_g,\n        PolicyPolicyType=policy_policyType_s,\n        PolicySystemDefault=policy_systemDefault_b,\n        PolicyRemediable=policy_remediable_b,\n        AlertRules=alertRules_s,\n        RiskDetailRiskScoreScore=riskDetail_riskScore_score_d,\n        RiskDetailRiskScoreMaxScore=riskDetail_riskScore_maxScore_d,\n        RiskDetailRating=riskDetail_rating_s,\n        RiskDetailScore=riskDetail_score_s,\n        Status=status_s,\n        FirstSeen=firstSeen_d,\n        LastSeen=lastSeen_d,\n        AlertTime=alertTime_d\n    | project-away\n        resource_id_s\n};\nunion isfuzzy=true Alert_view, Audit_view",
+                "functionParameters": "",
+                "version": 1,
+                "tags": [
                   {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
+                    "name": "description",
+                    "value": "PaloAltoPrismaCloud Data Parser"
                   }
                 ]
               }
@@ -582,16 +690,18 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
+              "dependsOn": [
+                "[variables('_parserName1')]"
+              ],
               "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 3",
-                "parentId": "[variables('analyticRuleId3')]",
-                "contentId": "[variables('_analyticRulecontentId3')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion3')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
+                "contentId": "[variables('_parserContentId1')]",
+                "kind": "Parser",
+                "version": "[variables('parserVersion1')]",
                 "source": {
-                  "kind": "Solution",
                   "name": "PaloAltoPrismaCloud",
+                  "kind": "Solution",
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
@@ -613,2390 +723,289 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId3')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports",
-        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
-        "id": "[variables('_analyticRulecontentProductId3')]",
-        "version": "[variables('analyticRuleVersion3')]"
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "PaloAltoPrismaCloud Data Parser",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName4')]",
+      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+      "apiVersion": "2022-10-01",
+      "name": "[variables('_parserName1')]",
       "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
       "properties": {
-        "description": "PaloAltoPrismaCloudAclInAllowAll_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion4')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId4')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects Network ACLs with Inbound rule to allow All Traffic.",
-                "displayName": "Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'Network ACLs with Inbound rule to allow All Traffic'\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1133"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 4",
-                "parentId": "[variables('analyticRuleId4')]",
-                "contentId": "[variables('_analyticRulecontentId4')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion4')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId4')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic",
-        "contentProductId": "[variables('_analyticRulecontentProductId4')]",
-        "id": "[variables('_analyticRulecontentProductId4')]",
-        "version": "[variables('analyticRuleVersion4')]"
+        "eTag": "*",
+        "displayName": "PaloAltoPrismaCloud Data Parser",
+        "category": "Samples",
+        "functionAlias": "PaloAltoPrismaCloud",
+        "query": "\nlet Audit_view = view () { \n    PaloAltoPrismaCloudAudit_CL\n    | extend \n        EventType='PaloAltoPrismaCloudAudit',\n        user=iff(isnotempty(column_ifexists('user_s', '')), column_ifexists('user_s', ''), column_ifexists('user_g', '')),\n        resourceName=iff(isnotempty(column_ifexists('resourceName_s', '')), column_ifexists('resourceName_s', ''), column_ifexists('resourceName_g', '')),\n        timestamp_d=column_ifexists('timestamp_d', ''),\n        IPAddress=column_ifexists('IPAddress', ''),\n        ResourceType=column_ifexists('ResourceType', ''),\n        action_s=column_ifexists('action_s', ''),\n        result_s=column_ifexists('result_s', '')\n    | project-rename  \n        UserName=user,\n        ResourceName=resourceName,\n        EventEndTime=timestamp_d,\n        SrcIpAddr=IPAddress,\n        EventMessage=action_s,\n        EventResult=result_s\n    | project-away\n        user_s,\n        resourceName_s\n};\nlet Alert_view = view () { \n    PaloAltoPrismaCloudAlert_CL\n    | extend \n        EventType='PaloAltoPrismaCloudAlert',\n        reason_s=column_ifexists('reason_s', ''),\n        policy_name_s=column_ifexists('policy_name_s', ''),\n        policy_description_s=column_ifexists('policy_description_s', ''),\n        policy_severity_s=column_ifexists('policy_severity_s', ''),\n        policy_recommendation_s=column_ifexists('policy_recommendation_s', ''),\n        policy_labels_s=column_ifexists('policy_labels_s', ''),\n        policy_lastModifiedOn_d=column_ifexists('policy_lastModifiedOn_d', ''),\n        policy_lastModifiedBy_s=column_ifexists('policy_lastModifiedBy_s', ''),\n        policy_deleted_b=column_ifexists('policy_deleted_b', ''),\n        policy_remediation_description_s=column_ifexists('policy_remediation_description_s', ''),\n        policy_remediation_impact_s=column_ifexists('policy_remediation_impact_s', ''),\n        policy_remediation_cliScriptTemplate_s=column_ifexists('policy_remediation_cliScriptTemplate_s', ''),\n        history_s=column_ifexists('history_s', ''),\n        resource_data_mfa_active_b=column_ifexists('resource_data_mfa_active_b', ''),\n        resource_data_cert_1_active_b=column_ifexists('resource_data_cert_1_active_b', ''),\n        resource_data_cert_2_active_b=column_ifexists('resource_data_cert_2_active_b', ''),\n        resource_data_password_enabled_s=column_ifexists('resource_data_password_enabled_s', ''),\n        resource_data_password_last_used_s=column_ifexists('resource_data_password_last_used_s', ''),\n        resource_data_user_creation_time_t=column_ifexists('resource_data_user_creation_time_t', ''),\n        resource_data_access_key_1_active_b=column_ifexists('resource_data_access_key_1_active_b', ''),\n        resource_data_access_key_2_active_b=column_ifexists('resource_data_access_key_2_active_b', ''),\n        resource_data_cert_1_last_rotated_s=column_ifexists('resource_data_cert_1_last_rotated_s', ''),\n        resource_data_cert_2_last_rotated_s=column_ifexists('resource_data_cert_2_last_rotated_s', ''),\n        resource_data_password_last_changed_s=column_ifexists('resource_data_password_last_changed_s', ''),\n        resource_data_password_next_rotation_s=column_ifexists('resource_data_password_next_rotation_s', ''),\n        resource_data_access_key_1_last_rotated_t=column_ifexists('resource_data_access_key_1_last_rotated_t', ''),\n        resource_data_access_key_2_last_rotated_s=column_ifexists('resource_data_access_key_2_last_rotated_s', ''),\n        resource_data_access_key_1_last_used_date_t=column_ifexists('resource_data_access_key_1_last_used_date_t', ''),\n        resource_data_access_key_2_last_used_date_s=column_ifexists('resource_data_access_key_2_last_used_date_s', ''),\n        resource_data_access_key_1_last_used_region_s=column_ifexists('resource_data_access_key_1_last_used_region_s', ''),\n        resource_data_access_key_2_last_used_region_s=column_ifexists('resource_data_access_key_2_last_used_region_s', ''),\n        resource_data_access_key_1_last_used_service_s=column_ifexists('resource_data_access_key_1_last_used_service_s', ''),\n        resource_data_access_key_2_last_used_service_s=column_ifexists('resource_data_access_key_2_last_used_service_s', ''),\n        resource_rrn_s=column_ifexists('resource_rrn_s', ''),\n        resource_name_s=column_ifexists('resource_name_s', ''),\n        resource_account_s=column_ifexists('resource_account_s', ''),\n        resource_accountId_s=column_ifexists('resource_accountId_s', ''),\n        resource_cloudAccountGroups_s=column_ifexists('resource_cloudAccountGroups_s', ''),\n        resource_region_s=column_ifexists('resource_region_s', ''),\n        resource_regionId_s=column_ifexists('resource_regionId_s', ''),\n        resource_resourceType_s=column_ifexists('resource_resourceType_s', ''),\n        resource_resourceApiName_s=column_ifexists('resource_resourceApiName_s', ''),\n        resource_url_s=column_ifexists('resource_url_s', ''),\n        resource_data_arn_s=column_ifexists('resource_data_arn_s', ''),\n        resource_data_user_s=column_ifexists('resource_data_user_s', ''),\n        resource_additionalInfo_accessKeyAge_s=column_ifexists('resource_additionalInfo_accessKeyAge_s', ''),\n        resource_additionalInfo_inactiveSinceTs_s=column_ifexists('resource_additionalInfo_inactiveSinceTs_s', ''),\n        resource_cloudType_s=column_ifexists('resource_cloudType_s', ''),\n        resource_resourceTs_d=column_ifexists('resource_resourceTs_d', ''),\n        id_s=column_ifexists('id_s', ''),\n        policy_policyId_g=column_ifexists('policy_policyId_g', ''),\n        policy_policyType_s=column_ifexists('policy_policyType_s', ''),\n        policy_systemDefault_b=column_ifexists('policy_systemDefault_b', ''),\n        policy_remediable_b=column_ifexists('policy_remediable_b', ''),\n        alertRules_s=column_ifexists('alertRules_s', ''),\n        riskDetail_riskScore_score_d=column_ifexists('riskDetail_riskScore_score_d', ''),\n        riskDetail_riskScore_maxScore_d=column_ifexists('riskDetail_riskScore_maxScore_d', ''),\n        riskDetail_rating_s=column_ifexists('riskDetail_rating_s', ''),\n        riskDetail_score_s=column_ifexists('riskDetail_score_s', ''),\n        status_s=column_ifexists('status_s', ''),\n        firstSeen_d=column_ifexists('firstSeen_d', ''),\n        lastSeen_d=column_ifexists('lastSeen_d', ''),\n        alertTime_d=column_ifexists('alertTime_d', ''),\n        resource_id=iff(isnotempty(column_ifexists('resource_id_s', '')), column_ifexists('resource_id_s', ''), column_ifexists('resource_id_g', ''))\n    | project-rename\n        Reason=reason_s,\n        AlertMessage=policy_name_s,\n        AlertDescription=policy_description_s,\n        AlertSeverity=policy_severity_s,\n        PolicyRecommendation=policy_recommendation_s,\n        PolicyLabels=policy_labels_s,\n        PolicyLastModifiedOn=policy_lastModifiedOn_d,\n        PolicyLastModifiedBy=policy_lastModifiedBy_s,\n        PolicyDeleted=policy_deleted_b,\n        PolicyRemediationDescription=policy_remediation_description_s,\n        PolicyRemediationImpact=policy_remediation_impact_s,\n        PolicyRemediationCliScriptTemplate=policy_remediation_cliScriptTemplate_s,\n        ResourceId=resource_id,\n        History=history_s,\n        ResourceDataMfaActive=resource_data_mfa_active_b,\n        ResourceDataCert1Active=resource_data_cert_1_active_b,\n        ResourceDataCert2Active=resource_data_cert_2_active_b,\n        ResourceDataPasswordEnabled=resource_data_password_enabled_s,\n        ResourceDataPasswordLastUsed=resource_data_password_last_used_s,\n        ResourceDataUserCreationTime=resource_data_user_creation_time_t,\n        ResourceDataAccessKey1Active=resource_data_access_key_1_active_b,\n        ResourceDataAccessKey2Active=resource_data_access_key_2_active_b,\n        ResourceDataCert1LastRotated=resource_data_cert_1_last_rotated_s,\n        ResourceDataCert2LastRotated=resource_data_cert_2_last_rotated_s,\n        ResourceDataPasswordLastChanged=resource_data_password_last_changed_s,\n        ResourceDataPasswordNextRotation=resource_data_password_next_rotation_s,\n        ResourceDataAccessKey1LastRotated=resource_data_access_key_1_last_rotated_t,\n        ResourceDataAccessKey2LastRotated=resource_data_access_key_2_last_rotated_s,\n        ResourceDataAccessKey1LastUsedDate=resource_data_access_key_1_last_used_date_t,\n        ResourceDataAccessKey2LastUsedDate=resource_data_access_key_2_last_used_date_s,\n        ResourceDataAccessKey1LastUsedRegion=resource_data_access_key_1_last_used_region_s,\n        ResourceDataAccessKey2LastUsedRegion=resource_data_access_key_2_last_used_region_s,\n        ResourceDataAccessKey1LastUsedService=resource_data_access_key_1_last_used_service_s,\n        ResourceDataAccessKey2LastUsedService=resource_data_access_key_2_last_used_service_s,\n        ResourceRrn=resource_rrn_s,\n        ResourceName=resource_name_s,\n        ResourceAccount=resource_account_s,\n        ResourceAccountId=resource_accountId_s,\n        ResourceCloudAccountGroups=resource_cloudAccountGroups_s,\n        ResourceRegion=resource_region_s,\n        ResourceRegionId=resource_regionId_s,\n        ResourceResourceType=resource_resourceType_s,\n        ResourceResourceApiName=resource_resourceApiName_s,\n        ResourceUrl=resource_url_s,\n        ResourceDataArn=resource_data_arn_s,\n        ResourceDataUser=resource_data_user_s,\n        ResourceAdditionalInfoAccessKeyAge=resource_additionalInfo_accessKeyAge_s,\n        ResourceAdditionalInfoInactiveSinceTs=resource_additionalInfo_inactiveSinceTs_s,\n        ResourceCloudType=resource_cloudType_s,\n        ResourceResourceTs=resource_resourceTs_d,\n        AlertId=id_s,\n        PolicyPolicyId=policy_policyId_g,\n        PolicyPolicyType=policy_policyType_s,\n        PolicySystemDefault=policy_systemDefault_b,\n        PolicyRemediable=policy_remediable_b,\n        AlertRules=alertRules_s,\n        RiskDetailRiskScoreScore=riskDetail_riskScore_score_d,\n        RiskDetailRiskScoreMaxScore=riskDetail_riskScore_maxScore_d,\n        RiskDetailRating=riskDetail_rating_s,\n        RiskDetailScore=riskDetail_score_s,\n        Status=status_s,\n        FirstSeen=firstSeen_d,\n        LastSeen=lastSeen_d,\n        AlertTime=alertTime_d\n    | project-away\n        resource_id_s\n};\nunion isfuzzy=true Alert_view, Audit_view",
+        "functionParameters": "",
+        "version": 1,
+        "tags": [
+          {
+            "name": "description",
+            "value": "PaloAltoPrismaCloud Data Parser"
+          }
+        ]
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName5')]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2022-01-01-preview",
       "location": "[parameters('workspace-location')]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
       "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+        "[variables('_parserId1')]"
       ],
       "properties": {
-        "description": "PaloAltoPrismaCloudAnomalousApiKeyActivity_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion5')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId5')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects anomalous API key usage activity.",
-                "displayName": "Palo Alto Prisma Cloud - Anomalous access key usage",
-                "enabled": false,
-                "query": "let threshold = 10;\nPaloAltoPrismaCloud\n| where ResourceType =~ 'Login'\n| where EventResult =~ 'Failed'\n| where EventMessage has 'access key'\n| summarize count() by UserName, bin(TimeGenerated, 5m)\n| where count_ > threshold\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1078"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId5'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 5",
-                "parentId": "[variables('analyticRuleId5')]",
-                "contentId": "[variables('_analyticRulecontentId5')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion5')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
+        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
+        "contentId": "[variables('_parserContentId1')]",
+        "kind": "Parser",
+        "version": "[variables('parserVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "PaloAltoPrismaCloud",
+          "sourceId": "[variables('_solutionId')]"
         },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId5')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Anomalous access key usage",
-        "contentProductId": "[variables('_analyticRulecontentProductId5')]",
-        "id": "[variables('_analyticRulecontentProductId5')]",
-        "version": "[variables('analyticRuleVersion5')]"
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Microsoft Corporation",
+          "email": "support@microsoft.com",
+          "tier": "Microsoft",
+          "link": "https://support.microsoft.com"
+        }
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName6')]",
+      "name": "[variables('playbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PaloAltoPrismaCloudHighRiskScoreAlert_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "description": "PrismaCloudCSPMCustomConnector Playbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion6')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId6')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects alerts with high risk score value.",
-                "displayName": "Palo Alto Prisma Cloud - High risk score alert",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| extend r_score = 0.85 * toint(RiskDetailRiskScoreMaxScore)\n| extend i_RiskDetailRiskScoreScore = toint(RiskDetailRiskScoreScore)\n| where i_RiskDetailRiskScoreScore > r_score\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1133"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
+          "contentVersion": "[variables('playbookVersion1')]",
+          "parameters": {
+            "CustomConnectorName": {
+              "defaultValue": "PrismaCloudCSPMCustomConnector",
+              "type": "String",
+              "metadata": {
+                "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Prisma Cloud automation playbooks as well"
               }
             },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId6'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 6",
-                "parentId": "[variables('analyticRuleId6')]",
-                "contentId": "[variables('_analyticRulecontentId6')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion6')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
+            "PrismaCloudAPIURL": {
+              "type": "String",
+              "metadata": {
+                "description": "Check documentation of prisma cloud for Actual API url (https://prisma.pan.dev/api/cloud/api-urls) . Note: Do NOT prefix with https:// or http:// etc"
               }
             }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId6')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - High risk score alert",
-        "contentProductId": "[variables('_analyticRulecontentProductId6')]",
-        "id": "[variables('_analyticRulecontentProductId6')]",
-        "version": "[variables('analyticRuleVersion6')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName7')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion7')]",
-          "parameters": {},
-          "variables": {},
+          },
+          "variables": {
+            "api_host": "[[replace(replace(parameters('PrismaCloudAPIURL'),'https://',''),'http://','')]",
+            "ServiceName": "[[concat('https://', variables('api_host'))]",
+            "operationId-RefreshToken": "RefreshToken",
+            "_operationId-RefreshToken": "[[variables('operationId-RefreshToken')]",
+            "operationId-LoginGenerateToken": "LoginGenerateToken",
+            "_operationId-LoginGenerateToken": "[[variables('operationId-LoginGenerateToken')]",
+            "operationId-AssetInventoryViewV2": "AssetInventoryViewV2",
+            "_operationId-AssetInventoryViewV2": "[[variables('operationId-AssetInventoryViewV2')]",
+            "operationId-AssetInventoryTrendViewV2": "AssetInventoryTrendViewV2",
+            "_operationId-AssetInventoryTrendViewV2": "[[variables('operationId-AssetInventoryTrendViewV2')]",
+            "operationId-AssetsResourceScan": "AssetsResourceScan",
+            "_operationId-AssetsResourceScan": "[[variables('operationId-AssetsResourceScan')]",
+            "operationId-AssetsEnrichment": "AssetsEnrichment",
+            "_operationId-AssetsEnrichment": "[[variables('operationId-AssetsEnrichment')]",
+            "operationId-ListAlerts": "ListAlerts",
+            "_operationId-ListAlerts": "[[variables('operationId-ListAlerts')]",
+            "operationId-GetAlertInfo": "GetAlertInfo",
+            "_operationId-GetAlertInfo": "[[variables('operationId-GetAlertInfo')]",
+            "operationId-GetAnomalyTrustedList": "GetAnomalyTrustedList",
+            "_operationId-GetAnomalyTrustedList": "[[variables('operationId-GetAnomalyTrustedList')]",
+            "operationId-AddEntriesToAnomalyTrustedList": "AddEntriesToAnomalyTrustedList",
+            "_operationId-AddEntriesToAnomalyTrustedList": "[[variables('operationId-AddEntriesToAnomalyTrustedList')]",
+            "operationId-ListRemediationCommand": "ListRemediationCommand",
+            "_operationId-ListRemediationCommand": "[[variables('operationId-ListRemediationCommand')]",
+            "operationId-RemediateAlert": "RemediateAlert",
+            "_operationId-RemediateAlert": "[[variables('operationId-RemediateAlert')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "playbookContentId1": "PrismaCloudCSPMCustomConnector",
+            "playbookId1": "[[resourceId('Microsoft.Web/customApis', parameters('CustomConnectorName'))]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId7')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects high severity alert which is opened for several days.",
-                "displayName": "Palo Alto Prisma Cloud - High severity alert opened for several days",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where AlertSeverity =~ 'high'\n| where Status =~ 'open'\n| extend alert_time = now() - TimeGenerated\n| where alert_time > 1d\n| extend ['Opened Days'] = strcat('Alert opened for ', strcat(toint(alert_time / 1d), ' days'))\n| project AlertMessage, AlertSeverity, ['Opened Days'], ResourceId, UserName\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1133"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId7'),'/'))))]",
+              "type": "Microsoft.Web/customApis",
+              "apiVersion": "2016-06-01",
+              "name": "[[parameters('CustomConnectorName')]",
+              "location": "[[variables('workspace-location-inline')]",
               "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 7",
-                "parentId": "[variables('analyticRuleId7')]",
-                "contentId": "[variables('_analyticRulecontentId7')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion7')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
+                "capabilities": "[variables('TemplateEmptyArray')]",
+                "description": "[[concat(parameters('CustomConnectorName'),' connects to Prisma Cloud CSPM services end point to runs any Prisma supported API get/post/patch calls and gives response back in JSON format. \n\nNote: For better understanding , check https://prisma.pan.dev/api/cloud/cspm/')]",
+                "displayName": "[[parameters('CustomConnectorName')]",
+                "iconUri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANMAAAEACAYAAAAp2kPsAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAJOgAACToAYJjBRwAAAOWaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzE0OCA3OS4xNjM4NTgsIDIwMTkvMDMvMDYtMDM6MTg6MzYgICAgICAgICI+CiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICB4bWxuczpkYW09Imh0dHA6Ly93d3cuZGF5LmNvbS9kYW0vMS4wIgogICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iCiAgIGRhbTpQaHlzaWNhbGhlaWdodGluaW5jaGVzPSIzLjU1NjM2NTcyODM3ODI5NiIKICAgZGFtOlBoeXNpY2Fsd2lkdGhpbmluY2hlcz0iMTcuNjE1MTIzNzQ4Nzc5Mjk3IgogICBkYW06RmlsZWZvcm1hdD0iUE5HIgogICBkYW06UHJvZ3Jlc3NpdmU9Im5vIgogICBkYW06Qml0c3BlcnBpeGVsPSIzMiIKICAgZGFtOk1JTUV0eXBlPSJpbWFnZS9wbmciCiAgIGRhbTpQaHlzaWNhbHdpZHRoaW5kcGk9IjcyIgogICBkYW06UGh5c2ljYWxoZWlnaHRpbmRwaT0iNzIiCiAgIGRhbTpOdW1iZXJvZmltYWdlcz0iMSIKICAgZGFtOk51bWJlcm9mdGV4dHVhbGNvbW1lbnRzPSIwIgogICB0aWZmOkltYWdlTGVuZ3RoPSIyNTYiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMTI2OCIKICAgZGM6Zm9ybWF0PSJpbWFnZS9wbmciCiAgIGRjOm1vZGlmaWVkPSIyMDIxLTA2LTE1VDA1OjE1OjAxLjQxMy0wNzowMCIvPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/PnDSuR8AAAoUSURBVHhe7d1LjlzlHYbxcoOAGAMW8iBSIhkpA4ZkCbADlgArSFiB8QpwVkCWwA6AHcCQQSQsORIDhAwYEoOJ49d1Du6ursu5fJf/5flJFlU9Qb48evuc8nd85fETG6Rw/9HjzRcPft28ff2F4Sso6Wz4L4JTSO98+d3ms/u/DF9BacSUwBjSFw8eDV9BDcQUHCG1Q0yBEVJbxBQUIbVHTAERUh/EFAwh9UNMgRBSX8QUBCH1R0wBEJINxOQcIdlBTI4Rki3E5BQh2UNMDhGSTcTkDCHZRUyOEJJtxOQEIdlHTA4Qkg/EZBwh+UFMhhGSL8RkFCH5Q0wGEZJPxGQMIflFTIYQkm/EZAQh+UdMBhBSDMTUGSHFQUwdEVIsxNQJIcVDTB0QUkzE1BghxUVMDRFSbMTUCCHFR0wNEFIOxFQZIeVBTBURUi7EVAkh5UNMFRBSTsRUGCHlRUwFEVJuxFQIIYGYCiAkCDGtREgYEdMKhITziGkhQsIuYlqAkLAPMc1ESDiEmGYgJBxDTBMREk4hpgkICVMQ0wmEhKmI6YiIId19+L/hFUojpgMihnT9+Subz+7/svn6v78NX0FJxLRH1G/t/vanq5s3Xnpuc/vuT8NXUBIx7Ygaklbp739++enrf37zH9apAmI6J/LNBq2SghqxTuUR0yBySOdXaaR1ivhz7YmYnogckuyu0uiDf/04vEIJ6WOKHpJuOOyu0kh39vQDZaSOKXpIcuvmy3tXacS1UzlpY8oQklbpvT/+YXi3H+tUTsqYMoQkWqUpWKcy0sWUJaQpqzTSMn3y7cPhHZZKFVOWkOSjv7wyvJqGO3vrpYkpU0hvX39h8+6NF4d30+hvROizJyyXIqZMIcnUa6VdXDutEz6mbCFplfRjCdZpndAxZQtJlq7SSOukXzfMFzamjCGtWaWR1unOPb7dWyJkTBlDkrl38A75x79/Zp0WCBdT1pD0mdJfrz0/vFtHv4as03yhYsoakqy9VtrFOs0XJqbMIWmV9DceSmKd5gsRU+aQpPQqjbROHG+fzn1M2UOqsUoj/dryQe50rmPKHpLOKZW6g3cID1+Zzm1M2UOSQ8fRS2OdpnEZEyHtf0hKLazTNO5iIqStVqs0Yp1OcxUTIW21XKWR1onj7ce5iYmQnrl181rTVRqxTse5iImQntk+uuvq8K4tHr5ynPmYCOmiWh/QTsU6HWY6JkK6aM5DUmphnQ4zGxMhXdZ7lUY8fGU/kzER0mUWVmmk3xeOt19mLiZC2u/jN18dXtnAtdNlpmIipP1KHEcvjYevXGYmJkI6zMq10i7W6SITMRHSYRZXacQ6XdQ9JkI6zuoqjXRnT7+H6BwTIR1neZVG+j3kePtWt5gI6TRrd/AO4eErW11iIqTTah5HL4112moeEyFNY/1aaRfr1DgmQprG0yqNWKeGMRHSdN5WaaTPnTIfb28SEyFNp5C8rdJ5mT/IrR4TIU3X4zh6aZkfvlI1JkKap/VDUmrJuk7VYiKkeSKs0ijrOlWJiZDmi7JKo/e/+mF4lUfxmAhpvkirNMp4vL1oTIS0jJ4XHmmVRtmunYrFREjLWDqOXlq2dSoSEyEt5/UD2qkyrdPqmAhpucirNMq0TqtiIqR1oq/SKMudvcUxEdI6+pfRo6/SKMvx9kUxEdJ6tf/FP2syXDvNjomQ1vNwHL20DOs0KyZCKiPLtdKu6Os0OSZCKiPjKo20Tnfu/Ty8i2dSTIRUTtZVGt2+++Dpn6eITsZESOXo7l3WVRrpz1PU4+1HYyKksrKv0ijqw1cOxkRIZXl8SEotUddpb0yEVB6rdFHEdboUEyGVxypdpj9n0f4FwgsxEVJ5OqfEKu0X7Xj77zERUh06js4qHRbpg9ynMRFSHRGPo5cWaZ3OCKmeaA9JqSXKOp0RUh2s0nRapwh/Bs8IqQ5WaZ4Id/b2fs6EdXTDgVWaJ8LxdmKqQLfCWaX5vF87EVNhGR6SUov3dSKmwviAdh3P60RMBbFK62mZvB5vP+N7+3KyPSSlFq/rdPbpW69zsVyADv29e+PF4R3W8PrwlTM9v42g1uNaqSyP6/T0momg1sn8kJRaPK7T7zcgCGo5VqkOrZP+7qgXF+7mEdR8rFI920eD+fl279KtcYKahzt4dXk63r73cyaCmkafKenXCvUoJC/rtDcmIajTuFZqw8s6HYxJCOowHpLSjpd1OhqTENR+rFJbWifrx9tPxiQEdRGr1J7WyfoHuZNiEoLa0s+fO3h9WH/4yuSYhKA4jt6b5XWaFZNkDko/Z46j92V5nWbHJFmDYpVssPrwlUUxSbagWCU7Pvn2ocnj7YtjkkxB3bp5jVUyxOK106qYJENQ20d3XR3ewQKLD19ZHZNED4oPaG2ytk5FYpKoQfGQFLusrVOxmCRiUKySbZbu7BWNSSIFxSrZp2flWzneXjwmiRLUx2++OryCZVaunarEJN6D4ji6H1YevlItJvEcFNdKvlhYp6oxicegWCV/LKxT9ZjEW1Cskk+6s9fzeHuTmMRLUKySX72PtzeLSTwExR0833o+fKVpTGI5KI6j+9dznZrHJFaD4lophl7r1CUmsRYUqxSHQrp998Hwrp1uMYmloFilWO7ca/9osK4xiYWgFBKrFE/rD3K7xyQ9g9L/k+PoMbV++IqJmKRXUDwkJbaW62QmJmkdFKsUX8t1MhWTtAyKVcrh/a9+GF7VdeXxE8NrU3To650vv6v6eYEekvLac7li+vz7X4dXuehvttS+yWQ2JmkRVDa6c/nhG9eGdyjJ3Ld551m4bQ5MZTomISh4YT4mISh44CImIShY5yYmIShY5iomIShY5S4mIShY5DImIShY4zYmIShY4jomIShY4T4mIShYECImISj0FiYmISj0FComISj0Ei4mISj0EDImISi0FjYmISi0FDomISi0Ej4mISi0kCImISjUliYmISjUlComISjUki4mISjUkDImISiUljYmISiUlDomISiUkj4mISiUQEwDgsJaxHQOQWENYtpBUFiKmPYgKCxBTAcQFOYipiMICnMQ0wkEhamIaQKCwhTENBFB4RRimoGgcAwxzURQOISYFiAo7ENMCxEUdhHTCgSF84hpJYLCiJgKICgIMRVCUCCmgggqN2IqjKDyIqYKCConYqqEoPIhpooIKhdiqoyg8iCmBggqB2JqhKDiI6aGCCo2YmqMoOIipg4IKiZi6oSg4iGmjggqFmLqjKDiICYDCCoGYjKCoPwjJkMIyjdiMoag/CImgwjKJ2IyiqD8ISbDCMoXYjKOoPwgJgcIygdicoKg7CMmRwjKNmJyhqDsIiaHCMomYnKKoOwhJscIyhZico6g7CCmAAjKBmIKgqD6I6ZACKovYgqGoPohpoAIqg9iCoqg2iOmwAiqLWIKjqDaIaYECKoNYkriWVD8ltex2fwfs//NjmqcgcgAAAAASUVORK5CYII=",
+                "backendService": {
+                  "serviceUrl": "[[variables('ServiceName')]"
                 },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId7')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - High severity alert opened for several days",
-        "contentProductId": "[variables('_analyticRulecontentProductId7')]",
-        "id": "[variables('_analyticRulecontentProductId7')]",
-        "version": "[variables('analyticRuleVersion7')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName8')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudIamAdminGroup_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion8')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId8')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects IAM Groups with Administrator Access Permissions.",
-                "displayName": "Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'IAM Groups with Administrator Access Permissions'\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1078"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId8'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 8",
-                "parentId": "[variables('analyticRuleId8')]",
-                "contentId": "[variables('_analyticRulecontentId8')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion8')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId8')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions",
-        "contentProductId": "[variables('_analyticRulecontentProductId8')]",
-        "id": "[variables('_analyticRulecontentProductId8')]",
-        "version": "[variables('analyticRuleVersion8')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName9')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudInactiveUser_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion9')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId9')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects users inactive for 30 days.",
-                "displayName": "Palo Alto Prisma Cloud - Inactive user",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Status =~ 'open'\n| where AlertMessage has 'Inactive users for more than 30 days'\n| extend AccountCustomEntity = ResourceId\n",
-                "queryFrequency": "P1D",
-                "queryPeriod": "P1D",
-                "severity": "Low",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1078"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                "apiType": "Rest",
+                "swagger": {
+                  "swagger": "2.0",
+                  "info": {
+                    "version": "1.0.0",
+                    "title": "Prisma Cloud",
+                    "description": "This custom connector connects to Prisma Cloud CSPM services end point to runs any Prisma supported API get/post/patch calls and gives response back in JSON format. \n\nNote: For better understanding , check https://prisma.pan.dev/api/cloud/cspm/')]"
+                  },
+                  "host": "[[replace(replace(parameters('PrismaCloudAPIURL'),'https://',''),'http://','')]",
+                  "basePath": "/",
+                  "schemes": [
+                    "https"
+                  ],
+                  "consumes": "[variables('TemplateEmptyArray')]",
+                  "produces": [
+                    "application/json"
+                  ],
+                  "paths": {
+                    "/auth_token/extend": {
+                      "get": {
+                        "summary": "Refresh Token",
+                        "description": "Refresh Token",
+                        "operationId": "[[variables('_operationId-RefreshToken')]",
+                        "parameters": [
+                          {
+                            "name": "accept",
+                            "in": "header",
+                            "required": true,
+                            "type": "string",
+                            "default": "application/json; charset=UTF-8",
+                            "description": "accept"
+                          },
+                          {
+                            "name": "content-type",
+                            "in": "header",
+                            "required": true,
+                            "type": "string",
+                            "default": "application/json",
+                            "description": "content-type"
+                          },
+                          {
+                            "name": "x-redlock-auth",
+                            "in": "header",
+                            "required": true,
+                            "type": "string",
+                            "default": "{{token}}",
+                            "description": "x-redlock-auth"
+                          }
+                        ],
+                        "responses": {
+                          "default": {
+                            "description": "default"
+                          }
+                        }
                       }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId9'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 9",
-                "parentId": "[variables('analyticRuleId9')]",
-                "contentId": "[variables('_analyticRulecontentId9')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion9')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId9')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Inactive user",
-        "contentProductId": "[variables('_analyticRulecontentProductId9')]",
-        "id": "[variables('_analyticRulecontentProductId9')]",
-        "version": "[variables('analyticRuleVersion9')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName10')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudMaxRiskScoreAlert_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion10')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId10')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects alerts with maximum risk score value.",
-                "displayName": "Palo Alto Prisma Cloud - Maximum risk score alert",
-                "enabled": false,
-                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where RiskDetailRiskScoreScore == RiskDetailRiskScoreMaxScore\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "InitialAccess"
-                ],
-                "techniques": [
-                  "T1133"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId10'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 10",
-                "parentId": "[variables('analyticRuleId10')]",
-                "contentId": "[variables('_analyticRulecontentId10')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion10')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId10')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Maximum risk score alert",
-        "contentProductId": "[variables('_analyticRulecontentProductId10')]",
-        "id": "[variables('_analyticRulecontentProductId10')]",
-        "version": "[variables('analyticRuleVersion10')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName11')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudMultipleFailedLoginsUser_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion11')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId11')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Detects multiple failed logins for the same user account.",
-                "displayName": "Palo Alto Prisma Cloud - Multiple failed logins for user",
-                "enabled": false,
-                "query": "let threshold = 10;\nPaloAltoPrismaCloud\n| where ResourceType =~ 'Login'\n| where EventResult =~ 'Failed'\n| where EventMessage !has 'access key'\n| summarize count() by UserName, bin(TimeGenerated, 5m)\n| where count_ > threshold\n| extend AccountCustomEntity = UserName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "PaloAltoPrismaCloud"
-                    ],
-                    "connectorId": "PaloAltoPrismaCloud"
-                  }
-                ],
-                "tactics": [
-                  "CredentialAccess"
-                ],
-                "techniques": [
-                  "T1110"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId11'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Analytics Rule 11",
-                "parentId": "[variables('analyticRuleId11')]",
-                "contentId": "[variables('_analyticRulecontentId11')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion11')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId11')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Palo Alto Prisma Cloud - Multiple failed logins for user",
-        "contentProductId": "[variables('_analyticRulecontentProductId11')]",
-        "id": "[variables('_analyticRulecontentProductId11')]",
-        "version": "[variables('analyticRuleVersion11')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('parserTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloud Data Parser with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('parserVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[variables('_parserName1')]",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "PaloAltoPrismaCloud Data Parser",
-                "category": "Samples",
-                "functionAlias": "PaloAltoPrismaCloud",
-                "query": "\nlet Audit_view = view () { \r\n    PaloAltoPrismaCloudAudit_CL\r\n    | extend \r\n        EventType='PaloAltoPrismaCloudAudit',\r\n        user=iff(isnotempty(column_ifexists('user_s', '')), column_ifexists('user_s', ''), column_ifexists('user_g', '')),\r\n        resourceName=iff(isnotempty(column_ifexists('resourceName_s', '')), column_ifexists('resourceName_s', ''), column_ifexists('resourceName_g', '')),\r\n        timestamp_d=column_ifexists('timestamp_d', ''),\r\n        IPAddress=column_ifexists('IPAddress', ''),\r\n        ResourceType=column_ifexists('ResourceType', ''),\r\n        action_s=column_ifexists('action_s', ''),\r\n        result_s=column_ifexists('result_s', '')\r\n    | project-rename  \r\n        UserName=user,\r\n        ResourceName=resourceName,\r\n        EventEndTime=timestamp_d,\r\n        SrcIpAddr=IPAddress,\r\n        EventMessage=action_s,\r\n        EventResult=result_s\r\n    | project-away\r\n        user_s,\r\n        resourceName_s\r\n};\r\nlet Alert_view = view () { \r\n    PaloAltoPrismaCloudAlert_CL\r\n    | extend \r\n        EventType='PaloAltoPrismaCloudAlert',\r\n        reason_s=column_ifexists('reason_s', ''),\r\n        policy_name_s=column_ifexists('policy_name_s', ''),\r\n        policy_description_s=column_ifexists('policy_description_s', ''),\r\n        policy_severity_s=column_ifexists('policy_severity_s', ''),\r\n        policy_recommendation_s=column_ifexists('policy_recommendation_s', ''),\r\n        policy_labels_s=column_ifexists('policy_labels_s', ''),\r\n        policy_lastModifiedOn_d=column_ifexists('policy_lastModifiedOn_d', ''),\r\n        policy_lastModifiedBy_s=column_ifexists('policy_lastModifiedBy_s', ''),\r\n        policy_deleted_b=column_ifexists('policy_deleted_b', ''),\r\n        policy_remediation_description_s=column_ifexists('policy_remediation_description_s', ''),\r\n        policy_remediation_impact_s=column_ifexists('policy_remediation_impact_s', ''),\r\n        policy_remediation_cliScriptTemplate_s=column_ifexists('policy_remediation_cliScriptTemplate_s', ''),\r\n        history_s=column_ifexists('history_s', ''),\r\n        resource_data_mfa_active_b=column_ifexists('resource_data_mfa_active_b', ''),\r\n        resource_data_cert_1_active_b=column_ifexists('resource_data_cert_1_active_b', ''),\r\n        resource_data_cert_2_active_b=column_ifexists('resource_data_cert_2_active_b', ''),\r\n        resource_data_password_enabled_s=column_ifexists('resource_data_password_enabled_s', ''),\r\n        resource_data_password_last_used_s=column_ifexists('resource_data_password_last_used_s', ''),\r\n        resource_data_user_creation_time_t=column_ifexists('resource_data_user_creation_time_t', ''),\r\n        resource_data_access_key_1_active_b=column_ifexists('resource_data_access_key_1_active_b', ''),\r\n        resource_data_access_key_2_active_b=column_ifexists('resource_data_access_key_2_active_b', ''),\r\n        resource_data_cert_1_last_rotated_s=column_ifexists('resource_data_cert_1_last_rotated_s', ''),\r\n        resource_data_cert_2_last_rotated_s=column_ifexists('resource_data_cert_2_last_rotated_s', ''),\r\n        resource_data_password_last_changed_s=column_ifexists('resource_data_password_last_changed_s', ''),\r\n        resource_data_password_next_rotation_s=column_ifexists('resource_data_password_next_rotation_s', ''),\r\n        resource_data_access_key_1_last_rotated_t=column_ifexists('resource_data_access_key_1_last_rotated_t', ''),\r\n        resource_data_access_key_2_last_rotated_s=column_ifexists('resource_data_access_key_2_last_rotated_s', ''),\r\n        resource_data_access_key_1_last_used_date_t=column_ifexists('resource_data_access_key_1_last_used_date_t', ''),\r\n        resource_data_access_key_2_last_used_date_s=column_ifexists('resource_data_access_key_2_last_used_date_s', ''),\r\n        resource_data_access_key_1_last_used_region_s=column_ifexists('resource_data_access_key_1_last_used_region_s', ''),\r\n        resource_data_access_key_2_last_used_region_s=column_ifexists('resource_data_access_key_2_last_used_region_s', ''),\r\n        resource_data_access_key_1_last_used_service_s=column_ifexists('resource_data_access_key_1_last_used_service_s', ''),\r\n        resource_data_access_key_2_last_used_service_s=column_ifexists('resource_data_access_key_2_last_used_service_s', ''),\r\n        resource_rrn_s=column_ifexists('resource_rrn_s', ''),\r\n        resource_name_s=column_ifexists('resource_name_s', ''),\r\n        resource_account_s=column_ifexists('resource_account_s', ''),\r\n        resource_accountId_s=column_ifexists('resource_accountId_s', ''),\r\n        resource_cloudAccountGroups_s=column_ifexists('resource_cloudAccountGroups_s', ''),\r\n        resource_region_s=column_ifexists('resource_region_s', ''),\r\n        resource_regionId_s=column_ifexists('resource_regionId_s', ''),\r\n        resource_resourceType_s=column_ifexists('resource_resourceType_s', ''),\r\n        resource_resourceApiName_s=column_ifexists('resource_resourceApiName_s', ''),\r\n        resource_url_s=column_ifexists('resource_url_s', ''),\r\n        resource_data_arn_s=column_ifexists('resource_data_arn_s', ''),\r\n        resource_data_user_s=column_ifexists('resource_data_user_s', ''),\r\n        resource_additionalInfo_accessKeyAge_s=column_ifexists('resource_additionalInfo_accessKeyAge_s', ''),\r\n        resource_additionalInfo_inactiveSinceTs_s=column_ifexists('resource_additionalInfo_inactiveSinceTs_s', ''),\r\n        resource_cloudType_s=column_ifexists('resource_cloudType_s', ''),\r\n        resource_resourceTs_d=column_ifexists('resource_resourceTs_d', ''),\r\n        id_s=column_ifexists('id_s', ''),\r\n        policy_policyId_g=column_ifexists('policy_policyId_g', ''),\r\n        policy_policyType_s=column_ifexists('policy_policyType_s', ''),\r\n        policy_systemDefault_b=column_ifexists('policy_systemDefault_b', ''),\r\n        policy_remediable_b=column_ifexists('policy_remediable_b', ''),\r\n        alertRules_s=column_ifexists('alertRules_s', ''),\r\n        riskDetail_riskScore_score_d=column_ifexists('riskDetail_riskScore_score_d', ''),\r\n        riskDetail_riskScore_maxScore_d=column_ifexists('riskDetail_riskScore_maxScore_d', ''),\r\n        riskDetail_rating_s=column_ifexists('riskDetail_rating_s', ''),\r\n        riskDetail_score_s=column_ifexists('riskDetail_score_s', ''),\r\n        status_s=column_ifexists('status_s', ''),\r\n        firstSeen_d=column_ifexists('firstSeen_d', ''),\r\n        lastSeen_d=column_ifexists('lastSeen_d', ''),\r\n        alertTime_d=column_ifexists('alertTime_d', ''),\r\n        resource_id=iff(isnotempty(column_ifexists('resource_id_s', '')), column_ifexists('resource_id_s', ''), column_ifexists('resource_id_g', ''))\r\n    | project-rename\r\n        Reason=reason_s,\r\n        AlertMessage=policy_name_s,\r\n        AlertDescription=policy_description_s,\r\n        AlertSeverity=policy_severity_s,\r\n        PolicyRecommendation=policy_recommendation_s,\r\n        PolicyLabels=policy_labels_s,\r\n        PolicyLastModifiedOn=policy_lastModifiedOn_d,\r\n        PolicyLastModifiedBy=policy_lastModifiedBy_s,\r\n        PolicyDeleted=policy_deleted_b,\r\n        PolicyRemediationDescription=policy_remediation_description_s,\r\n        PolicyRemediationImpact=policy_remediation_impact_s,\r\n        PolicyRemediationCliScriptTemplate=policy_remediation_cliScriptTemplate_s,\r\n        ResourceId=resource_id,\r\n        History=history_s,\r\n        ResourceDataMfaActive=resource_data_mfa_active_b,\r\n        ResourceDataCert1Active=resource_data_cert_1_active_b,\r\n        ResourceDataCert2Active=resource_data_cert_2_active_b,\r\n        ResourceDataPasswordEnabled=resource_data_password_enabled_s,\r\n        ResourceDataPasswordLastUsed=resource_data_password_last_used_s,\r\n        ResourceDataUserCreationTime=resource_data_user_creation_time_t,\r\n        ResourceDataAccessKey1Active=resource_data_access_key_1_active_b,\r\n        ResourceDataAccessKey2Active=resource_data_access_key_2_active_b,\r\n        ResourceDataCert1LastRotated=resource_data_cert_1_last_rotated_s,\r\n        ResourceDataCert2LastRotated=resource_data_cert_2_last_rotated_s,\r\n        ResourceDataPasswordLastChanged=resource_data_password_last_changed_s,\r\n        ResourceDataPasswordNextRotation=resource_data_password_next_rotation_s,\r\n        ResourceDataAccessKey1LastRotated=resource_data_access_key_1_last_rotated_t,\r\n        ResourceDataAccessKey2LastRotated=resource_data_access_key_2_last_rotated_s,\r\n        ResourceDataAccessKey1LastUsedDate=resource_data_access_key_1_last_used_date_t,\r\n        ResourceDataAccessKey2LastUsedDate=resource_data_access_key_2_last_used_date_s,\r\n        ResourceDataAccessKey1LastUsedRegion=resource_data_access_key_1_last_used_region_s,\r\n        ResourceDataAccessKey2LastUsedRegion=resource_data_access_key_2_last_used_region_s,\r\n        ResourceDataAccessKey1LastUsedService=resource_data_access_key_1_last_used_service_s,\r\n        ResourceDataAccessKey2LastUsedService=resource_data_access_key_2_last_used_service_s,\r\n        ResourceRrn=resource_rrn_s,\r\n        ResourceName=resource_name_s,\r\n        ResourceAccount=resource_account_s,\r\n        ResourceAccountId=resource_accountId_s,\r\n        ResourceCloudAccountGroups=resource_cloudAccountGroups_s,\r\n        ResourceRegion=resource_region_s,\r\n        ResourceRegionId=resource_regionId_s,\r\n        ResourceResourceType=resource_resourceType_s,\r\n        ResourceResourceApiName=resource_resourceApiName_s,\r\n        ResourceUrl=resource_url_s,\r\n        ResourceDataArn=resource_data_arn_s,\r\n        ResourceDataUser=resource_data_user_s,\r\n        ResourceAdditionalInfoAccessKeyAge=resource_additionalInfo_accessKeyAge_s,\r\n        ResourceAdditionalInfoInactiveSinceTs=resource_additionalInfo_inactiveSinceTs_s,\r\n        ResourceCloudType=resource_cloudType_s,\r\n        ResourceResourceTs=resource_resourceTs_d,\r\n        AlertId=id_s,\r\n        PolicyPolicyId=policy_policyId_g,\r\n        PolicyPolicyType=policy_policyType_s,\r\n        PolicySystemDefault=policy_systemDefault_b,\r\n        PolicyRemediable=policy_remediable_b,\r\n        AlertRules=alertRules_s,\r\n        RiskDetailRiskScoreScore=riskDetail_riskScore_score_d,\r\n        RiskDetailRiskScoreMaxScore=riskDetail_riskScore_maxScore_d,\r\n        RiskDetailRating=riskDetail_rating_s,\r\n        RiskDetailScore=riskDetail_score_s,\r\n        Status=status_s,\r\n        FirstSeen=firstSeen_d,\r\n        LastSeen=lastSeen_d,\r\n        AlertTime=alertTime_d\r\n    | project-away\r\n        resource_id_s\r\n};\r\nunion isfuzzy=true Alert_view, Audit_view",
-                "functionParameters": "",
-                "version": 1,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "PaloAltoPrismaCloud Data Parser"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
-              "dependsOn": [
-                "[variables('_parserName1')]"
-              ],
-              "properties": {
-                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
-                "contentId": "[variables('_parserContentId1')]",
-                "kind": "Parser",
-                "version": "[variables('parserVersion1')]",
-                "source": {
-                  "name": "PaloAltoPrismaCloud",
-                  "kind": "Solution",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_parserContentId1')]",
-        "contentKind": "Parser",
-        "displayName": "PaloAltoPrismaCloud Data Parser",
-        "contentProductId": "[variables('_parsercontentProductId1')]",
-        "id": "[variables('_parsercontentProductId1')]",
-        "version": "[variables('parserVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-      "apiVersion": "2022-10-01",
-      "name": "[variables('_parserName1')]",
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "eTag": "*",
-        "displayName": "PaloAltoPrismaCloud Data Parser",
-        "category": "Samples",
-        "functionAlias": "PaloAltoPrismaCloud",
-        "query": "\nlet Audit_view = view () { \r\n    PaloAltoPrismaCloudAudit_CL\r\n    | extend \r\n        EventType='PaloAltoPrismaCloudAudit',\r\n        user=iff(isnotempty(column_ifexists('user_s', '')), column_ifexists('user_s', ''), column_ifexists('user_g', '')),\r\n        resourceName=iff(isnotempty(column_ifexists('resourceName_s', '')), column_ifexists('resourceName_s', ''), column_ifexists('resourceName_g', '')),\r\n        timestamp_d=column_ifexists('timestamp_d', ''),\r\n        IPAddress=column_ifexists('IPAddress', ''),\r\n        ResourceType=column_ifexists('ResourceType', ''),\r\n        action_s=column_ifexists('action_s', ''),\r\n        result_s=column_ifexists('result_s', '')\r\n    | project-rename  \r\n        UserName=user,\r\n        ResourceName=resourceName,\r\n        EventEndTime=timestamp_d,\r\n        SrcIpAddr=IPAddress,\r\n        EventMessage=action_s,\r\n        EventResult=result_s\r\n    | project-away\r\n        user_s,\r\n        resourceName_s\r\n};\r\nlet Alert_view = view () { \r\n    PaloAltoPrismaCloudAlert_CL\r\n    | extend \r\n        EventType='PaloAltoPrismaCloudAlert',\r\n        reason_s=column_ifexists('reason_s', ''),\r\n        policy_name_s=column_ifexists('policy_name_s', ''),\r\n        policy_description_s=column_ifexists('policy_description_s', ''),\r\n        policy_severity_s=column_ifexists('policy_severity_s', ''),\r\n        policy_recommendation_s=column_ifexists('policy_recommendation_s', ''),\r\n        policy_labels_s=column_ifexists('policy_labels_s', ''),\r\n        policy_lastModifiedOn_d=column_ifexists('policy_lastModifiedOn_d', ''),\r\n        policy_lastModifiedBy_s=column_ifexists('policy_lastModifiedBy_s', ''),\r\n        policy_deleted_b=column_ifexists('policy_deleted_b', ''),\r\n        policy_remediation_description_s=column_ifexists('policy_remediation_description_s', ''),\r\n        policy_remediation_impact_s=column_ifexists('policy_remediation_impact_s', ''),\r\n        policy_remediation_cliScriptTemplate_s=column_ifexists('policy_remediation_cliScriptTemplate_s', ''),\r\n        history_s=column_ifexists('history_s', ''),\r\n        resource_data_mfa_active_b=column_ifexists('resource_data_mfa_active_b', ''),\r\n        resource_data_cert_1_active_b=column_ifexists('resource_data_cert_1_active_b', ''),\r\n        resource_data_cert_2_active_b=column_ifexists('resource_data_cert_2_active_b', ''),\r\n        resource_data_password_enabled_s=column_ifexists('resource_data_password_enabled_s', ''),\r\n        resource_data_password_last_used_s=column_ifexists('resource_data_password_last_used_s', ''),\r\n        resource_data_user_creation_time_t=column_ifexists('resource_data_user_creation_time_t', ''),\r\n        resource_data_access_key_1_active_b=column_ifexists('resource_data_access_key_1_active_b', ''),\r\n        resource_data_access_key_2_active_b=column_ifexists('resource_data_access_key_2_active_b', ''),\r\n        resource_data_cert_1_last_rotated_s=column_ifexists('resource_data_cert_1_last_rotated_s', ''),\r\n        resource_data_cert_2_last_rotated_s=column_ifexists('resource_data_cert_2_last_rotated_s', ''),\r\n        resource_data_password_last_changed_s=column_ifexists('resource_data_password_last_changed_s', ''),\r\n        resource_data_password_next_rotation_s=column_ifexists('resource_data_password_next_rotation_s', ''),\r\n        resource_data_access_key_1_last_rotated_t=column_ifexists('resource_data_access_key_1_last_rotated_t', ''),\r\n        resource_data_access_key_2_last_rotated_s=column_ifexists('resource_data_access_key_2_last_rotated_s', ''),\r\n        resource_data_access_key_1_last_used_date_t=column_ifexists('resource_data_access_key_1_last_used_date_t', ''),\r\n        resource_data_access_key_2_last_used_date_s=column_ifexists('resource_data_access_key_2_last_used_date_s', ''),\r\n        resource_data_access_key_1_last_used_region_s=column_ifexists('resource_data_access_key_1_last_used_region_s', ''),\r\n        resource_data_access_key_2_last_used_region_s=column_ifexists('resource_data_access_key_2_last_used_region_s', ''),\r\n        resource_data_access_key_1_last_used_service_s=column_ifexists('resource_data_access_key_1_last_used_service_s', ''),\r\n        resource_data_access_key_2_last_used_service_s=column_ifexists('resource_data_access_key_2_last_used_service_s', ''),\r\n        resource_rrn_s=column_ifexists('resource_rrn_s', ''),\r\n        resource_name_s=column_ifexists('resource_name_s', ''),\r\n        resource_account_s=column_ifexists('resource_account_s', ''),\r\n        resource_accountId_s=column_ifexists('resource_accountId_s', ''),\r\n        resource_cloudAccountGroups_s=column_ifexists('resource_cloudAccountGroups_s', ''),\r\n        resource_region_s=column_ifexists('resource_region_s', ''),\r\n        resource_regionId_s=column_ifexists('resource_regionId_s', ''),\r\n        resource_resourceType_s=column_ifexists('resource_resourceType_s', ''),\r\n        resource_resourceApiName_s=column_ifexists('resource_resourceApiName_s', ''),\r\n        resource_url_s=column_ifexists('resource_url_s', ''),\r\n        resource_data_arn_s=column_ifexists('resource_data_arn_s', ''),\r\n        resource_data_user_s=column_ifexists('resource_data_user_s', ''),\r\n        resource_additionalInfo_accessKeyAge_s=column_ifexists('resource_additionalInfo_accessKeyAge_s', ''),\r\n        resource_additionalInfo_inactiveSinceTs_s=column_ifexists('resource_additionalInfo_inactiveSinceTs_s', ''),\r\n        resource_cloudType_s=column_ifexists('resource_cloudType_s', ''),\r\n        resource_resourceTs_d=column_ifexists('resource_resourceTs_d', ''),\r\n        id_s=column_ifexists('id_s', ''),\r\n        policy_policyId_g=column_ifexists('policy_policyId_g', ''),\r\n        policy_policyType_s=column_ifexists('policy_policyType_s', ''),\r\n        policy_systemDefault_b=column_ifexists('policy_systemDefault_b', ''),\r\n        policy_remediable_b=column_ifexists('policy_remediable_b', ''),\r\n        alertRules_s=column_ifexists('alertRules_s', ''),\r\n        riskDetail_riskScore_score_d=column_ifexists('riskDetail_riskScore_score_d', ''),\r\n        riskDetail_riskScore_maxScore_d=column_ifexists('riskDetail_riskScore_maxScore_d', ''),\r\n        riskDetail_rating_s=column_ifexists('riskDetail_rating_s', ''),\r\n        riskDetail_score_s=column_ifexists('riskDetail_score_s', ''),\r\n        status_s=column_ifexists('status_s', ''),\r\n        firstSeen_d=column_ifexists('firstSeen_d', ''),\r\n        lastSeen_d=column_ifexists('lastSeen_d', ''),\r\n        alertTime_d=column_ifexists('alertTime_d', ''),\r\n        resource_id=iff(isnotempty(column_ifexists('resource_id_s', '')), column_ifexists('resource_id_s', ''), column_ifexists('resource_id_g', ''))\r\n    | project-rename\r\n        Reason=reason_s,\r\n        AlertMessage=policy_name_s,\r\n        AlertDescription=policy_description_s,\r\n        AlertSeverity=policy_severity_s,\r\n        PolicyRecommendation=policy_recommendation_s,\r\n        PolicyLabels=policy_labels_s,\r\n        PolicyLastModifiedOn=policy_lastModifiedOn_d,\r\n        PolicyLastModifiedBy=policy_lastModifiedBy_s,\r\n        PolicyDeleted=policy_deleted_b,\r\n        PolicyRemediationDescription=policy_remediation_description_s,\r\n        PolicyRemediationImpact=policy_remediation_impact_s,\r\n        PolicyRemediationCliScriptTemplate=policy_remediation_cliScriptTemplate_s,\r\n        ResourceId=resource_id,\r\n        History=history_s,\r\n        ResourceDataMfaActive=resource_data_mfa_active_b,\r\n        ResourceDataCert1Active=resource_data_cert_1_active_b,\r\n        ResourceDataCert2Active=resource_data_cert_2_active_b,\r\n        ResourceDataPasswordEnabled=resource_data_password_enabled_s,\r\n        ResourceDataPasswordLastUsed=resource_data_password_last_used_s,\r\n        ResourceDataUserCreationTime=resource_data_user_creation_time_t,\r\n        ResourceDataAccessKey1Active=resource_data_access_key_1_active_b,\r\n        ResourceDataAccessKey2Active=resource_data_access_key_2_active_b,\r\n        ResourceDataCert1LastRotated=resource_data_cert_1_last_rotated_s,\r\n        ResourceDataCert2LastRotated=resource_data_cert_2_last_rotated_s,\r\n        ResourceDataPasswordLastChanged=resource_data_password_last_changed_s,\r\n        ResourceDataPasswordNextRotation=resource_data_password_next_rotation_s,\r\n        ResourceDataAccessKey1LastRotated=resource_data_access_key_1_last_rotated_t,\r\n        ResourceDataAccessKey2LastRotated=resource_data_access_key_2_last_rotated_s,\r\n        ResourceDataAccessKey1LastUsedDate=resource_data_access_key_1_last_used_date_t,\r\n        ResourceDataAccessKey2LastUsedDate=resource_data_access_key_2_last_used_date_s,\r\n        ResourceDataAccessKey1LastUsedRegion=resource_data_access_key_1_last_used_region_s,\r\n        ResourceDataAccessKey2LastUsedRegion=resource_data_access_key_2_last_used_region_s,\r\n        ResourceDataAccessKey1LastUsedService=resource_data_access_key_1_last_used_service_s,\r\n        ResourceDataAccessKey2LastUsedService=resource_data_access_key_2_last_used_service_s,\r\n        ResourceRrn=resource_rrn_s,\r\n        ResourceName=resource_name_s,\r\n        ResourceAccount=resource_account_s,\r\n        ResourceAccountId=resource_accountId_s,\r\n        ResourceCloudAccountGroups=resource_cloudAccountGroups_s,\r\n        ResourceRegion=resource_region_s,\r\n        ResourceRegionId=resource_regionId_s,\r\n        ResourceResourceType=resource_resourceType_s,\r\n        ResourceResourceApiName=resource_resourceApiName_s,\r\n        ResourceUrl=resource_url_s,\r\n        ResourceDataArn=resource_data_arn_s,\r\n        ResourceDataUser=resource_data_user_s,\r\n        ResourceAdditionalInfoAccessKeyAge=resource_additionalInfo_accessKeyAge_s,\r\n        ResourceAdditionalInfoInactiveSinceTs=resource_additionalInfo_inactiveSinceTs_s,\r\n        ResourceCloudType=resource_cloudType_s,\r\n        ResourceResourceTs=resource_resourceTs_d,\r\n        AlertId=id_s,\r\n        PolicyPolicyId=policy_policyId_g,\r\n        PolicyPolicyType=policy_policyType_s,\r\n        PolicySystemDefault=policy_systemDefault_b,\r\n        PolicyRemediable=policy_remediable_b,\r\n        AlertRules=alertRules_s,\r\n        RiskDetailRiskScoreScore=riskDetail_riskScore_score_d,\r\n        RiskDetailRiskScoreMaxScore=riskDetail_riskScore_maxScore_d,\r\n        RiskDetailRating=riskDetail_rating_s,\r\n        RiskDetailScore=riskDetail_score_s,\r\n        Status=status_s,\r\n        FirstSeen=firstSeen_d,\r\n        LastSeen=lastSeen_d,\r\n        AlertTime=alertTime_d\r\n    | project-away\r\n        resource_id_s\r\n};\r\nunion isfuzzy=true Alert_view, Audit_view",
-        "functionParameters": "",
-        "version": 1,
-        "tags": [
-          {
-            "name": "description",
-            "value": "PaloAltoPrismaCloud Data Parser"
-          }
-        ]
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
-      "location": "[parameters('workspace-location')]",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_parserId1')]"
-      ],
-      "properties": {
-        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
-        "contentId": "[variables('_parserContentId1')]",
-        "kind": "Parser",
-        "version": "[variables('parserVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "PaloAltoPrismaCloud",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudAccessKeysUsed_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_1",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - Access keys used",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(30d)\n| where ResourceType =~ 'Login'\n| where EventMessage has 'access key'\n| summarize by UserName, SrcIpAddr\n| extend IPCustomEntity = SrcIpAddr\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for access keys used for programmatic access."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1133"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 1",
-                "parentId": "[variables('huntingQueryId1')]",
-                "contentId": "[variables('_huntingQuerycontentId1')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId1')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - Access keys used",
-        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
-        "id": "[variables('_huntingQuerycontentProductId1')]",
-        "version": "[variables('huntingQueryVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudFailedLoginsSources_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_2",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - Top sources of failed logins",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| summarize count() by SrcIpAddr\n| order by count_ desc\n| extend IPCustomEntity = SrcIpAddr\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for top source IP addresses of failed logins."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1078"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 2",
-                "parentId": "[variables('huntingQueryId2')]",
-                "contentId": "[variables('_huntingQuerycontentId2')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId2')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - Top sources of failed logins",
-        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
-        "id": "[variables('_huntingQuerycontentProductId2')]",
-        "version": "[variables('huntingQueryVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName3')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudFailedLoginsUsers_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion3')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_3",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - Top users by failed logins",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| summarize count() by UserName\n| order by count_ desc\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for users who have large number of failed logins."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1078"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId3'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 3",
-                "parentId": "[variables('huntingQueryId3')]",
-                "contentId": "[variables('_huntingQuerycontentId3')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion3')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId3')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - Top users by failed logins",
-        "contentProductId": "[variables('_huntingQuerycontentProductId3')]",
-        "id": "[variables('_huntingQuerycontentProductId3')]",
-        "version": "[variables('huntingQueryVersion3')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName4')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudHighRiskScoreOpenedAlerts_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion4')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_4",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - High risk score opened alerts",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| extend r_score = 0.85 * toint(RiskDetailRiskScoreMaxScore)\n| extend i_RiskDetailRiskScoreScore = toint(RiskDetailRiskScoreScore)\n| where i_RiskDetailRiskScoreScore > r_score\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for alerts with high risk score value."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1078"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId4'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 4",
-                "parentId": "[variables('huntingQueryId4')]",
-                "contentId": "[variables('_huntingQuerycontentId4')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion4')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId4')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - High risk score opened alerts",
-        "contentProductId": "[variables('_huntingQuerycontentProductId4')]",
-        "id": "[variables('_huntingQuerycontentProductId4')]",
-        "version": "[variables('huntingQueryVersion4')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName5')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudHighSeverityAlerts_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion5')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_5",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - High severity alerts",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| where AlertSeverity =~ 'high'\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for high severity alerts."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1078"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId5'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 5",
-                "parentId": "[variables('huntingQueryId5')]",
-                "contentId": "[variables('_huntingQuerycontentId5')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion5')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId5')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - High severity alerts",
-        "contentProductId": "[variables('_huntingQuerycontentProductId5')]",
-        "id": "[variables('_huntingQuerycontentProductId5')]",
-        "version": "[variables('huntingQueryVersion5')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName6')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudNewUsers_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion6')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_6",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - New users",
-                "category": "Hunting Queries",
-                "query": "let known_users = \nPaloAltoPrismaCloud\n| where TimeGenerated between (ago(30d) .. (1d))\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| summarize makeset(UserName);\nPaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| where UserName !in (known_users)\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for new users."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1078"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId6'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 6",
-                "parentId": "[variables('huntingQueryId6')]",
-                "contentId": "[variables('_huntingQuerycontentId6')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion6')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId6')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - New users",
-        "contentProductId": "[variables('_huntingQuerycontentProductId6')]",
-        "id": "[variables('_huntingQuerycontentProductId6')]",
-        "version": "[variables('huntingQueryVersion6')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName7')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudOpenedAlerts_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion7')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_7",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - Opened alerts",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches opened alerts."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1078"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId7'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 7",
-                "parentId": "[variables('huntingQueryId7')]",
-                "contentId": "[variables('_huntingQuerycontentId7')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion7')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId7')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - Opened alerts",
-        "contentProductId": "[variables('_huntingQuerycontentProductId7')]",
-        "id": "[variables('_huntingQuerycontentProductId7')]",
-        "version": "[variables('huntingQueryVersion7')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName8')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudTopResources_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion8')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_8",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - Top recources with alerts",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| summarize count() by ResourceName\n| order by count_ desc\n| extend AccountCustomEntity = ResourceName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches for resources which appeared in different alerts."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1133"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId8'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 8",
-                "parentId": "[variables('huntingQueryId8')]",
-                "contentId": "[variables('_huntingQuerycontentId8')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion8')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId8')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - Top recources with alerts",
-        "contentProductId": "[variables('_huntingQuerycontentProductId8')]",
-        "id": "[variables('_huntingQuerycontentProductId8')]",
-        "version": "[variables('huntingQueryVersion8')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName9')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloudUpdatedResources_HuntingQueries Hunting Query with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion9')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "PaloAltoPrismaCloud_Hunting_Query_9",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Palo Alto Prisma Cloud - Updated resources",
-                "category": "Hunting Queries",
-                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'RESOURCE_UPDATED'\n| extend AccountCustomEntity = UserName\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Query searches recently updated resources."
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "InitialAccess"
-                  },
-                  {
-                    "name": "techniques",
-                    "value": "T1133"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId9'),'/'))))]",
-              "properties": {
-                "description": "PaloAltoPrismaCloud Hunting Query 9",
-                "parentId": "[variables('huntingQueryId9')]",
-                "contentId": "[variables('_huntingQuerycontentId9')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion9')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId9')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Palo Alto Prisma Cloud - Updated resources",
-        "contentProductId": "[variables('_huntingQuerycontentProductId9')]",
-        "id": "[variables('_huntingQuerycontentProductId9')]",
-        "version": "[variables('huntingQueryVersion9')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PaloAltoPrismaCloud data connector with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "Palo Alto Prisma Cloud CSPM (using Azure Functions)",
-                  "publisher": "Palo Alto",
-                  "descriptionMarkdown": "The Palo Alto Prisma Cloud CSPM data connector provides the capability to ingest [Prisma Cloud CSPM alerts](https://prisma.pan.dev/api/cloud/cspm/alerts#operation/get-alerts) and [audit logs](https://prisma.pan.dev/api/cloud/cspm/audit-logs#operation/rl-audit-logs) into Microsoft sentinel using the Prisma Cloud CSPM API. Refer to [Prisma Cloud CSPM API documentation](https://prisma.pan.dev/api/cloud/cspm) for more information.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Prisma Cloud alerts",
-                      "legend": "PaloAltoPrismaCloudAlert_CL",
-                      "baseQuery": "PaloAltoPrismaCloudAlert_CL"
-                    },
-                    {
-                      "metricName": "Prisma Cloud audit logs",
-                      "legend": "PaloAltoPrismaCloudAudit_CL",
-                      "baseQuery": "PaloAltoPrismaCloudAudit_CL"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "All Prisma Cloud alerts",
-                      "query": "PaloAltoPrismaCloudAlert_CL\n| sort by TimeGenerated desc"
-                    },
-                    {
-                      "description": "All Prisma Cloud audit logs",
-                      "query": "PaloAltoPrismaCloudAudit_CL\n| sort by TimeGenerated desc"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "PaloAltoPrismaCloudAlert_CL",
-                      "lastDataReceivedQuery": "PaloAltoPrismaCloudAlert_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    },
-                    {
-                      "name": "PaloAltoPrismaCloudAudit_CL",
-                      "lastDataReceivedQuery": "PaloAltoPrismaCloudAudit_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "PaloAltoPrismaCloudAlert_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)",
-                        "PaloAltoPrismaCloudAudit_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions on the workspace are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "read": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "name": "Microsoft.Web/sites permissions",
-                        "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
-                      },
-                      {
-                        "name": "Palo Alto Prisma Cloud API Credentials",
-                        "description": "**Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key** are required for Prisma Cloud API connection. See the documentation to learn more about [creating Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and about [obtaining Prisma Cloud API Url](https://prisma.pan.dev/api/cloud/api-urls)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This connector uses Azure Functions to connect to the Palo Alto Prisma Cloud REST API to pull logs into Microsoft sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
-                    },
-                    {
-                      "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
-                    },
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution."
-                    },
-                    {
-                      "description": "**STEP 1 - Configuration of the Prisma Cloud**\n\nFollow the documentation to [create Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and [obtain Prisma Cloud API Url](https://api.docs.prismacloud.io/reference)\n\n NOTE: Please use SYSTEM ADMIN role for giving access to Prisma Cloud API because only SYSTEM ADMIN role is allowed to View Prisma Cloud Audit Logs. Refer to [Prisma Cloud Administrator Permissions (paloaltonetworks.com)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions) for more details of administrator permissions."
-                    },
-                    {
-                      "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Prisma Cloud data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Prisma Cloud API credentials, readily available.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Workspace ID"
-                          },
-                          "type": "CopyableLabel"
-                        },
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "PrimaryKey"
-                            ],
-                            "label": "Primary Key"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ]
-                    },
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "instructionSteps": [
-                              {
-                                "title": "Option 1 - Azure Resource Manager (ARM) Template",
-                                "description": "Use this method for automated deployment of the Prisma Cloud data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-PaloAltoPrismaCloud-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key**, **Microsoft sentinel Workspace Id**, **Microsoft sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy."
-                              },
-                              {
-                                "title": "Option 2 - Manual Deployment of Azure Functions",
-                                "description": "Use the following step-by-step instructions to deploy the Prisma Cloud data connector manually with Azure Functions (Deployment via Visual Studio Code).",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "instructionSteps": [
-                                        {
-                                          "title": "Step 1 - Deploy a Function App",
-                                          "description": "**NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-PaloAltoPrismaCloud-functionapp) file. Extract archive to your local development computer.\n2. Follow the [function app manual deployment instructions](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AzureFunctionsManualDeployment.md#function-app-manual-deployment-instructions) to deploy the Azure Functions app using VSCode.\n3. After successful deployment of the function app, follow next steps for configuring it."
-                                        },
-                                        {
-                                          "title": "Step 2 - Configure the Function App",
-                                          "description": "1. Go to Azure Portal for the Function App configuration.\n2. In the Function App, select the Function App Name and select **Configuration**.\n3. In the **Application settings** tab, select **+ New application setting**.\n4. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tPrismaCloudAPIUrl\n\t\tPrismaCloudAccessKeyID\n\t\tPrismaCloudSecretKey\n\t\tAzureSentinelWorkspaceId\n\t\tAzureSentinelSharedKey\n\t\tlogAnalyticsUri (Optional)\n - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://WORKSPACE_ID.ods.opinsights.azure.us`. \n5. Once all application settings have been entered, click **Save**."
-                                        }
-                                      ]
-                                    },
-                                    "type": "InstructionStepsGroup"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PaloAltoPrismaCloud",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "Palo Alto Prisma Cloud CSPM (using Azure Functions)",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "PaloAltoPrismaCloud",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "Palo Alto Prisma Cloud CSPM (using Azure Functions)",
-          "publisher": "Palo Alto",
-          "descriptionMarkdown": "The Palo Alto Prisma Cloud CSPM data connector provides the capability to ingest [Prisma Cloud CSPM alerts](https://prisma.pan.dev/api/cloud/cspm/alerts#operation/get-alerts) and [audit logs](https://prisma.pan.dev/api/cloud/cspm/audit-logs#operation/rl-audit-logs) into Microsoft sentinel using the Prisma Cloud CSPM API. Refer to [Prisma Cloud CSPM API documentation](https://prisma.pan.dev/api/cloud/cspm) for more information.",
-          "graphQueries": [
-            {
-              "metricName": "Prisma Cloud alerts",
-              "legend": "PaloAltoPrismaCloudAlert_CL",
-              "baseQuery": "PaloAltoPrismaCloudAlert_CL"
-            },
-            {
-              "metricName": "Prisma Cloud audit logs",
-              "legend": "PaloAltoPrismaCloudAudit_CL",
-              "baseQuery": "PaloAltoPrismaCloudAudit_CL"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "PaloAltoPrismaCloudAlert_CL",
-              "lastDataReceivedQuery": "PaloAltoPrismaCloudAlert_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            },
-            {
-              "name": "PaloAltoPrismaCloudAudit_CL",
-              "lastDataReceivedQuery": "PaloAltoPrismaCloudAudit_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "PaloAltoPrismaCloudAlert_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)",
-                "PaloAltoPrismaCloudAudit_CL\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "All Prisma Cloud alerts",
-              "query": "PaloAltoPrismaCloudAlert_CL\n| sort by TimeGenerated desc"
-            },
-            {
-              "description": "All Prisma Cloud audit logs",
-              "query": "PaloAltoPrismaCloudAudit_CL\n| sort by TimeGenerated desc"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions on the workspace are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "read": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "name": "Microsoft.Web/sites permissions",
-                "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
-              },
-              {
-                "name": "Palo Alto Prisma Cloud API Credentials",
-                "description": "**Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key** are required for Prisma Cloud API connection. See the documentation to learn more about [creating Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and about [obtaining Prisma Cloud API Url](https://prisma.pan.dev/api/cloud/api-urls)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This connector uses Azure Functions to connect to the Palo Alto Prisma Cloud REST API to pull logs into Microsoft sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
-            },
-            {
-              "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
-            },
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution."
-            },
-            {
-              "description": "**STEP 1 - Configuration of the Prisma Cloud**\n\nFollow the documentation to [create Prisma Cloud Access Key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) and [obtain Prisma Cloud API Url](https://api.docs.prismacloud.io/reference)\n\n NOTE: Please use SYSTEM ADMIN role for giving access to Prisma Cloud API because only SYSTEM ADMIN role is allowed to View Prisma Cloud Audit Logs. Refer to [Prisma Cloud Administrator Permissions (paloaltonetworks.com)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions) for more details of administrator permissions."
-            },
-            {
-              "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Prisma Cloud data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Prisma Cloud API credentials, readily available.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Workspace ID"
-                  },
-                  "type": "CopyableLabel"
-                },
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "PrimaryKey"
-                    ],
-                    "label": "Primary Key"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ]
-            },
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "instructionSteps": [
-                      {
-                        "title": "Option 1 - Azure Resource Manager (ARM) Template",
-                        "description": "Use this method for automated deployment of the Prisma Cloud data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-PaloAltoPrismaCloud-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Prisma Cloud API Url**, **Prisma Cloud Access Key ID**, **Prisma Cloud Secret Key**, **Microsoft sentinel Workspace Id**, **Microsoft sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy."
-                      },
-                      {
-                        "title": "Option 2 - Manual Deployment of Azure Functions",
-                        "description": "Use the following step-by-step instructions to deploy the Prisma Cloud data connector manually with Azure Functions (Deployment via Visual Studio Code).",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "instructionSteps": [
-                                {
-                                  "title": "Step 1 - Deploy a Function App",
-                                  "description": "**NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-PaloAltoPrismaCloud-functionapp) file. Extract archive to your local development computer.\n2. Follow the [function app manual deployment instructions](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AzureFunctionsManualDeployment.md#function-app-manual-deployment-instructions) to deploy the Azure Functions app using VSCode.\n3. After successful deployment of the function app, follow next steps for configuring it."
-                                },
-                                {
-                                  "title": "Step 2 - Configure the Function App",
-                                  "description": "1. Go to Azure Portal for the Function App configuration.\n2. In the Function App, select the Function App Name and select **Configuration**.\n3. In the **Application settings** tab, select **+ New application setting**.\n4. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tPrismaCloudAPIUrl\n\t\tPrismaCloudAccessKeyID\n\t\tPrismaCloudSecretKey\n\t\tAzureSentinelWorkspaceId\n\t\tAzureSentinelSharedKey\n\t\tlogAnalyticsUri (Optional)\n - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://WORKSPACE_ID.ods.opinsights.azure.us`. \n5. Once all application settings have been entered, click **Save**."
-                                }
-                              ]
-                            },
-                            "type": "InstructionStepsGroup"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution."
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PrismaCloudCSPMCustomConnector Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion1')]",
-          "parameters": {
-            "CustomConnectorName": {
-              "defaultValue": "PrismaCloudCSPMCustomConnector",
-              "type": "String",
-              "metadata": {
-                "description": "Name of the custom connector, if you want to change the default name, make sure to use the same in all Prisma Cloud automation playbooks as well"
-              }
-            },
-            "PrismaCloudAPIURL": {
-              "type": "String",
-              "metadata": {
-                "description": "Check documentation of prisma cloud for Actual API url (https://prisma.pan.dev/api/cloud/api-urls) . Note: Do NOT prefix with https:// or http:// etc"
-              }
-            }
-          },
-          "variables": {
-            "api_host": "[[replace(replace(parameters('PrismaCloudAPIURL'),'https://',''),'http://','')]",
-            "ServiceName": "[[concat('https://', variables('api_host'))]",
-            "operationId-RefreshToken": "RefreshToken",
-            "_operationId-RefreshToken": "[[variables('operationId-RefreshToken')]",
-            "operationId-LoginGenerateToken": "LoginGenerateToken",
-            "_operationId-LoginGenerateToken": "[[variables('operationId-LoginGenerateToken')]",
-            "operationId-AssetInventoryViewV2": "AssetInventoryViewV2",
-            "_operationId-AssetInventoryViewV2": "[[variables('operationId-AssetInventoryViewV2')]",
-            "operationId-AssetInventoryTrendViewV2": "AssetInventoryTrendViewV2",
-            "_operationId-AssetInventoryTrendViewV2": "[[variables('operationId-AssetInventoryTrendViewV2')]",
-            "operationId-AssetsResourceScan": "AssetsResourceScan",
-            "_operationId-AssetsResourceScan": "[[variables('operationId-AssetsResourceScan')]",
-            "operationId-AssetsEnrichment": "AssetsEnrichment",
-            "_operationId-AssetsEnrichment": "[[variables('operationId-AssetsEnrichment')]",
-            "operationId-ListAlerts": "ListAlerts",
-            "_operationId-ListAlerts": "[[variables('operationId-ListAlerts')]",
-            "operationId-GetAlertInfo": "GetAlertInfo",
-            "_operationId-GetAlertInfo": "[[variables('operationId-GetAlertInfo')]",
-            "operationId-GetAnomalyTrustedList": "GetAnomalyTrustedList",
-            "_operationId-GetAnomalyTrustedList": "[[variables('operationId-GetAnomalyTrustedList')]",
-            "operationId-AddEntriesToAnomalyTrustedList": "AddEntriesToAnomalyTrustedList",
-            "_operationId-AddEntriesToAnomalyTrustedList": "[[variables('operationId-AddEntriesToAnomalyTrustedList')]",
-            "operationId-ListRemediationCommand": "ListRemediationCommand",
-            "_operationId-ListRemediationCommand": "[[variables('operationId-ListRemediationCommand')]",
-            "operationId-RemediateAlert": "RemediateAlert",
-            "_operationId-RemediateAlert": "[[variables('operationId-RemediateAlert')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "playbookContentId1": "PrismaCloudCSPMCustomConnector",
-            "playbookId1": "[[resourceId('Microsoft.Web/customApis', parameters('CustomConnectorName'))]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/customApis",
-              "apiVersion": "2016-06-01",
-              "name": "[[parameters('CustomConnectorName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "capabilities": "[variables('TemplateEmptyArray')]",
-                "description": "[[concat(parameters('CustomConnectorName'),' connects to Prisma Cloud CSPM services end point to runs any Prisma supported API get/post/patch calls and gives response back in JSON format. \n\nNote: For better understanding , check https://prisma.pan.dev/api/cloud/cspm/')]",
-                "displayName": "[[parameters('CustomConnectorName')]",
-                "iconUri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANMAAAEACAYAAAAp2kPsAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAJOgAACToAYJjBRwAAAOWaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzE0OCA3OS4xNjM4NTgsIDIwMTkvMDMvMDYtMDM6MTg6MzYgICAgICAgICI+CiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICB4bWxuczpkYW09Imh0dHA6Ly93d3cuZGF5LmNvbS9kYW0vMS4wIgogICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iCiAgIGRhbTpQaHlzaWNhbGhlaWdodGluaW5jaGVzPSIzLjU1NjM2NTcyODM3ODI5NiIKICAgZGFtOlBoeXNpY2Fsd2lkdGhpbmluY2hlcz0iMTcuNjE1MTIzNzQ4Nzc5Mjk3IgogICBkYW06RmlsZWZvcm1hdD0iUE5HIgogICBkYW06UHJvZ3Jlc3NpdmU9Im5vIgogICBkYW06Qml0c3BlcnBpeGVsPSIzMiIKICAgZGFtOk1JTUV0eXBlPSJpbWFnZS9wbmciCiAgIGRhbTpQaHlzaWNhbHdpZHRoaW5kcGk9IjcyIgogICBkYW06UGh5c2ljYWxoZWlnaHRpbmRwaT0iNzIiCiAgIGRhbTpOdW1iZXJvZmltYWdlcz0iMSIKICAgZGFtOk51bWJlcm9mdGV4dHVhbGNvbW1lbnRzPSIwIgogICB0aWZmOkltYWdlTGVuZ3RoPSIyNTYiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMTI2OCIKICAgZGM6Zm9ybWF0PSJpbWFnZS9wbmciCiAgIGRjOm1vZGlmaWVkPSIyMDIxLTA2LTE1VDA1OjE1OjAxLjQxMy0wNzowMCIvPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/PnDSuR8AAAoUSURBVHhe7d1LjlzlHYbxcoOAGAMW8iBSIhkpA4ZkCbADlgArSFiB8QpwVkCWwA6AHcCQQSQsORIDhAwYEoOJ49d1Du6ursu5fJf/5flJFlU9Qb48evuc8nd85fETG6Rw/9HjzRcPft28ff2F4Sso6Wz4L4JTSO98+d3ms/u/DF9BacSUwBjSFw8eDV9BDcQUHCG1Q0yBEVJbxBQUIbVHTAERUh/EFAwh9UNMgRBSX8QUBCH1R0wBEJINxOQcIdlBTI4Rki3E5BQh2UNMDhGSTcTkDCHZRUyOEJJtxOQEIdlHTA4Qkg/EZBwh+UFMhhGSL8RkFCH5Q0wGEZJPxGQMIflFTIYQkm/EZAQh+UdMBhBSDMTUGSHFQUwdEVIsxNQJIcVDTB0QUkzE1BghxUVMDRFSbMTUCCHFR0wNEFIOxFQZIeVBTBURUi7EVAkh5UNMFRBSTsRUGCHlRUwFEVJuxFQIIYGYCiAkCDGtREgYEdMKhITziGkhQsIuYlqAkLAPMc1ESDiEmGYgJBxDTBMREk4hpgkICVMQ0wmEhKmI6YiIId19+L/hFUojpgMihnT9+Subz+7/svn6v78NX0FJxLRH1G/t/vanq5s3Xnpuc/vuT8NXUBIx7Ygaklbp739++enrf37zH9apAmI6J/LNBq2SghqxTuUR0yBySOdXaaR1ivhz7YmYnogckuyu0uiDf/04vEIJ6WOKHpJuOOyu0kh39vQDZaSOKXpIcuvmy3tXacS1UzlpY8oQklbpvT/+YXi3H+tUTsqYMoQkWqUpWKcy0sWUJaQpqzTSMn3y7cPhHZZKFVOWkOSjv7wyvJqGO3vrpYkpU0hvX39h8+6NF4d30+hvROizJyyXIqZMIcnUa6VdXDutEz6mbCFplfRjCdZpndAxZQtJlq7SSOukXzfMFzamjCGtWaWR1unOPb7dWyJkTBlDkrl38A75x79/Zp0WCBdT1pD0mdJfrz0/vFtHv4as03yhYsoakqy9VtrFOs0XJqbMIWmV9DceSmKd5gsRU+aQpPQqjbROHG+fzn1M2UOqsUoj/dryQe50rmPKHpLOKZW6g3cID1+Zzm1M2UOSQ8fRS2OdpnEZEyHtf0hKLazTNO5iIqStVqs0Yp1OcxUTIW21XKWR1onj7ce5iYmQnrl181rTVRqxTse5iImQntk+uuvq8K4tHr5ynPmYCOmiWh/QTsU6HWY6JkK6aM5DUmphnQ4zGxMhXdZ7lUY8fGU/kzER0mUWVmmk3xeOt19mLiZC2u/jN18dXtnAtdNlpmIipP1KHEcvjYevXGYmJkI6zMq10i7W6SITMRHSYRZXacQ6XdQ9JkI6zuoqjXRnT7+H6BwTIR1neZVG+j3kePtWt5gI6TRrd/AO4eErW11iIqTTah5HL4112moeEyFNY/1aaRfr1DgmQprG0yqNWKeGMRHSdN5WaaTPnTIfb28SEyFNp5C8rdJ5mT/IrR4TIU3X4zh6aZkfvlI1JkKap/VDUmrJuk7VYiKkeSKs0ijrOlWJiZDmi7JKo/e/+mF4lUfxmAhpvkirNMp4vL1oTIS0jJ4XHmmVRtmunYrFREjLWDqOXlq2dSoSEyEt5/UD2qkyrdPqmAhpucirNMq0TqtiIqR1oq/SKMudvcUxEdI6+pfRo6/SKMvx9kUxEdJ6tf/FP2syXDvNjomQ1vNwHL20DOs0KyZCKiPLtdKu6Os0OSZCKiPjKo20Tnfu/Ty8i2dSTIRUTtZVGt2+++Dpn6eITsZESOXo7l3WVRrpz1PU4+1HYyKksrKv0ijqw1cOxkRIZXl8SEotUddpb0yEVB6rdFHEdboUEyGVxypdpj9n0f4FwgsxEVJ5OqfEKu0X7Xj77zERUh06js4qHRbpg9ynMRFSHRGPo5cWaZ3OCKmeaA9JqSXKOp0RUh2s0nRapwh/Bs8IqQ5WaZ4Id/b2fs6EdXTDgVWaJ8LxdmKqQLfCWaX5vF87EVNhGR6SUov3dSKmwviAdh3P60RMBbFK62mZvB5vP+N7+3KyPSSlFq/rdPbpW69zsVyADv29e+PF4R3W8PrwlTM9v42g1uNaqSyP6/T0momg1sn8kJRaPK7T7zcgCGo5VqkOrZP+7qgXF+7mEdR8rFI920eD+fl279KtcYKahzt4dXk63r73cyaCmkafKenXCvUoJC/rtDcmIajTuFZqw8s6HYxJCOowHpLSjpd1OhqTENR+rFJbWifrx9tPxiQEdRGr1J7WyfoHuZNiEoLa0s+fO3h9WH/4yuSYhKA4jt6b5XWaFZNkDko/Z46j92V5nWbHJFmDYpVssPrwlUUxSbagWCU7Pvn2ocnj7YtjkkxB3bp5jVUyxOK106qYJENQ20d3XR3ewQKLD19ZHZNED4oPaG2ytk5FYpKoQfGQFLusrVOxmCRiUKySbZbu7BWNSSIFxSrZp2flWzneXjwmiRLUx2++OryCZVaunarEJN6D4ji6H1YevlItJvEcFNdKvlhYp6oxicegWCV/LKxT9ZjEW1Cskk+6s9fzeHuTmMRLUKySX72PtzeLSTwExR0833o+fKVpTGI5KI6j+9dznZrHJFaD4lophl7r1CUmsRYUqxSHQrp998Hwrp1uMYmloFilWO7ca/9osK4xiYWgFBKrFE/rD3K7xyQ9g9L/k+PoMbV++IqJmKRXUDwkJbaW62QmJmkdFKsUX8t1MhWTtAyKVcrh/a9+GF7VdeXxE8NrU3To650vv6v6eYEekvLac7li+vz7X4dXuehvttS+yWQ2JmkRVDa6c/nhG9eGdyjJ3Ld551m4bQ5MZTomISh4YT4mISh44CImIShY5yYmIShY5iomIShY5S4mIShY5DImIShY4zYmIShY4jomIShY4T4mIShYECImISj0FiYmISj0FComISj0Ei4mISj0EDImISi0FjYmISi0FDomISi0Ej4mISi0kCImISjUliYmISjUlComISjUki4mISjUkDImISiUljYmISiUlDomISiUkj4mISiUQEwDgsJaxHQOQWENYtpBUFiKmPYgKCxBTAcQFOYipiMICnMQ0wkEhamIaQKCwhTENBFB4RRimoGgcAwxzURQOISYFiAo7ENMCxEUdhHTCgSF84hpJYLCiJgKICgIMRVCUCCmgggqN2IqjKDyIqYKCConYqqEoPIhpooIKhdiqoyg8iCmBggqB2JqhKDiI6aGCCo2YmqMoOIipg4IKiZi6oSg4iGmjggqFmLqjKDiICYDCCoGYjKCoPwjJkMIyjdiMoag/CImgwjKJ2IyiqD8ISbDCMoXYjKOoPwgJgcIygdicoKg7CMmRwjKNmJyhqDsIiaHCMomYnKKoOwhJscIyhZico6g7CCmAAjKBmIKgqD6I6ZACKovYgqGoPohpoAIqg9iCoqg2iOmwAiqLWIKjqDaIaYECKoNYkriWVD8ltex2fwfs//NjmqcgcgAAAAASUVORK5CYII=",
-                "backendService": {
-                  "serviceUrl": "[[variables('ServiceName')]"
-                },
-                "apiType": "Rest",
-                "swagger": {
-                  "swagger": "2.0",
-                  "info": {
-                    "version": "1.0.0",
-                    "title": "Prisma Cloud",
-                    "description": "This custom connector connects to Prisma Cloud CSPM services end point to runs any Prisma supported API get/post/patch calls and gives response back in JSON format. \n\nNote: For better understanding , check https://prisma.pan.dev/api/cloud/cspm/')]"
-                  },
-                  "host": "[[replace(replace(parameters('PrismaCloudAPIURL'),'https://',''),'http://','')]",
-                  "basePath": "/",
-                  "schemes": [
-                    "https"
-                  ],
-                  "consumes": "[variables('TemplateEmptyArray')]",
-                  "produces": [
-                    "application/json"
-                  ],
-                  "paths": {
-                    "/auth_token/extend": {
-                      "get": {
-                        "summary": "Refresh Token",
-                        "description": "Refresh Token",
-                        "operationId": "[[variables('_operationId-RefreshToken')]",
-                        "parameters": [
-                          {
-                            "name": "accept",
-                            "in": "header",
-                            "required": true,
-                            "type": "string",
-                            "default": "application/json; charset=UTF-8",
-                            "description": "accept"
-                          },
-                          {
-                            "name": "content-type",
-                            "in": "header",
-                            "required": true,
-                            "type": "string",
-                            "default": "application/json",
-                            "description": "content-type"
-                          },
-                          {
-                            "name": "x-redlock-auth",
-                            "in": "header",
-                            "required": true,
-                            "type": "string",
-                            "default": "{{token}}",
-                            "description": "x-redlock-auth"
-                          }
-                        ],
-                        "responses": {
-                          "default": {
-                            "description": "default"
-                          }
-                        }
-                      }
-                    },
-                    "/login": {
-                      "post": {
-                        "summary": "Login Generate Token",
-                        "description": "Login Generate Token",
-                        "operationId": "[[variables('_operationId-LoginGenerateToken')]",
-                        "parameters": [
-                          {
-                            "name": "content-type",
-                            "in": "header",
-                            "required": true,
-                            "type": "string",
-                            "default": "application/json; charset=UTF-8",
-                            "description": "content-type"
-                          },
-                          {
-                            "name": "body",
-                            "in": "body",
-                            "schema": {
-                              "type": "object",
-                              "properties": {
-                                "customerName": {
-                                  "type": "string",
-                                  "description": "customerName"
-                                },
-                                "password": {
-                                  "type": "string",
-                                  "description": "password",
-                                  "title": "[variables('blanks')]",
-                                  "format": "password"
-                                },
-                                "prismaId": {
-                                  "type": "string",
-                                  "description": "prismaId"
-                                },
-                                "username": {
-                                  "type": "string",
-                                  "description": "username",
-                                  "title": "[variables('blanks')]"
-                                }
-                              },
-                              "default": {
-                                "customerName": "string",
-                                "password": "string",
-                                "prismaId": "string",
-                                "username": "string"
-                              },
-                              "required": [
-                                "password",
-                                "username"
-                              ]
-                            },
-                            "required": true
-                          }
-                        ],
-                        "responses": {
-                          "default": {
-                            "description": "default",
-                            "schema": {
-                              "type": "object",
-                              "properties": {
-                                "message": {
-                                  "type": "string",
-                                  "description": "message"
-                                },
-                                "token": {
-                                  "type": "string",
-                                  "description": "token"
-                                },
-                                "customerNames": {
-                                  "type": "array",
-                                  "items": {
-                                    "type": "object",
-                                    "properties": {
-                                      "customerName": {
-                                        "type": "string",
-                                        "description": "customerName"
-                                      },
-                                      "prismaId": {
-                                        "type": "string",
-                                        "description": "prismaId"
-                                      },
-                                      "tosAccepted": {
-                                        "type": "boolean",
-                                        "description": "tosAccepted"
-                                      }
-                                    }
-                                  },
-                                  "description": "customerNames"
-                                }
-                              }
-                            }
-                          }
-                        }
+                    },
+                    "/login": {
+                      "post": {
+                        "summary": "Login Generate Token",
+                        "description": "Login Generate Token",
+                        "operationId": "[[variables('_operationId-LoginGenerateToken')]",
+                        "parameters": [
+                          {
+                            "name": "content-type",
+                            "in": "header",
+                            "required": true,
+                            "type": "string",
+                            "default": "application/json; charset=UTF-8",
+                            "description": "content-type"
+                          },
+                          {
+                            "name": "body",
+                            "in": "body",
+                            "schema": {
+                              "type": "object",
+                              "properties": {
+                                "customerName": {
+                                  "type": "string",
+                                  "description": "customerName"
+                                },
+                                "password": {
+                                  "type": "string",
+                                  "description": "password",
+                                  "title": "[variables('blanks')]",
+                                  "format": "password"
+                                },
+                                "prismaId": {
+                                  "type": "string",
+                                  "description": "prismaId"
+                                },
+                                "username": {
+                                  "type": "string",
+                                  "description": "username",
+                                  "title": "[variables('blanks')]"
+                                }
+                              },
+                              "default": {
+                                "customerName": "string",
+                                "password": "string",
+                                "prismaId": "[variables('_prismaId')]",
+                                "username": "string"
+                              },
+                              "required": [
+                                "password",
+                                "username"
+                              ]
+                            },
+                            "required": true
+                          }
+                        ],
+                        "responses": {
+                          "default": {
+                            "description": "default",
+                            "schema": {
+                              "type": "object",
+                              "properties": {
+                                "message": {
+                                  "type": "string",
+                                  "description": "message"
+                                },
+                                "token": {
+                                  "type": "string",
+                                  "description": "token"
+                                },
+                                "customerNames": {
+                                  "type": "array",
+                                  "items": {
+                                    "type": "object",
+                                    "properties": {
+                                      "customerName": {
+                                        "type": "string",
+                                        "description": "customerName"
+                                      },
+                                      "prismaId": {
+                                        "type": "string",
+                                        "description": "prismaId"
+                                      },
+                                      "tosAccepted": {
+                                        "type": "boolean",
+                                        "description": "tosAccepted"
+                                      }
+                                    }
+                                  },
+                                  "description": "customerNames"
+                                }
+                              }
+                            }
+                          }
+                        }
                       }
                     },
                     "/v2/inventory": {
@@ -3432,7 +1441,7 @@
                                 }
                               },
                               "default": {
-                                "assetId": "94e06523e93b9b0f15ed03da031c95d5",
+                                "assetId": "[variables('_assetId')]",
                                 "type": "ALERTS"
                               },
                               "required": [
@@ -3773,13 +1782,13 @@
                                   "string"
                                 ],
                                 "trustedListType": "ip, resource, image, tag, service, port, subject, domain, protocol",
-                                "accountID": "any",
+                                "accountID": "[variables('_accountID')]",
                                 "vpc": "any",
                                 "trustedListEntries": [
                                   {
                                     "ipCIDR": "string",
-                                    "resourceID": "string",
-                                    "imageID": "string",
+                                    "resourceID": "[variables('_resourceID')]",
+                                    "imageID": "[variables('_imageID')]",
                                     "tagKey": "string",
                                     "tagValue": "string",
                                     "service": "string",
@@ -6552,255 +4561,2298 @@
                       },
                       "type": "If"
                     },
-                    "For_each_-_collect_all_entity_in_one_array": {
-                      "foreach": "@body('Parse_JSON_-_entities_')",
-                      "actions": {
-                        "Append_to_array_variable": {
-                          "type": "AppendToArrayVariable",
-                          "inputs": {
-                            "name": "collect_entities",
-                            "value": "@items('For_each_-_collect_all_entity_in_one_array')?['properties']?['hostName']"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Initialize_variable_-_collect_response": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach"
+                    "For_each_-_collect_all_entity_in_one_array": {
+                      "foreach": "@body('Parse_JSON_-_entities_')",
+                      "actions": {
+                        "Append_to_array_variable": {
+                          "type": "AppendToArrayVariable",
+                          "inputs": {
+                            "name": "collect_entities",
+                            "value": "@items('For_each_-_collect_all_entity_in_one_array')?['properties']?['hostName']"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Initialize_variable_-_collect_response": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_secret": {
+                      "runAfter": {
+                        "For_each_-_collect_all_entity_in_one_array": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['keyvault']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/secrets/@{encodeURIComponent(parameters('PrismaSecretName'))}/value"
+                      }
+                    },
+                    "Initialize_variable_-_collect_alerts": {
+                      "runAfter": {
+                        "Initialize_variable_-_collect_entity": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "collected_alerts",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Initialize_variable_-_collect_entity": {
+                      "runAfter": {
+                        "Parse_JSON_-_entities_": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "collect_entities",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Initialize_variable_-_collect_response": {
+                      "runAfter": {
+                        "Initialize_variable_-_collect_alerts": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "Collect_response",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Parse_JSON_-_entities_": {
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "schema": {
+                          "items": {
+                            "properties": {
+                              "id": {
+                                "type": "string"
+                              },
+                              "kind": {
+                                "type": "string"
+                              },
+                              "properties": {
+                                "properties": {
+                                  "friendlyName": {
+                                    "type": "string"
+                                  },
+                                  "hostName": {
+                                    "type": "string"
+                                  }
+                                },
+                                "type": "object"
+                              },
+                              "type": {
+                                "type": "string"
+                              }
+                            },
+                            "required": [
+                              "id",
+                              "kind",
+                              "properties",
+                              "type"
+                            ],
+                            "type": "object"
+                          },
+                          "type": "array"
+                        }
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "PrismaCloudCSPMCustomConnector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PrismacloudcspmcustomconnectorConnectionName'))]",
+                        "connectionName": "[[variables('PrismacloudcspmcustomconnectorConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
+                      },
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "keyvault": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
+                        "connectionName": "[[variables('KeyvaultConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Keyvault')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "teams": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]",
+                        "connectionName": "[[variables('TeamsConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]"
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('PrismacloudcspmcustomconnectorConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('PrismacloudcspmcustomconnectorConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('PrismacloudcspmcustomconnectorConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/Connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('KeyvaultConnectionName')]",
+              "kind": "V1",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "api": {
+                  "id": "[[variables('_connection-4')]",
+                  "type": "Microsoft.Web/locations/managedApis"
+                },
+                "parameterValueType": "Alternative",
+                "alternativeParameterValues": {
+                  "vaultName": "[[parameters('keyvault name')]"
+                },
+                "displayName": "[[variables('KeyvaultConnectionName')]",
+                "nonSecretParameterValues": {
+                  "vaultName": "[[parameters('keyvault name')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('TeamsConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('TeamsConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-5')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId3')]",
+                "contentId": "[variables('_playbookContentId3')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_PrismaCloudCSPMCustomConnector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Remediate assets on prisma cloud",
+            "description": "This playbook provides/updates the compliance security posture details of asset in comments section of triggered incident so that SOC analysts can directly take corrective measure to prevent the attack",
+            "prerequisites": [
+              "1. PrismaCloudCSPM Custom Connector needs to be deployed prior to the deployment of this playbook under the same subscription.",
+              "2. API Key and User ID . To get this, login into your Prisma cloud instance dashboard and navigate to Settings --> Access Control --> Access Keys --> Add",
+              "3. TeamsID and channelID of your tenant is needed for posting messages on Microsoft teams",
+              "4. [Important step]Store the API secret key in Key vault then provide the keyvault name and key name of the stored secret during deployment"
+            ],
+            "postDeployment": [
+              "1. During deployment you need to provide your Key vault name ,TeamsID , channelID , User ID and API key name of stored secret key."
+            ],
+            "lastUpdateTime": "2023-02-03T00:00:00Z",
+            "entities": [
+              "host"
+            ],
+            "tags": [
+              "Remediation",
+              "Notification",
+              "CSPM",
+              "PrismaCloud",
+              "Compliance",
+              "Posture",
+              "Policy"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId3')]",
+        "contentKind": "Playbook",
+        "displayName": "PrismaCloudCSPM-Remediation",
+        "contentProductId": "[variables('_playbookcontentProductId3')]",
+        "id": "[variables('_playbookcontentProductId3')]",
+        "version": "[variables('playbookVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudOverviewWorkbook Workbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId1')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "Sets the time name for analysis."
+              },
+              "properties": {
+                "displayName": "[parameters('workbook1-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Palo Alto Prisma Cloud Overview\\n---\\n**NOTE**: This workbook depends on a parser based on a Kusto Function to work as expected [**PaloAltoPrismaCloud**](https://aka.ms/sentinel-PaloAltoPrismaCloud-parser) which is deployed with the Microsoft sentinel Solution.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"600df9d4-1fb8-4255-a77e-27f5d12a5097\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"value\":{\"durationMs\":2592000000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":7776000000}]},\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\n| make-series TotalEvents = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain};\",\"size\":0,\"title\":\"Events over time\",\"color\":\"grayBlue\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"areachart\",\"tileSettings\":{\"showBorder\":false}},\"customWidth\":\"50\",\"name\":\"query - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(ResourceRegion)\\r\\n| summarize count() by ResourceRegion\",\"size\":3,\"title\":\"Events by Region\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(ResourceCloudType)\\r\\n| summarize count() by ResourceCloudType\",\"size\":3,\"title\":\"Events by Cloud type\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - 1\"}]},\"customWidth\":\"50\",\"name\":\"group - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| summarize Low = countif(AlertSeverity =~ \\\"low\\\"), Medium = countif(AlertSeverity == \\\"medium\\\"), High = countif(AlertSeverity == \\\"high\\\") by bin_at(TimeGenerated, 1h, now())\",\"size\":0,\"title\":\"Alerts over time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"scatterchart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Low\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"color\":\"orange\"},{\"seriesName\":\"High\",\"color\":\"redBright\"}]}},\"customWidth\":\"55\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where Status =~ 'open'\\r\\n| project AlertId, AlertSeverity, AlertMessage\",\"size\":0,\"title\":\"Open Alerts\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"customWidth\":\"40\",\"name\":\"query - 2\",\"styleSettings\":{\"margin\":\"20px\"}}]},\"name\":\"group - 4\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(SrcIpAddr)\\r\\n| summarize count() by SrcIpAddr\\r\\n| top 10 by count_ desc\",\"size\":3,\"title\":\"Top Sources\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"30\",\"name\":\"query - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let u1 = PaloAltoPrismaCloud\\r\\n| where isnotempty(PolicyLastModifiedBy)\\r\\n| project User = PolicyLastModifiedBy;\\r\\nlet u2 = PaloAltoPrismaCloud\\r\\n| where isnotempty(UserName)\\r\\n| project User = UserName;\\r\\nlet users = union u1, u2;\\r\\nusers\\r\\n| summarize Actions = count() by User\\r\\n| top 10 by Actions desc\\r\\n\\r\\n\",\"size\":3,\"title\":\"Top Users\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Actions\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"30\",\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where ResourceType =~ 'Login'\\r\\n| extend TimeFromNow = now() - TimeGenerated\\r\\n| extend TimeAgo = strcat(case(TimeFromNow < 2m, strcat(toint(TimeFromNow / 1m), ' seconds'), TimeFromNow < 2h, strcat(toint(TimeFromNow / 1m), ' minutes'), TimeFromNow < 2d, strcat(toint(TimeFromNow / 1h), ' hours'), strcat(toint(TimeFromNow / 1d), ' days')), ' ago')\\r\\n| project User= UserName, ['Source IP'] = SrcIpAddr, ['Login Result'] = strcat(iff(EventResult == 'Success', '✔️', '❌'), ' ', EventResult), ['Login Time'] = TimeAgo\",\"size\":0,\"title\":\"User Logins\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"filter\":true}},\"customWidth\":\"35\",\"name\":\"query - 2\"}]},\"name\":\"group - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"PaloAltoPrismaCloud\\r\\n| where isnotempty(AlertMessage)\\r\\n| top 10 by TimeGenerated desc\\r\\n| extend NumSeverity = case(AlertSeverity =~ 'low', 1, AlertSeverity =~ 'medium', 2, 3)\\r\\n| project ['Alert Time'] = TimeGenerated, ['Alert Message'] = AlertMessage, ['Severity'] = NumSeverity, ResourceRegionId, ResourceId\",\"size\":0,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Severity\",\"formatter\":8,\"formatOptions\":{\"min\":1,\"max\":3,\"palette\":\"orangeRed\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":false}}}]}},\"name\":\"query - 6\"}],\"fromTemplateId\":\"sentinel-PaloAltoPrismaCloudWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=PaloAltoPrismaCloudWorkbook; logoFileName=paloalto_logo.svg; description=Sets the time name for analysis.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Palo Alto Prisma; templateRelativePath=PaloAltoPrismaCloudOverview.json; subtitle=; provider=Microsoft}.description",
+                "parentId": "[variables('workbookId1')]",
+                "contentId": "[variables('_workbookContentId1')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "PaloAltoPrismaCloudAlert_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "PaloAltoPrismaCloudAudit_CL",
+                      "kind": "DataType"
                     },
-                    "Get_secret": {
-                      "runAfter": {
-                        "For_each_-_collect_all_entity_in_one_array": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['keyvault']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/secrets/@{encodeURIComponent(parameters('PrismaSecretName'))}/value"
+                    {
+                      "contentId": "PaloAltoPrismaCloud",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudAclAccessKeysNotRotated_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects access keys which were not rotated for 90 days.",
+                "displayName": "Palo Alto Prisma Cloud - Access keys are not rotated for 90 days",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'access keys are not rotated for 90 days'\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "P1D",
+                "queryPeriod": "P1D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1078"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Access keys are not rotated for 90 days",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudAclAllowAllOut_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId2')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects network ACLs with outbound rule to allow all traffic.",
+                "displayName": "Palo Alto Prisma Cloud - Network ACL allow all outbound traffic",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'Network ACLs with Outbound rule to allow All Traffic'\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1133"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 2",
+                "parentId": "[variables('analyticRuleId2')]",
+                "contentId": "[variables('_analyticRulecontentId2')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Network ACL allow all outbound traffic",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudAclAllowInToAdminPort_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion3')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId3')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects Network ACLs allow ingress traffic to server administration ports.",
+                "displayName": "Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'Network ACLs allow ingress traffic to server administration ports'\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1133"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 3",
+                "parentId": "[variables('analyticRuleId3')]",
+                "contentId": "[variables('_analyticRulecontentId3')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId3')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports",
+        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
+        "id": "[variables('_analyticRulecontentProductId3')]",
+        "version": "[variables('analyticRuleVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName4')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudAclInAllowAll_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion4')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId4')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects Network ACLs with Inbound rule to allow All Traffic.",
+                "displayName": "Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'Network ACLs with Inbound rule to allow All Traffic'\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1133"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 4",
+                "parentId": "[variables('analyticRuleId4')]",
+                "contentId": "[variables('_analyticRulecontentId4')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId4')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic",
+        "contentProductId": "[variables('_analyticRulecontentProductId4')]",
+        "id": "[variables('_analyticRulecontentProductId4')]",
+        "version": "[variables('analyticRuleVersion4')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName5')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudAnomalousApiKeyActivity_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion5')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId5')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects anomalous API key usage activity.",
+                "displayName": "Palo Alto Prisma Cloud - Anomalous access key usage",
+                "enabled": false,
+                "query": "let threshold = 10;\nPaloAltoPrismaCloud\n| where ResourceType =~ 'Login'\n| where EventResult =~ 'Failed'\n| where EventMessage has 'access key'\n| summarize count() by UserName, bin(TimeGenerated, 5m)\n| where count_ > threshold\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1078"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId5'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 5",
+                "parentId": "[variables('analyticRuleId5')]",
+                "contentId": "[variables('_analyticRulecontentId5')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion5')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId5')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Anomalous access key usage",
+        "contentProductId": "[variables('_analyticRulecontentProductId5')]",
+        "id": "[variables('_analyticRulecontentProductId5')]",
+        "version": "[variables('analyticRuleVersion5')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName6')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudHighRiskScoreAlert_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion6')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId6')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects alerts with high risk score value.",
+                "displayName": "Palo Alto Prisma Cloud - High risk score alert",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| extend r_score = 0.85 * toint(RiskDetailRiskScoreMaxScore)\n| extend i_RiskDetailRiskScoreScore = toint(RiskDetailRiskScoreScore)\n| where i_RiskDetailRiskScoreScore > r_score\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1133"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId6'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 6",
+                "parentId": "[variables('analyticRuleId6')]",
+                "contentId": "[variables('_analyticRulecontentId6')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion6')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId6')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - High risk score alert",
+        "contentProductId": "[variables('_analyticRulecontentProductId6')]",
+        "id": "[variables('_analyticRulecontentProductId6')]",
+        "version": "[variables('analyticRuleVersion6')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName7')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion7')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId7')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects high severity alert which is opened for several days.",
+                "displayName": "Palo Alto Prisma Cloud - High severity alert opened for several days",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where AlertSeverity =~ 'high'\n| where Status =~ 'open'\n| extend alert_time = now() - TimeGenerated\n| where alert_time > 1d\n| extend ['Opened Days'] = strcat('Alert opened for ', strcat(toint(alert_time / 1d), ' days'))\n| project AlertMessage, AlertSeverity, ['Opened Days'], ResourceId, UserName\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1133"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
-                    },
-                    "Initialize_variable_-_collect_alerts": {
-                      "runAfter": {
-                        "Initialize_variable_-_collect_entity": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "collected_alerts",
-                            "type": "array"
-                          }
-                        ]
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId7'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 7",
+                "parentId": "[variables('analyticRuleId7')]",
+                "contentId": "[variables('_analyticRulecontentId7')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion7')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId7')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - High severity alert opened for several days",
+        "contentProductId": "[variables('_analyticRulecontentProductId7')]",
+        "id": "[variables('_analyticRulecontentProductId7')]",
+        "version": "[variables('analyticRuleVersion7')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName8')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudIamAdminGroup_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion8')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId8')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects IAM Groups with Administrator Access Permissions.",
+                "displayName": "Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where AlertMessage has 'IAM Groups with Administrator Access Permissions'\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1078"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
-                    },
-                    "Initialize_variable_-_collect_entity": {
-                      "runAfter": {
-                        "Parse_JSON_-_entities_": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "collect_entities",
-                            "type": "array"
-                          }
-                        ]
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId8'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 8",
+                "parentId": "[variables('analyticRuleId8')]",
+                "contentId": "[variables('_analyticRulecontentId8')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion8')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId8')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions",
+        "contentProductId": "[variables('_analyticRulecontentProductId8')]",
+        "id": "[variables('_analyticRulecontentProductId8')]",
+        "version": "[variables('analyticRuleVersion8')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName9')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudInactiveUser_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion9')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId9')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects users inactive for 30 days.",
+                "displayName": "Palo Alto Prisma Cloud - Inactive user",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Status =~ 'open'\n| where AlertMessage has 'Inactive users for more than 30 days'\n| extend AccountCustomEntity = ResourceId\n",
+                "queryFrequency": "P1D",
+                "queryPeriod": "P1D",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1078"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
-                    },
-                    "Initialize_variable_-_collect_response": {
-                      "runAfter": {
-                        "Initialize_variable_-_collect_alerts": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "Collect_response",
-                            "type": "array"
-                          }
-                        ]
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId9'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 9",
+                "parentId": "[variables('analyticRuleId9')]",
+                "contentId": "[variables('_analyticRulecontentId9')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion9')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId9')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Inactive user",
+        "contentProductId": "[variables('_analyticRulecontentProductId9')]",
+        "id": "[variables('_analyticRulecontentProductId9')]",
+        "version": "[variables('analyticRuleVersion9')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName10')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudMaxRiskScoreAlert_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion10')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId10')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects alerts with maximum risk score value.",
+                "displayName": "Palo Alto Prisma Cloud - Maximum risk score alert",
+                "enabled": false,
+                "query": "PaloAltoPrismaCloud\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| where RiskDetailRiskScoreScore == RiskDetailRiskScoreMaxScore\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1133"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
-                    },
-                    "Parse_JSON_-_entities_": {
-                      "type": "ParseJson",
-                      "inputs": {
-                        "content": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "schema": {
-                          "items": {
-                            "properties": {
-                              "id": {
-                                "type": "string"
-                              },
-                              "kind": {
-                                "type": "string"
-                              },
-                              "properties": {
-                                "properties": {
-                                  "friendlyName": {
-                                    "type": "string"
-                                  },
-                                  "hostName": {
-                                    "type": "string"
-                                  }
-                                },
-                                "type": "object"
-                              },
-                              "type": {
-                                "type": "string"
-                              }
-                            },
-                            "required": [
-                              "id",
-                              "kind",
-                              "properties",
-                              "type"
-                            ],
-                            "type": "object"
-                          },
-                          "type": "array"
-                        }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId10'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 10",
+                "parentId": "[variables('analyticRuleId10')]",
+                "contentId": "[variables('_analyticRulecontentId10')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion10')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId10')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Maximum risk score alert",
+        "contentProductId": "[variables('_analyticRulecontentProductId10')]",
+        "id": "[variables('_analyticRulecontentProductId10')]",
+        "version": "[variables('analyticRuleVersion10')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName11')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudMultipleFailedLoginsUser_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion11')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId11')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detects multiple failed logins for the same user account.",
+                "displayName": "Palo Alto Prisma Cloud - Multiple failed logins for user",
+                "enabled": false,
+                "query": "let threshold = 10;\nPaloAltoPrismaCloud\n| where ResourceType =~ 'Login'\n| where EventResult =~ 'Failed'\n| where EventMessage !has 'access key'\n| summarize count() by UserName, bin(TimeGenerated, 5m)\n| where count_ > threshold\n| extend AccountCustomEntity = UserName\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "PaloAltoPrismaCloud"
+                    ],
+                    "connectorId": "PaloAltoPrismaCloud"
+                  }
+                ],
+                "tactics": [
+                  "CredentialAccess"
+                ],
+                "techniques": [
+                  "T1110"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
-                    }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId11'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Analytics Rule 11",
+                "parentId": "[variables('analyticRuleId11')]",
+                "contentId": "[variables('_analyticRulecontentId11')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion11')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId11')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Palo Alto Prisma Cloud - Multiple failed logins for user",
+        "contentProductId": "[variables('_analyticRulecontentProductId11')]",
+        "id": "[variables('_analyticRulecontentProductId11')]",
+        "version": "[variables('analyticRuleVersion11')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudAccessKeysUsed_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - Access keys used",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(30d)\n| where ResourceType =~ 'Login'\n| where EventMessage has 'access key'\n| summarize by UserName, SrcIpAddr\n| extend IPCustomEntity = SrcIpAddr\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for access keys used for programmatic access."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1133"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Hunting Query 1",
+                "parentId": "[variables('huntingQueryId1')]",
+                "contentId": "[variables('_huntingQuerycontentId1')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - Access keys used",
+        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
+        "id": "[variables('_huntingQuerycontentProductId1')]",
+        "version": "[variables('huntingQueryVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudFailedLoginsSources_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - Top sources of failed logins",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| summarize count() by SrcIpAddr\n| order by count_ desc\n| extend IPCustomEntity = SrcIpAddr\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for top source IP addresses of failed logins."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Hunting Query 2",
+                "parentId": "[variables('huntingQueryId2')]",
+                "contentId": "[variables('_huntingQuerycontentId2')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - Top sources of failed logins",
+        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
+        "id": "[variables('_huntingQuerycontentProductId2')]",
+        "version": "[variables('huntingQueryVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudFailedLoginsUsers_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion3')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_3",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - Top users by failed logins",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| summarize count() by UserName\n| order by count_ desc\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for users who have large number of failed logins."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
                   }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId3'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Hunting Query 3",
+                "parentId": "[variables('huntingQueryId3')]",
+                "contentId": "[variables('_huntingQuerycontentId3')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "PrismaCloudCSPMCustomConnector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('PrismacloudcspmcustomconnectorConnectionName'))]",
-                        "connectionName": "[[variables('PrismacloudcspmcustomconnectorConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('CustomConnectorName'))]"
-                      },
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "keyvault": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
-                        "connectionName": "[[variables('KeyvaultConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Keyvault')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "teams": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]",
-                        "connectionName": "[[variables('TeamsConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Teams')]"
-                      }
-                    }
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId3')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - Top users by failed logins",
+        "contentProductId": "[variables('_huntingQuerycontentProductId3')]",
+        "id": "[variables('_huntingQuerycontentProductId3')]",
+        "version": "[variables('huntingQueryVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName4')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudHighRiskScoreOpenedAlerts_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion4')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_4",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - High risk score opened alerts",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| extend r_score = 0.85 * toint(RiskDetailRiskScoreMaxScore)\n| extend i_RiskDetailRiskScoreScore = toint(RiskDetailRiskScoreScore)\n| where i_RiskDetailRiskScoreScore > r_score\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for alerts with high risk score value."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId4'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Hunting Query 4",
+                "parentId": "[variables('huntingQueryId4')]",
+                "contentId": "[variables('_huntingQuerycontentId4')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId4')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - High risk score opened alerts",
+        "contentProductId": "[variables('_huntingQuerycontentProductId4')]",
+        "id": "[variables('_huntingQuerycontentProductId4')]",
+        "version": "[variables('huntingQueryVersion4')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName5')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudHighSeverityAlerts_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion5')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_5",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - High severity alerts",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| where AlertSeverity =~ 'high'\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for high severity alerts."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
                   }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId5'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Hunting Query 5",
+                "parentId": "[variables('huntingQueryId5')]",
+                "contentId": "[variables('_huntingQuerycontentId5')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion5')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
                 }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('PrismacloudcspmcustomconnectorConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('TeamsConnectionName'))]"
-              ]
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId5')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - High severity alerts",
+        "contentProductId": "[variables('_huntingQuerycontentProductId5')]",
+        "id": "[variables('_huntingQuerycontentProductId5')]",
+        "version": "[variables('huntingQueryVersion5')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName6')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudNewUsers_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion6')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_6",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - New users",
+                "category": "Hunting Queries",
+                "query": "let known_users = \nPaloAltoPrismaCloud\n| where TimeGenerated between (ago(30d) .. (1d))\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| summarize makeset(UserName);\nPaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where ResourceType =~ 'Login'\n| where EventMessage !has 'access key'\n| where UserName !in (known_users)\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for new users."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
             },
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('PrismacloudcspmcustomconnectorConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId6'),'/'))))]",
               "properties": {
-                "displayName": "[[variables('PrismacloudcspmcustomconnectorConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
+                "description": "PaloAltoPrismaCloud Hunting Query 6",
+                "parentId": "[variables('huntingQueryId6')]",
+                "contentId": "[variables('_huntingQuerycontentId6')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion6')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
                 }
               }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId6')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - New users",
+        "contentProductId": "[variables('_huntingQuerycontentProductId6')]",
+        "id": "[variables('_huntingQuerycontentProductId6')]",
+        "version": "[variables('huntingQueryVersion6')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName7')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudOpenedAlerts_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion7')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_7",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - Opened alerts",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| where Status =~ 'open'\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches opened alerts."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
             },
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId7'),'/'))))]",
+              "properties": {
+                "description": "PaloAltoPrismaCloud Hunting Query 7",
+                "parentId": "[variables('huntingQueryId7')]",
+                "contentId": "[variables('_huntingQuerycontentId7')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion7')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId7')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - Opened alerts",
+        "contentProductId": "[variables('_huntingQuerycontentProductId7')]",
+        "id": "[variables('_huntingQuerycontentProductId7')]",
+        "version": "[variables('huntingQueryVersion7')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName8')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudTopResources_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion8')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_8",
+              "location": "[parameters('workspace-location')]",
               "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - Top recources with alerts",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'NEW_ALERT'\n| summarize count() by ResourceName\n| order by count_ desc\n| extend AccountCustomEntity = ResourceName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches for resources which appeared in different alerts."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1133"
+                  }
+                ]
               }
             },
             {
-              "type": "Microsoft.Web/Connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('KeyvaultConnectionName')]",
-              "kind": "V1",
-              "location": "[[variables('workspace-location-inline')]",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId8'),'/'))))]",
               "properties": {
-                "api": {
-                  "id": "[[variables('_connection-4')]",
-                  "type": "Microsoft.Web/locations/managedApis"
+                "description": "PaloAltoPrismaCloud Hunting Query 8",
+                "parentId": "[variables('huntingQueryId8')]",
+                "contentId": "[variables('_huntingQuerycontentId8')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion8')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PaloAltoPrismaCloud",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                "parameterValueType": "Alternative",
-                "alternativeParameterValues": {
-                  "vaultName": "[[parameters('keyvault name')]"
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
                 },
-                "displayName": "[[variables('KeyvaultConnectionName')]",
-                "nonSecretParameterValues": {
-                  "vaultName": "[[parameters('keyvault name')]"
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
                 }
               }
-            },
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId8')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - Top recources with alerts",
+        "contentProductId": "[variables('_huntingQuerycontentProductId8')]",
+        "id": "[variables('_huntingQuerycontentProductId8')]",
+        "version": "[variables('huntingQueryVersion8')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName9')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PaloAltoPrismaCloudUpdatedResources_HuntingQueries Hunting Query with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion9')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('TeamsConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "PaloAltoPrismaCloud_Hunting_Query_9",
+              "location": "[parameters('workspace-location')]",
               "properties": {
-                "displayName": "[[variables('TeamsConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-5')]"
-                }
+                "eTag": "*",
+                "displayName": "Palo Alto Prisma Cloud - Updated resources",
+                "category": "Hunting Queries",
+                "query": "PaloAltoPrismaCloud\n| where TimeGenerated > ago(24h)\n| where Reason =~ 'RESOURCE_UPDATED'\n| extend AccountCustomEntity = UserName\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Query searches recently updated resources."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1133"
+                  }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId9'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId3')]",
-                "contentId": "[variables('_playbookContentId3')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion3')]",
+                "description": "PaloAltoPrismaCloud Hunting Query 9",
+                "parentId": "[variables('huntingQueryId9')]",
+                "contentId": "[variables('_huntingQuerycontentId9')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion9')]",
                 "source": {
                   "kind": "Solution",
                   "name": "PaloAltoPrismaCloud",
@@ -6815,64 +6867,22 @@
                   "email": "support@microsoft.com",
                   "tier": "Microsoft",
                   "link": "https://support.microsoft.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_PrismaCloudCSPMCustomConnector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
                 }
               }
             }
-          ],
-          "metadata": {
-            "title": "Remediate assets on prisma cloud",
-            "description": "This playbook provides/updates the compliance security posture details of asset in comments section of triggered incident so that SOC analysts can directly take corrective measure to prevent the attack",
-            "prerequisites": [
-              "1. PrismaCloudCSPM Custom Connector needs to be deployed prior to the deployment of this playbook under the same subscription.",
-              "2. API Key and User ID . To get this, login into your Prisma cloud instance dashboard and navigate to Settings --> Access Control --> Access Keys --> Add",
-              "3. TeamsID and channelID of your tenant is needed for posting messages on Microsoft teams",
-              "4. [Important step]Store the API secret key in Key vault then provide the keyvault name and key name of the stored secret during deployment"
-            ],
-            "postDeployment": [
-              "1. During deployment you need to provide your Key vault name ,TeamsID , channelID , User ID and API key name of stored secret key."
-            ],
-            "lastUpdateTime": "2023-02-03T00:00:00Z",
-            "entities": [
-              "host"
-            ],
-            "tags": [
-              "Remediation",
-              "Notification",
-              "CSPM",
-              "PrismaCloud",
-              "Compliance",
-              "Posture",
-              "Policy"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
+          ]
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId3')]",
-        "contentKind": "Playbook",
-        "displayName": "PrismaCloudCSPM-Remediation",
-        "contentProductId": "[variables('_playbookcontentProductId3')]",
-        "id": "[variables('_playbookcontentProductId3')]",
-        "version": "[variables('playbookVersion3')]"
+        "contentId": "[variables('_huntingQuerycontentId9')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Palo Alto Prisma Cloud - Updated resources",
+        "contentProductId": "[variables('_huntingQuerycontentProductId9')]",
+        "id": "[variables('_huntingQuerycontentProductId9')]",
+        "version": "[variables('huntingQueryVersion9')]"
       }
     },
     {
@@ -6910,6 +6920,31 @@
         "dependencies": {
           "operator": "AND",
           "criteria": [
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId1')]",
+              "version": "[variables('dataConnectorVersion1')]"
+            },
+            {
+              "kind": "Parser",
+              "contentId": "[variables('_parserContentId1')]",
+              "version": "[variables('parserVersion1')]"
+            },
+            {
+              "kind": "LogicAppsCustomConnector",
+              "contentId": "[variables('_PrismaCloudCSPMCustomConnector')]",
+              "version": "[variables('playbookVersion1')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PrismaCloudCSPM-Enrichment')]",
+              "version": "[variables('playbookVersion2')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_PrismaCloudCSPM-Remediation')]",
+              "version": "[variables('playbookVersion3')]"
+            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
@@ -6970,11 +7005,6 @@
               "contentId": "[variables('analyticRulecontentId11')]",
               "version": "[variables('analyticRuleVersion11')]"
             },
-            {
-              "kind": "Parser",
-              "contentId": "[variables('_parserContentId1')]",
-              "version": "[variables('parserVersion1')]"
-            },
             {
               "kind": "HuntingQuery",
               "contentId": "[variables('_huntingQuerycontentId1')]",
@@ -7019,26 +7049,6 @@
               "kind": "HuntingQuery",
               "contentId": "[variables('_huntingQuerycontentId9')]",
               "version": "[variables('huntingQueryVersion9')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "LogicAppsCustomConnector",
-              "contentId": "[variables('_PrismaCloudCSPMCustomConnector')]",
-              "version": "[variables('playbookVersion1')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PrismaCloudCSPM-Enrichment')]",
-              "version": "[variables('playbookVersion2')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_PrismaCloudCSPM-Remediation')]",
-              "version": "[variables('playbookVersion3')]"
             }
           ]
         },
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml
index b08275df3e6..5b386006ba3 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1d
 queryPeriod: 1d
 triggerOperator: gt
@@ -28,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml
index 62fdf3286e9..30b4135bdab 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@@ -38,5 +41,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml
index c82004d9a8e..1eb6277bb14 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -32,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml
index a3b12874614..fc160c4b8b0 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1d
 queryPeriod: 1d
 triggerOperator: gt
@@ -32,5 +35,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml
index f7426d27359..601a7dfdf05 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@@ -34,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml
index 0539c8e2d36..538e1a56586 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1d
 queryPeriod: 1d
 triggerOperator: gt
@@ -34,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml b/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml
index d91a4dbb3ea..1e3c0a3c14b 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@@ -37,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml
index db83bfbe46e..98951a36bcb 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1d
 queryPeriod: 1d
 triggerOperator: gt
@@ -34,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml
index e01044b51d3..49e0b2e7a3e 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@@ -40,5 +43,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml
index 0dea5a53186..96ed1b8bf38 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 1d
 triggerOperator: gt
@@ -36,5 +39,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml
index 30360cb01ef..2f8194cfcf4 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@@ -40,5 +43,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Data Connectors/Connector_CEF_PingFederate.json b/Solutions/PingFederate/Data Connectors/Connector_CEF_PingFederate.json
index 2c9b98e1a52..33878df7253 100644
--- a/Solutions/PingFederate/Data Connectors/Connector_CEF_PingFederate.json	
+++ b/Solutions/PingFederate/Data Connectors/Connector_CEF_PingFederate.json	
@@ -1,6 +1,6 @@
 {
     "id": "PingFederate",
-    "title": "PingFederate",
+    "title": "[Deprecated] PingFederate via Legacy Agent",
     "publisher": "Ping Identity",
     "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
     "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
diff --git a/Solutions/PingFederate/Data Connectors/template_PingFederateAMA.json b/Solutions/PingFederate/Data Connectors/template_PingFederateAMA.json
new file mode 100644
index 00000000000..a8911afd82f
--- /dev/null
+++ b/Solutions/PingFederate/Data Connectors/template_PingFederateAMA.json	
@@ -0,0 +1,117 @@
+{
+    "id": "PingFederateAma",
+    "title": "[Recommended] PingFederate via AMA",
+    "publisher": "Ping Identity",
+    "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
+    "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "PingFederate",
+            "baseQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "Top 10 Devices", 
+            "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "CommonSecurityLog (PingFederate)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "read": true,
+                    "write": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ],
+			"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+    },
+    "instructionSteps": [
+        {
+            "title": "",
+            "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
+            "instructions": [
+			{
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                                "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format.",
+                                "instructions": [
+                                ]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ]
+        },
+     
+
+        {
+            "title": "2. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ]
+}
diff --git a/Solutions/PingFederate/Data/Solution_PingFederate.json b/Solutions/PingFederate/Data/Solution_PingFederate.json
index 544f4ea125f..c09da764e5c 100644
--- a/Solutions/PingFederate/Data/Solution_PingFederate.json
+++ b/Solutions/PingFederate/Data/Solution_PingFederate.json
@@ -2,7 +2,7 @@
   "Name": "PingFederate",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\r\n1. **PingFederate via AMA** - This data connector helps in ingesting PingFederate logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **PingFederate via Legacy Agent** - This data connector helps in ingesting PingFederate logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of PingFederate via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Workbooks": [ 
     "Workbooks/PingFederate.json" 
    ],
@@ -19,8 +19,9 @@
     "Hunting Queries/PingFederateUsersPaswordsReset.yaml"
   ],
   "Data Connectors": [
-    "Data Connectors/Connector_CEF_PingFederate.json"
-  ],
+    "Data Connectors/Connector_CEF_PingFederate.json",
+	 "Data Connectors/template_PingFederateAMA.json"
+	],
    "Analytic Rules": [
     "Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml",
     "Analytic Rules/PingFederateAuthFromNewSource.yaml",
@@ -35,10 +36,10 @@
     "Analytic Rules/PingFederateUnusualMailDomain.yaml"
   ],
   "Parsers": [
-    "Parsers/PingFederateEvent.txt"
+    "Parsers/PingFederateEvent.yaml"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\PingFederate",
-  "Version": "2.0.0",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/PingFederate/Data/system_generated_metadata.json b/Solutions/PingFederate/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..997c7455ae4
--- /dev/null
+++ b/Solutions/PingFederate/Data/system_generated_metadata.json
@@ -0,0 +1,33 @@
+{
+  "Name": "PingFederate",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\PingFederate",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-pingfederate",
+  "providers": [
+    "Ping Identity"
+  ],
+  "categories": {
+    "domains": [
+      "Identity"
+    ]
+  },
+  "firstPublishDate": "2022-06-01",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/Connector_CEF_PingFederate.json\",\n  \"Data Connectors/template_CEF_PingFederateAMA.json\"\n]",
+  "Parsers": "[\n  \"PingFederateEvent.yaml\"\n]",
+  "Workbooks": "[\n  \"Workbooks/PingFederate.json\"\n]",
+  "Analytic Rules": "[\n  \"PingFederateAbnormalPasswordResetsAttempts.yaml\",\n  \"PingFederateAuthFromNewSource.yaml\",\n  \"PingFederateForbiddenCountry.yaml\",\n  \"PingFederateMultiplePasswordResetsForUser.yaml\",\n  \"PingFederateNewUserSSO.yaml\",\n  \"PingFederateOauthOld.yaml\",\n  \"PingFederatePasswordRstReqUnexpectedSource.yaml\",\n  \"PingFederateSamlOld.yaml\",\n  \"PingFederateUnexpectedAuthUrl.yaml\",\n  \"PingFederateUnexpectedUserCountry.yaml\",\n  \"PingFederateUnusualMailDomain.yaml\"\n]",
+  "Hunting Queries": "[\n  \"PingFederateAuthUrls.yaml\",\n  \"PingFederateFailedAuthentications.yaml\",\n  \"PingFederateNewUsers.yaml\",\n  \"PingFederatePasswordResetRequests.yaml\",\n  \"PingFederateRareSources.yaml\",\n  \"PingFederateSAMLSubjects.yaml\",\n  \"PingFederateTopSources.yaml\",\n  \"PingFederateUnusualCountry.yaml\",\n  \"PingFederateUnusualSources.yaml\",\n  \"PingFederateUsersPaswordsReset.yaml\"\n]"
+}
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml
index f07a7c9dc01..98cb46f33ad 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - CredentialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml
index 62ae28ee139..c8882d1b7ef 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml
index 168b6273ab6..0cd516b0d48 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml b/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml
index 3792dbc6a65..2c0d2856548 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
   - Persistence
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml
index aaca2faa1e1..d895edf48ec 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml
index ac549972cc2..968e56dbb7d 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - CredentialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml
index 361c6a3bac2..72fcd37da01 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml
index 97ff18336a5..08e57e7c714 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml
index e184ed2f30a..2ed3db186c8 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
 relevantTechniques:
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml
index 84f5fdd02c7..bb95644ffb3 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml	
@@ -7,6 +7,9 @@ requiredDataConnectors:
   - connectorId: PingFederate
     dataTypes:
       - PingFederateEvent
+  - connectorId: PingFederateAma
+    dataTypes:
+      - PingFederateEvent
 tactics:
   - InitialAccess
   - Persistence
diff --git a/Solutions/PingFederate/Package/3.0.0.zip b/Solutions/PingFederate/Package/3.0.0.zip
new file mode 100644
index 00000000000..d3e4119de3e
Binary files /dev/null and b/Solutions/PingFederate/Package/3.0.0.zip differ
diff --git a/Solutions/PingFederate/Package/createUiDefinition.json b/Solutions/PingFederate/Package/createUiDefinition.json
index f59bdc1f961..6e4e4073da7 100644
--- a/Solutions/PingFederate/Package/createUiDefinition.json
+++ b/Solutions/PingFederate/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PingFederate/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\r\n1. **PingFederate via AMA** - This data connector helps in ingesting PingFederate logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **PingFederate via Legacy Agent** - This data connector helps in ingesting PingFederate logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of PingFederate via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,14 +60,15 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector that ingest PingFederate events into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for PingFederate. You can get PingFederate CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
+         
           {
             "name": "dataconnectors-parser-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The solution installs a parser that transforms ingested data. The transformed logs can be accessed using the PingFederateEvent Kusto Function alias."
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
             }
           },
           {
@@ -95,7 +96,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The workbook installed with the PingFederate help’s you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {
@@ -107,6 +108,20 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
               }
             }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "PingFederate",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Sets the time name for analysis"
+                }
+              }
+            ]
           }
         ]
       },
@@ -323,7 +338,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for authentication URLs used. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for authentication URLs used. This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -337,7 +352,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for failed authentication events It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for failed authentication events This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -351,7 +366,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for new users. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for new users. This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -365,7 +380,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for password reset requests events. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for password reset requests events. This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -379,7 +394,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for rare source IP addresses of requests It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for rare source IP addresses of requests This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -393,7 +408,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for SAML subjects used in requests It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for SAML subjects used in requests This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -407,7 +422,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for source IP addresses with the most requests It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for source IP addresses with the most requests This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -421,7 +436,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for requests from unusual countries. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for requests from unusual countries. This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -435,7 +450,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for unusual sources of authentication. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for unusual sources of authentication. This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -449,7 +464,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for users who recently reseted their passwords. It depends on the PingFederate data connector and PingFederateEvent data type and PingFederate parser."
+                  "text": "Query searches for users who recently reseted their passwords. This hunting query depends on PingFederate data connector (PingFederateEvent Parser or Table)"
                 }
               }
             ]
@@ -463,4 +478,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
+}
\ No newline at end of file
diff --git a/Solutions/PingFederate/Package/mainTemplate.json b/Solutions/PingFederate/Package/mainTemplate.json
index 3a8fd148225..27884327eb6 100644
--- a/Solutions/PingFederate/Package/mainTemplate.json
+++ b/Solutions/PingFederate/Package/mainTemplate.json
@@ -38,167 +38,185 @@
     }
   },
   "variables": {
-    "solutionId": "azuresentinel.azure-sentinel-solution-pingfederate",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
+    "_solutionName": "PingFederate",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "azuresentinel.azure-sentinel-solution-pingfederate",
+    "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "PingFederateWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "huntingQueryVersion1": "1.0.0",
     "huntingQuerycontentId1": "e309c774-8f31-41c3-b270-7efc934de96a",
     "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
     "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
-    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1')))]",
+    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]",
+    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
     "huntingQueryVersion2": "1.0.0",
     "huntingQuerycontentId2": "b04e339c-942d-439a-bc27-dbee2961927c",
     "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
     "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
-    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2')))]",
+    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
+    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
     "huntingQueryVersion3": "1.0.0",
     "huntingQuerycontentId3": "a52d874d-dc45-438f-b395-92d1a3ebcf76",
     "_huntingQuerycontentId3": "[variables('huntingQuerycontentId3')]",
     "huntingQueryId3": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId3'))]",
-    "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId3')))]",
+    "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId3'))))]",
+    "_huntingQuerycontentProductId3": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId3'),'-', variables('huntingQueryVersion3'))))]",
     "huntingQueryVersion4": "1.0.0",
     "huntingQuerycontentId4": "31bb34b4-26f7-4b83-a667-d596e05eb28a",
     "_huntingQuerycontentId4": "[variables('huntingQuerycontentId4')]",
     "huntingQueryId4": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId4'))]",
-    "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId4')))]",
+    "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId4'))))]",
+    "_huntingQuerycontentProductId4": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId4'),'-', variables('huntingQueryVersion4'))))]",
     "huntingQueryVersion5": "1.0.0",
     "huntingQuerycontentId5": "86c8a38a-96bd-445d-8d12-e35b7290832b",
     "_huntingQuerycontentId5": "[variables('huntingQuerycontentId5')]",
     "huntingQueryId5": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId5'))]",
-    "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId5')))]",
+    "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId5'))))]",
+    "_huntingQuerycontentProductId5": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId5'),'-', variables('huntingQueryVersion5'))))]",
     "huntingQueryVersion6": "1.0.0",
     "huntingQuerycontentId6": "b0a25cd9-08f4-470d-bd04-47da22810b5f",
     "_huntingQuerycontentId6": "[variables('huntingQuerycontentId6')]",
     "huntingQueryId6": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId6'))]",
-    "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId6')))]",
+    "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId6'))))]",
+    "_huntingQuerycontentProductId6": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId6'),'-', variables('huntingQueryVersion6'))))]",
     "huntingQueryVersion7": "1.0.0",
     "huntingQuerycontentId7": "ce92624d-ae52-4b8e-ba36-3e5bdb6a793a",
     "_huntingQuerycontentId7": "[variables('huntingQuerycontentId7')]",
     "huntingQueryId7": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId7'))]",
-    "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId7')))]",
+    "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId7'))))]",
+    "_huntingQuerycontentProductId7": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId7'),'-', variables('huntingQueryVersion7'))))]",
     "huntingQueryVersion8": "1.0.0",
     "huntingQuerycontentId8": "378e53cd-c28a-46d7-8160-1920240bf09e",
     "_huntingQuerycontentId8": "[variables('huntingQuerycontentId8')]",
     "huntingQueryId8": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId8'))]",
-    "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId8')))]",
+    "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId8'))))]",
+    "_huntingQuerycontentProductId8": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId8'),'-', variables('huntingQueryVersion8'))))]",
     "huntingQueryVersion9": "1.0.0",
     "huntingQuerycontentId9": "0bce5bd0-cc19-43de-a5ab-47dbc5c6c600",
     "_huntingQuerycontentId9": "[variables('huntingQuerycontentId9')]",
     "huntingQueryId9": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId9'))]",
-    "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId9')))]",
+    "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId9'))))]",
+    "_huntingQuerycontentProductId9": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId9'),'-', variables('huntingQueryVersion9'))))]",
     "huntingQueryVersion10": "1.0.0",
     "huntingQuerycontentId10": "6698f022-adf4-48a3-a8da-a4052ac999b4",
     "_huntingQuerycontentId10": "[variables('huntingQuerycontentId10')]",
     "huntingQueryId10": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId10'))]",
-    "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId10')))]",
+    "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId10'))))]",
+    "_huntingQuerycontentProductId10": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId10'),'-', variables('huntingQueryVersion10'))))]",
     "uiConfigId1": "PingFederate",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "PingFederate",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
-    "analyticRuleVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "PingFederateAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "PingFederateAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
+    "analyticRuleVersion1": "1.0.1",
     "analyticRulecontentId1": "e45a7334-2cb4-4690-8156-f02cac73d584",
     "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
     "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]",
-    "analyticRuleVersion2": "1.0.0",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "analyticRuleVersion2": "1.0.1",
     "analyticRulecontentId2": "30583ed4-d13c-43b8-baf2-d75fbe727210",
     "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
     "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
-    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2')))]",
-    "analyticRuleVersion3": "1.0.0",
+    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
+    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
+    "analyticRuleVersion3": "1.0.1",
     "analyticRulecontentId3": "14042f74-e50b-4c21-8a01-0faf4915ada4",
     "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
     "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
-    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3')))]",
-    "analyticRuleVersion4": "1.0.0",
+    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
+    "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
+    "analyticRuleVersion4": "1.0.1",
     "analyticRulecontentId4": "6145efdc-4724-42a6-9756-5bd1ba33982e",
     "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]",
     "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]",
-    "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4')))]",
-    "analyticRuleVersion5": "1.0.0",
+    "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4'))))]",
+    "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId4'),'-', variables('analyticRuleVersion4'))))]",
+    "analyticRuleVersion5": "1.0.1",
     "analyticRulecontentId5": "05282c91-7aaf-4d76-9a19-6dc582e6a411",
     "_analyticRulecontentId5": "[variables('analyticRulecontentId5')]",
     "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId5'))]",
-    "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId5')))]",
-    "analyticRuleVersion6": "1.0.0",
+    "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId5'))))]",
+    "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId5'),'-', variables('analyticRuleVersion5'))))]",
+    "analyticRuleVersion6": "1.0.1",
     "analyticRulecontentId6": "85f70197-4865-4635-a4b2-a9c57e8fea1b",
     "_analyticRulecontentId6": "[variables('analyticRulecontentId6')]",
     "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId6'))]",
-    "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId6')))]",
-    "analyticRuleVersion7": "1.0.0",
+    "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId6'))))]",
+    "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId6'),'-', variables('analyticRuleVersion6'))))]",
+    "analyticRuleVersion7": "1.0.1",
     "analyticRulecontentId7": "2d201d21-77b4-4d97-95f3-26b5c6bde09f",
     "_analyticRulecontentId7": "[variables('analyticRulecontentId7')]",
     "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId7'))]",
-    "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId7')))]",
-    "analyticRuleVersion8": "1.0.0",
+    "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId7'))))]",
+    "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId7'),'-', variables('analyticRuleVersion7'))))]",
+    "analyticRuleVersion8": "1.0.1",
     "analyticRulecontentId8": "fddd3840-acd2-41ed-94d9-1474b0a7c8a6",
     "_analyticRulecontentId8": "[variables('analyticRulecontentId8')]",
     "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId8'))]",
-    "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId8')))]",
-    "analyticRuleVersion9": "1.0.0",
+    "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId8'))))]",
+    "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId8'),'-', variables('analyticRuleVersion8'))))]",
+    "analyticRuleVersion9": "1.0.1",
     "analyticRulecontentId9": "9578ef7f-cbb4-4e9a-bd26-37c15c53b413",
     "_analyticRulecontentId9": "[variables('analyticRulecontentId9')]",
     "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId9'))]",
-    "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId9')))]",
-    "analyticRuleVersion10": "1.0.0",
+    "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId9'))))]",
+    "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId9'),'-', variables('analyticRuleVersion9'))))]",
+    "analyticRuleVersion10": "1.0.1",
     "analyticRulecontentId10": "64e65105-c4fc-4c28-a4e9-bb1a3ce7652d",
     "_analyticRulecontentId10": "[variables('analyticRulecontentId10')]",
     "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId10'))]",
-    "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId10')))]",
-    "analyticRuleVersion11": "1.0.0",
+    "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId10'))))]",
+    "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId10'),'-', variables('analyticRuleVersion10'))))]",
+    "analyticRuleVersion11": "1.0.1",
     "analyticRulecontentId11": "dc79de7d-2590-4852-95fb-f8e02b34f4da",
     "_analyticRulecontentId11": "[variables('analyticRulecontentId11')]",
     "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId11'))]",
-    "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId11')))]",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "PingFederateEvent-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId11'))))]",
+    "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId11'),'-', variables('analyticRuleVersion11'))))]",
     "parserName1": "PingFederate Data Parser",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]"
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "PingFederateEvent-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "PingFederate Workbook with template",
-        "displayName": "PingFederate workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateWorkbook Workbook with template version 2.0.0",
+        "description": "PingFederateWorkbook Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -257,43 +275,40 @@
                     {
                       "contentId": "PingFederate",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "PingFederateAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 1 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName1'),'/',variables('huntingQueryVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateAuthUrls_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateAuthUrls_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion1')]",
@@ -302,7 +317,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_1",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -355,37 +370,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Authentication URLs",
+        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
+        "id": "[variables('_huntingQuerycontentProductId1')]",
+        "version": "[variables('huntingQueryVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 2 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName2'),'/',variables('huntingQueryVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateFailedAuthentications_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateFailedAuthentications_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion2')]",
@@ -394,7 +402,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_2",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -447,37 +455,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Failed Authentication",
+        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
+        "id": "[variables('_huntingQuerycontentProductId2')]",
+        "version": "[variables('huntingQueryVersion2')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName3')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 3 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName3'),'/',variables('huntingQueryVersion3'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName3'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateNewUsers_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateNewUsers_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion3')]",
@@ -486,7 +487,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_3",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -539,37 +540,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId3')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - New users",
+        "contentProductId": "[variables('_huntingQuerycontentProductId3')]",
+        "id": "[variables('_huntingQuerycontentProductId3')]",
+        "version": "[variables('huntingQueryVersion3')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName4')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 4 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName4'),'/',variables('huntingQueryVersion4'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName4'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederatePasswordResetRequests_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederatePasswordResetRequests_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion4')]",
@@ -578,7 +572,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_4",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -631,37 +625,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId4')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Password reset requests",
+        "contentProductId": "[variables('_huntingQuerycontentProductId4')]",
+        "id": "[variables('_huntingQuerycontentProductId4')]",
+        "version": "[variables('huntingQueryVersion4')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName5')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 5 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName5'),'/',variables('huntingQueryVersion5'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName5'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateRareSources_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateRareSources_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion5')]",
@@ -670,7 +657,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_5",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -723,37 +710,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId5')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Rare source IP addresses",
+        "contentProductId": "[variables('_huntingQuerycontentProductId5')]",
+        "id": "[variables('_huntingQuerycontentProductId5')]",
+        "version": "[variables('huntingQueryVersion5')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName6')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 6 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName6'),'/',variables('huntingQueryVersion6'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName6'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateSAMLSubjects_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateSAMLSubjects_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion6')]",
@@ -762,7 +742,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_6",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -815,37 +795,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId6')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - SAML subjects",
+        "contentProductId": "[variables('_huntingQuerycontentProductId6')]",
+        "id": "[variables('_huntingQuerycontentProductId6')]",
+        "version": "[variables('huntingQueryVersion6')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName7')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 7 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName7'),'/',variables('huntingQueryVersion7'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName7'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateTopSources_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateTopSources_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion7')]",
@@ -854,7 +827,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_7",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -907,37 +880,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId7')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Top source IP addresses",
+        "contentProductId": "[variables('_huntingQuerycontentProductId7')]",
+        "id": "[variables('_huntingQuerycontentProductId7')]",
+        "version": "[variables('huntingQueryVersion7')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName8')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 8 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName8'),'/',variables('huntingQueryVersion8'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName8'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnusualCountry_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateUnusualCountry_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion8')]",
@@ -946,7 +912,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_8",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -999,37 +965,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId8')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Requests from unusual countries",
+        "contentProductId": "[variables('_huntingQuerycontentProductId8')]",
+        "id": "[variables('_huntingQuerycontentProductId8')]",
+        "version": "[variables('huntingQueryVersion8')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName9')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 9 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName9'),'/',variables('huntingQueryVersion9'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName9'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnusualSources_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateUnusualSources_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion9')]",
@@ -1038,7 +997,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_9",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -1091,37 +1050,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId9')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Authentication from unusual sources",
+        "contentProductId": "[variables('_huntingQuerycontentProductId9')]",
+        "id": "[variables('_huntingQuerycontentProductId9')]",
+        "version": "[variables('huntingQueryVersion9')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('huntingQueryTemplateSpecName10')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
-      "properties": {
-        "description": "PingFederate Hunting Query 10 with template",
-        "displayName": "PingFederate Hunting Query template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('huntingQueryTemplateSpecName10'),'/',variables('huntingQueryVersion10'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "HuntingQuery"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName10'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUsersPaswordsReset_HuntingQueries Hunting Query with template version 2.0.0",
+        "description": "PingFederateUsersPaswordsReset_HuntingQueries Hunting Query with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion10')]",
@@ -1130,7 +1082,7 @@
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "name": "PingFederate_Hunting_Query_10",
               "location": "[parameters('workspace-location')]",
               "properties": {
@@ -1183,37 +1135,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId10')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Ping Federate - Users recently reseted password",
+        "contentProductId": "[variables('_huntingQuerycontentProductId10')]",
+        "id": "[variables('_huntingQuerycontentProductId10')]",
+        "version": "[variables('huntingQueryVersion10')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "PingFederate data connector with template",
-        "displayName": "PingFederate template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederate data connector with template version 2.0.0",
+        "description": "PingFederate data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -1229,7 +1174,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "PingFederate",
+                  "title": "[Deprecated] PingFederate via Legacy Agent",
                   "publisher": "Ping Identity",
                   "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
                   "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
@@ -1349,13 +1294,348 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+                "contentId": "[variables('_dataConnectorContentId1')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "PingFederate",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] PingFederate via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId1')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "PingFederate",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Microsoft Corporation",
+          "email": "support@microsoft.com",
+          "tier": "Microsoft",
+          "link": "https://support.microsoft.com"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "[Deprecated] PingFederate via Legacy Agent",
+          "publisher": "Ping Identity",
+          "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "PingFederate",
+              "baseQuery": "PingFederateEvent"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (PingFederate)",
+              "lastDataReceivedQuery": "PingFederateEvent\n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "PingFederateEvent\n | summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Top 10 Devices",
+              "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
+            },
+            {
+              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+              "innerSteps": [
+                {
+                  "title": "1.1 Select or create a Linux machine",
+                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
+                },
+                {
+                  "title": "1.2 Install the CEF collector on the Linux machine",
+                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
+                  "instructions": [
+                    {
+                      "parameters": {
+                        "fillWith": [
+                          "WorkspaceId",
+                          "PrimaryKey"
+                        ],
+                        "label": "Run the following command to install and apply the CEF collector:",
+                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
+                      },
+                      "type": "CopyableLabel"
+                    }
+                  ]
+                }
+              ],
+              "title": "1. Linux Syslog agent configuration"
+            },
+            {
+              "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format.",
+              "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
+            },
+            {
+              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
+              "instructions": [
+                {
+                  "parameters": {
+                    "fillWith": [
+                      "WorkspaceId"
+                    ],
+                    "label": "Run the following command to validate your connectivity:",
+                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
+                  },
+                  "type": "CopyableLabel"
+                }
+              ],
+              "title": "3. Validate connection"
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "4. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId1')]",
+          "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "PingFederate data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] PingFederate via AMA",
+                  "publisher": "Ping Identity",
+                  "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
+                  "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "PingFederate",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Top 10 Devices",
+                      "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (PingFederate)",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                               
+                              },
+                              {
+                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                                "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format."
+                               
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
                 "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
+                "version": "[variables('dataConnectorVersion2')]",
                 "source": {
                   "kind": "Solution",
                   "name": "PingFederate",
@@ -1374,22 +1654,33 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] PingFederate via AMA",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
       "dependsOn": [
-        "[variables('_dataConnectorId1')]"
+        "[variables('_dataConnectorId2')]"
       ],
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
         "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
+        "version": "[variables('dataConnectorVersion2')]",
         "source": {
           "kind": "Solution",
           "name": "PingFederate",
@@ -1408,34 +1699,34 @@
       }
     },
     {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
       "apiVersion": "2021-03-01-preview",
       "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
       "location": "[parameters('workspace-location')]",
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "PingFederate",
+          "title": "[Recommended] PingFederate via AMA",
           "publisher": "Ping Identity",
           "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
           "graphQueries": [
             {
               "metricName": "Total data received",
               "legend": "PingFederate",
-              "baseQuery": "PingFederateEvent"
+              "baseQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
             }
           ],
           "dataTypes": [
             {
               "name": "CommonSecurityLog (PingFederate)",
-              "lastDataReceivedQuery": "PingFederateEvent\n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
             }
           ],
           "connectivityCriterias": [
             {
               "type": "IsConnectedQuery",
               "value": [
-                "PingFederateEvent\n | summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
+                "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
               ]
             }
           ],
@@ -1471,97 +1762,73 @@
                   "action": true
                 }
               }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
             ]
           },
           "instructionSteps": [
             {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
-            },
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format.",
-              "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
+              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
               "instructions": [
                 {
                   "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                        
+                      },
+                      {
+                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                        "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format."
+                        
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
                   },
-                  "type": "CopyableLabel"
+                  "type": "InstructionStepsGroup"
                 }
-              ],
-              "title": "3. Validate connection"
+              ]
             },
             {
               "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
+              "title": "2. Secure your machine "
             }
           ],
-          "id": "[variables('_uiConfigId1')]",
+          "id": "[variables('_uiConfigId2')]",
           "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
         }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 1 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateAbnormalPasswordResetsAttempts_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateAbnormalPasswordResetsAttempts_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion1')]",
@@ -1570,7 +1837,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId1')]",
+              "name": "[variables('analyticRulecontentId1')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -1593,18 +1860,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "CredentialAccess"
                 ],
+                "techniques": [
+                  "T1110"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   }
@@ -1639,37 +1915,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Abnormal password reset attempts",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 2 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateAuthFromNewSource_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateAuthFromNewSource_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion2')]",
@@ -1678,7 +1947,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId2')]",
+              "name": "[variables('analyticRulecontentId2')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -1701,18 +1970,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1078"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -1720,8 +1998,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -1756,37 +2034,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Authentication from new IP.",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName3')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 3 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName3'),'/',variables('analyticRuleVersion3'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName3'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateForbiddenCountry_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateForbiddenCountry_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion3')]",
@@ -1795,7 +2066,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId3')]",
+              "name": "[variables('analyticRulecontentId3')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -1818,18 +2089,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1078"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -1837,8 +2117,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -1873,37 +2153,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId3')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Forbidden country",
+        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
+        "id": "[variables('_analyticRulecontentProductId3')]",
+        "version": "[variables('analyticRuleVersion3')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName4')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 4 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName4'),'/',variables('analyticRuleVersion4'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName4'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateMultiplePasswordResetsForUser_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateMultiplePasswordResetsForUser_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion4')]",
@@ -1912,7 +2185,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId4')]",
+              "name": "[variables('analyticRulecontentId4')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -1935,6 +2208,12 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
@@ -1942,13 +2221,18 @@
                   "Persistence",
                   "PrivilegeEscalation"
                 ],
+                "techniques": [
+                  "T1078",
+                  "T1098",
+                  "T1134"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   }
@@ -1983,37 +2267,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId4')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Abnormal password resets for user",
+        "contentProductId": "[variables('_analyticRulecontentProductId4')]",
+        "id": "[variables('_analyticRulecontentProductId4')]",
+        "version": "[variables('analyticRuleVersion4')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName5')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 5 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName5'),'/',variables('analyticRuleVersion5'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName5'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateNewUserSSO_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateNewUserSSO_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion5')]",
@@ -2022,7 +2299,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId5')]",
+              "name": "[variables('analyticRulecontentId5')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2045,19 +2322,29 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess",
                   "Persistence"
                 ],
+                "techniques": [
+                  "T1078",
+                  "T1136"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   }
@@ -2092,37 +2379,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId5')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - New user SSO success login",
+        "contentProductId": "[variables('_analyticRulecontentProductId5')]",
+        "id": "[variables('_analyticRulecontentProductId5')]",
+        "version": "[variables('analyticRuleVersion5')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName6')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 6 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName6'),'/',variables('analyticRuleVersion6'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName6'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateOauthOld_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateOauthOld_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion6')]",
@@ -2131,7 +2411,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId6')]",
+              "name": "[variables('analyticRulecontentId6')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2154,18 +2434,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1190"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2173,8 +2462,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2209,37 +2498,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId6')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - OAuth old version",
+        "contentProductId": "[variables('_analyticRulecontentProductId6')]",
+        "id": "[variables('_analyticRulecontentProductId6')]",
+        "version": "[variables('analyticRuleVersion6')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName7')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 7 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName7'),'/',variables('analyticRuleVersion7'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName7'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederatePasswordRstReqUnexpectedSource_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederatePasswordRstReqUnexpectedSource_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion7')]",
@@ -2248,7 +2530,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId7')]",
+              "name": "[variables('analyticRulecontentId7')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2271,18 +2553,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1078"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2290,8 +2581,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2326,37 +2617,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId7')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Password reset request from unexpected source IP address..",
+        "contentProductId": "[variables('_analyticRulecontentProductId7')]",
+        "id": "[variables('_analyticRulecontentProductId7')]",
+        "version": "[variables('analyticRuleVersion7')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName8')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 8 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName8'),'/',variables('analyticRuleVersion8'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName8'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateSamlOld_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateSamlOld_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion8')]",
@@ -2365,7 +2649,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId8')]",
+              "name": "[variables('analyticRulecontentId8')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2388,18 +2672,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1190"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2407,8 +2700,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2443,37 +2736,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId8')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - SAML old version",
+        "contentProductId": "[variables('_analyticRulecontentProductId8')]",
+        "id": "[variables('_analyticRulecontentProductId8')]",
+        "version": "[variables('analyticRuleVersion8')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName9')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 9 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName9'),'/',variables('analyticRuleVersion9'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName9'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnexpectedAuthUrl_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateUnexpectedAuthUrl_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion9')]",
@@ -2482,7 +2768,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId9')]",
+              "name": "[variables('analyticRulecontentId9')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2505,18 +2791,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1078"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2524,8 +2819,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2560,37 +2855,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId9')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Unexpected authentication URL.",
+        "contentProductId": "[variables('_analyticRulecontentProductId9')]",
+        "id": "[variables('_analyticRulecontentProductId9')]",
+        "version": "[variables('analyticRuleVersion9')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName10')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 10 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName10'),'/',variables('analyticRuleVersion10'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName10'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnexpectedUserCountry_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateUnexpectedUserCountry_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion10')]",
@@ -2599,7 +2887,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId10')]",
+              "name": "[variables('analyticRulecontentId10')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2622,18 +2910,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1078"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2641,8 +2938,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2677,37 +2974,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId10')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Unexpected country for user",
+        "contentProductId": "[variables('_analyticRulecontentProductId10')]",
+        "id": "[variables('_analyticRulecontentProductId10')]",
+        "version": "[variables('analyticRuleVersion10')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName11')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "PingFederate Analytics Rule 11 with template",
-        "displayName": "PingFederate Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName11'),'/',variables('analyticRuleVersion11'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName11'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnusualMailDomain_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "PingFederateUnusualMailDomain_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion11')]",
@@ -2716,7 +3006,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId11')]",
+              "name": "[variables('analyticRulecontentId11')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -2739,18 +3029,27 @@
                       "PingFederateEvent"
                     ],
                     "connectorId": "PingFederate"
+                  },
+                  {
+                    "dataTypes": [
+                      "PingFederateEvent"
+                    ],
+                    "connectorId": "PingFederateAma"
                   }
                 ],
                 "tactics": [
                   "InitialAccess"
                 ],
+                "techniques": [
+                  "T1078"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2758,8 +3057,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2794,37 +3093,30 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId11')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Ping Federate - Unusual mail domain.",
+        "contentProductId": "[variables('_analyticRulecontentProductId11')]",
+        "id": "[variables('_analyticRulecontentProductId11')]",
+        "version": "[variables('analyticRuleVersion11')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "PingFederateEvent Data Parser with template",
-        "displayName": "PingFederateEvent Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateEvent Data Parser with template version 2.0.0",
+        "description": "PingFederateEvent Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -2833,20 +3125,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
                 "displayName": "PingFederate Data Parser",
-                "category": "Samples",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "PingFederateEvent",
-                "query": "\nCommonSecurityLog \r\n| where DeviceProduct has 'PingFederate'\r\n| extend EventVendor = DeviceVendor\r\n| extend EventProduct = DeviceProduct\r\n| extend EventProductVersion = DeviceVersion\r\n| extend EventSeverity = LogSeverity\r\n| extend SrcIpAddr = SourceIP\r\n| extend SrcHostname = SourceHostName\r\n| extend SrcUserName = SourceUserName\r\n| extend EventMessage = Message\r\n| extend EventSubType = DeviceEventClassID\r\n| extend EventType = Activity\r\n| extend DstUserName = DestinationUserID\r\n| extend DstGeoCountry = extract(@'country=;?(\\w+),.*', 1, AdditionalExtensions)\r\n| extend EventResultDetails = extract(@'description=(.*?),.*', 1, AdditionalExtensions)\r\n| extend DvcHostname = DeviceAddress\r\n| project TimeGenerated\r\n        , EventVendor\r\n        , EventProduct\r\n        , EventProductVersion\r\n        , EventMessage\r\n        , EventType\r\n        , EventSubType\r\n        , DstUserName\r\n        , DstGeoCountry\r\n        , DvcHostname\r\n        , EventSeverity\r\n        , SrcIpAddr\r\n        , SrcHostname\r\n        , SrcUserName\r\n        , EventResultDetails\r\n        , DeviceCustomString1Label\r\n        , DeviceCustomString1\r\n        , DeviceCustomString2Label\r\n        , DeviceCustomString2\r\n        , DeviceCustomString3Label\r\n        , DeviceCustomString3\r\n        , DeviceCustomString4Label\r\n        , DeviceCustomString4\r\n        , DeviceCustomString5Label\r\n        , DeviceCustomString5\r\n        , DeviceCustomString6Label\r\n        , DeviceCustomString6\r\n        , AdditionalExtensions\r\n",
-                "version": 1,
+                "query": "CommonSecurityLog \n| where DeviceProduct has 'PingFederate'\n| extend EventVendor = DeviceVendor\n| extend EventProduct = DeviceProduct\n| extend EventProductVersion = DeviceVersion\n| extend EventSeverity = LogSeverity\n| extend SrcIpAddr = SourceIP\n| extend SrcHostname = SourceHostName\n| extend SrcUserName = SourceUserName\n| extend EventMessage = Message\n| extend EventSubType = DeviceEventClassID\n| extend EventType = Activity\n| extend DstUserName = DestinationUserID\n| extend DstGeoCountry = extract(@'country=;?(\\w+),.*', 1, AdditionalExtensions)\n| extend EventResultDetails = extract(@'description=(.*?),.*', 1, AdditionalExtensions)\n| extend DvcHostname = DeviceAddress\n| project TimeGenerated\n        , EventVendor\n        , EventProduct\n        , EventProductVersion\n        , EventMessage\n        , EventType\n        , EventSubType\n        , DstUserName\n        , DstGeoCountry\n        , DvcHostname\n        , EventSeverity\n        , SrcIpAddr\n        , SrcHostname\n        , SrcUserName\n        , EventResultDetails\n        , DeviceCustomString1Label\n        , DeviceCustomString1\n        , DeviceCustomString2Label\n        , DeviceCustomString2\n        , DeviceCustomString3Label\n        , DeviceCustomString3\n        , DeviceCustomString4Label\n        , DeviceCustomString4\n        , DeviceCustomString5Label\n        , DeviceCustomString5\n        , DeviceCustomString6Label\n        , DeviceCustomString6\n        , AdditionalExtensions\n",
+                "functionParameters": "",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "PingFederate Data Parser"
+                    "value": ""
                   }
                 ]
               }
@@ -2881,21 +3174,39 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "PingFederate Data Parser",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-      "apiVersion": "2021-06-01",
+      "apiVersion": "2022-10-01",
       "name": "[variables('_parserName1')]",
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
         "displayName": "PingFederate Data Parser",
-        "category": "Samples",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "PingFederateEvent",
-        "query": "\nCommonSecurityLog \r\n| where DeviceProduct has 'PingFederate'\r\n| extend EventVendor = DeviceVendor\r\n| extend EventProduct = DeviceProduct\r\n| extend EventProductVersion = DeviceVersion\r\n| extend EventSeverity = LogSeverity\r\n| extend SrcIpAddr = SourceIP\r\n| extend SrcHostname = SourceHostName\r\n| extend SrcUserName = SourceUserName\r\n| extend EventMessage = Message\r\n| extend EventSubType = DeviceEventClassID\r\n| extend EventType = Activity\r\n| extend DstUserName = DestinationUserID\r\n| extend DstGeoCountry = extract(@'country=;?(\\w+),.*', 1, AdditionalExtensions)\r\n| extend EventResultDetails = extract(@'description=(.*?),.*', 1, AdditionalExtensions)\r\n| extend DvcHostname = DeviceAddress\r\n| project TimeGenerated\r\n        , EventVendor\r\n        , EventProduct\r\n        , EventProductVersion\r\n        , EventMessage\r\n        , EventType\r\n        , EventSubType\r\n        , DstUserName\r\n        , DstGeoCountry\r\n        , DvcHostname\r\n        , EventSeverity\r\n        , SrcIpAddr\r\n        , SrcHostname\r\n        , SrcUserName\r\n        , EventResultDetails\r\n        , DeviceCustomString1Label\r\n        , DeviceCustomString1\r\n        , DeviceCustomString2Label\r\n        , DeviceCustomString2\r\n        , DeviceCustomString3Label\r\n        , DeviceCustomString3\r\n        , DeviceCustomString4Label\r\n        , DeviceCustomString4\r\n        , DeviceCustomString5Label\r\n        , DeviceCustomString5\r\n        , DeviceCustomString6Label\r\n        , DeviceCustomString6\r\n        , AdditionalExtensions\r\n",
-        "version": 1
+        "query": "CommonSecurityLog \n| where DeviceProduct has 'PingFederate'\n| extend EventVendor = DeviceVendor\n| extend EventProduct = DeviceProduct\n| extend EventProductVersion = DeviceVersion\n| extend EventSeverity = LogSeverity\n| extend SrcIpAddr = SourceIP\n| extend SrcHostname = SourceHostName\n| extend SrcUserName = SourceUserName\n| extend EventMessage = Message\n| extend EventSubType = DeviceEventClassID\n| extend EventType = Activity\n| extend DstUserName = DestinationUserID\n| extend DstGeoCountry = extract(@'country=;?(\\w+),.*', 1, AdditionalExtensions)\n| extend EventResultDetails = extract(@'description=(.*?),.*', 1, AdditionalExtensions)\n| extend DvcHostname = DeviceAddress\n| project TimeGenerated\n        , EventVendor\n        , EventProduct\n        , EventProductVersion\n        , EventMessage\n        , EventType\n        , EventSubType\n        , DstUserName\n        , DstGeoCountry\n        , DvcHostname\n        , EventSeverity\n        , SrcIpAddr\n        , SrcHostname\n        , SrcUserName\n        , EventResultDetails\n        , DeviceCustomString1Label\n        , DeviceCustomString1\n        , DeviceCustomString2Label\n        , DeviceCustomString2\n        , DeviceCustomString3Label\n        , DeviceCustomString3\n        , DeviceCustomString4Label\n        , DeviceCustomString4\n        , DeviceCustomString5Label\n        , DeviceCustomString5\n        , DeviceCustomString6Label\n        , DeviceCustomString6\n        , AdditionalExtensions\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -2929,13 +3240,20 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.0",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "PingFederate",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.pingidentity.com/en/pingone/pingfederate.html\">PingFederate</a> solution provides the capability to ingest <a href=\"https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html\">PingFederate</a> events into Microsoft Sentinel. Refer to <a href=\"https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html\">PingFederate documentation</a> for more information.</p>\n<ol>\n<li><p><strong>PingFederate via AMA</strong> - This data connector helps in ingesting PingFederate logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>PingFederate via Legacy Agent</strong> - This data connector helps in ingesting PingFederate logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of PingFederate via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 11, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -3016,6 +3334,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
+            },
             {
               "kind": "AnalyticsRule",
               "contentId": "[variables('analyticRulecontentId1')]",
diff --git a/Solutions/PingFederate/ReleaseNotes.md b/Solutions/PingFederate/ReleaseNotes.md
new file mode 100644
index 00000000000..daf6c9db9ee
--- /dev/null
+++ b/Solutions/PingFederate/ReleaseNotes.md
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 04-09-2023                     |	Addition of new PingFederate AMA **Data Connector**             | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml b/Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml
index 976fc98eb2d..5206a55c6dd 100644
--- a/Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml	
+++ b/Solutions/Web Session Essentials/Analytic Rules/RarelyRequestedResources.yaml	
@@ -63,7 +63,7 @@ query: |
   | where tostring(set_Url) has_any(scriptExtensions)
   //Remove matches with referer
   | where max_HttpReferrer == ""
-  //Keep requests where data was trasferred either in a GET with parameters or a POST
+  //Keep requests where data was transferred either in a GET with parameters or a POST
   | where set_HttpRequestMethod in~ ("POST") or max_GetData == 1
   //Defeat email click tracking, may increase FN's while decreasing FP's
   | where set_Url !has "click" and set_HttpRequestMethod !has "GET"
@@ -102,5 +102,5 @@ customDetails:
 alertDetailsOverride:
   alertDisplayNameFormat: "User with IP '{{SourceIP}}' has been observed making request for a rare resource"
   alertDescriptionFormat: "User requested (TotalEvents='{{EventCount}}') for URL '{{RequestURL}}' which contains a known script extension. The domain associated with this URL has not been accessed by any other user. This activity could be a potential beaconing activity to maintain control over compromised systems, receive instructions, or exfiltrate data"
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Web Session Essentials/Workbooks/WebSessionEssentials.json b/Solutions/Web Session Essentials/Workbooks/WebSessionEssentials.json
index 48125ed7254..17b2160e068 100644
--- a/Solutions/Web Session Essentials/Workbooks/WebSessionEssentials.json	
+++ b/Solutions/Web Session Essentials/Workbooks/WebSessionEssentials.json	
@@ -2545,12 +2545,10 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let LastIngestionTime = toscalar (\r\n    union isfuzzy=true \r\n        (\r\n            WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n                | summarize max_TimeGenerated=max(EventTime_t)\r\n                | extend max_TimeGenerated = datetime_add('hour', 1, max_TimeGenerated)\r\n        ),\r\n        (\r\n            print({TimeRange:start})\r\n            | extend max_TimeGenerated = print_0\r\n            | project max_TimeGenerated\r\n        )\r\n        | summarize maxTimeGenerated = max(max_TimeGenerated) \r\n    );\r\nlet AllSrcIPs = \r\nunion isfuzzy=true \r\n    (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(SrcIpAddr)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| project SrcIpAddr\r\n\t\t| distinct SrcIpAddr\r\n    ),\r\n    (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(SrcIpAddr_s)\r\n        | extend SrcIpAddr=SrcIpAddr_s, DestHostname=DestDomain_s, SrcUsername=SrcUsername_s, SrcHostname=SrcHostname_s\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| distinct SrcIpAddr=SrcIpAddr_s\r\n    )\r\n    | distinct SrcIpAddr;\r\nlet AllDstIPs = \r\nunion isfuzzy=true \r\n    (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(DstIpAddr)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| distinct DstIpAddr\r\n    ),\r\n    (\r\n        WebSession_Summarized_DstIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(DstIpAddr_s)\r\n        | extend DstIpAddr=DstIpAddr_s, DestHostname=DestDomain_s\r\n        | where ('*' in~ ({SrcIpAddr}))\r\n        and ('*' in~ ({SrcUsername}))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| distinct DstIpAddr\r\n    )\r\n    | distinct DstIpAddr;\r\nlet AllIPs =\r\nunion AllSrcIPs, AllDstIPs;\r\n    SecurityAlert\r\n    | where TimeGenerated > {TimeRange:start}\r\n    | extend Parsed_Entities = parse_json(Entities)\r\n    | mv-expand Parsed_Entities\r\n    | extend Parsed_EntityType=tostring(Parsed_Entities.Type)\r\n    | where Parsed_EntityType =~ 'ip'\r\n    | extend UrlEntity = tostring(Parsed_Entities.Url)\r\n    | project-away Parsed_Entities\r\n    | where Entities in~ (AllIPs)",
+              "query": "let LastIngestionTime = toscalar (\r\n    union isfuzzy=true \r\n        (\r\n            WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n                | summarize max_TimeGenerated=max(EventTime_t)\r\n                | extend max_TimeGenerated = datetime_add('hour', 1, max_TimeGenerated)\r\n        ),\r\n        (\r\n            print({TimeRange:start})\r\n            | extend max_TimeGenerated = print_0\r\n            | project max_TimeGenerated\r\n        )\r\n        | summarize maxTimeGenerated = max(max_TimeGenerated) \r\n    );\r\nlet AllSrcIPs = \r\nunion isfuzzy=true \r\n    (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(SrcIpAddr)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| project SrcIpAddr\r\n\t\t| distinct SrcIpAddr\r\n    ),\r\n    (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(SrcIpAddr_s)\r\n        | extend SrcIpAddr=SrcIpAddr_s, DestHostname=DestDomain_s, SrcUsername=SrcUsername_s, SrcHostname=SrcHostname_s\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| distinct SrcIpAddr=SrcIpAddr_s\r\n    )\r\n    | distinct SrcIpAddr;\r\nlet AllDstIPs = \r\nunion isfuzzy=true \r\n    (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(DstIpAddr)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| distinct DstIpAddr\r\n    ),\r\n    (\r\n        WebSession_Summarized_DstIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(DstIpAddr_s)\r\n        | extend DstIpAddr=DstIpAddr_s, DestHostname=DestDomain_s\r\n        | where ('*' in~ ({SrcIpAddr}))\r\n        and ('*' in~ ({SrcUsername}))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n\t\t| distinct DstIpAddr\r\n    )\r\n    | distinct DstIpAddr;\r\nlet AllIPs =\r\nunion AllSrcIPs, AllDstIPs;\r\n    SecurityAlert\r\n    | where TimeGenerated > {TimeRange:start}\r\n    | extend Parsed_Entities = parse_json(Entities)\r\n    | mv-expand Parsed_Entities\r\n    | extend Parsed_EntityType=tostring(Parsed_Entities.Type)\r\n    | where Parsed_EntityType =~ 'ip'\r\n    | extend IPEntity = tostring(Parsed_Entities.Address)\r\n    | project-away Parsed_Entities\r\n    | where IPEntity in~ (AllIPs)\r\n    | project TimeGenerated, AlertSeverity, AlertName, Description, ProviderName, IPEntity, Status, Tactics, Techniques",
               "size": 1,
               "title": "Source or Destination IPs matching with Entities in Security Alert table",
-              "timeContext": {
-                "durationMs": 86400000
-              },
+              "timeContextFromParameter": "TimeRange",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "table"
@@ -2565,12 +2563,10 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let LastIngestionTime = toscalar (\r\n    union isfuzzy=true \r\n        (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | summarize max_TimeGenerated=max(EventTime_t)\r\n        | extend max_TimeGenerated = datetime_add('hour', 1, max_TimeGenerated)\r\n        ),\r\n        (\r\n        print({TimeRange:start})\r\n        | extend max_TimeGenerated = print_0\r\n        | project max_TimeGenerated\r\n        )\r\n    | summarize maxTimeGenerated = max(max_TimeGenerated) \r\n    );\r\nlet AllDstWebsites = \r\nunion isfuzzy=true \r\n    (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(Url)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct DestHostname\r\n    ),\r\n    (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(DestDomain_s)\r\n        | extend SrcIpAddr=SrcIpAddr_s, DestHostname=DestDomain_s, SrcUsername=SrcUsername_s, SrcHostname=SrcHostname_s\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct DestHostname\r\n    ),\r\n    (\r\n        WebSession_Summarized_DstIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(DestDomain_s)\r\n        | extend DestHostname = DestDomain_s\r\n        | where ('*' in~ ({SrcIpAddr}))\r\n        and ('*' in~ ({SrcUsername}))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct DestHostname\r\n    )\r\n    | distinct DestHostname;\r\nSecurityAlert\r\n| where TimeGenerated > {TimeRange:start}\r\n    | extend Parsed_Entities = parse_json(Entities)\r\n    | mv-expand Parsed_Entities\r\n    | extend Parsed_EntityType=tostring(Parsed_Entities.Type)\r\n    | where Parsed_EntityType =~ 'url'\r\n    | extend UrlEntity = tostring(Parsed_Entities.Url)\r\n    | project-away Parsed_Entities\r\n| where Entities has_any (AllDstWebsites)",
+              "query": "let LastIngestionTime = toscalar (\r\n    union isfuzzy=true \r\n        (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | summarize max_TimeGenerated=max(EventTime_t)\r\n        | extend max_TimeGenerated = datetime_add('hour', 1, max_TimeGenerated)\r\n        ),\r\n        (\r\n        print({TimeRange:start})\r\n        | extend max_TimeGenerated = print_0\r\n        | project max_TimeGenerated\r\n        )\r\n    | summarize maxTimeGenerated = max(max_TimeGenerated) \r\n    );\r\nlet AllDstWebsites = \r\nunion isfuzzy=true \r\n    (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(Url)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct DestHostname\r\n    ),\r\n    (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(DestDomain_s)\r\n        | extend SrcIpAddr=SrcIpAddr_s, DestHostname=DestDomain_s, SrcUsername=SrcUsername_s, SrcHostname=SrcHostname_s\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct DestHostname\r\n    ),\r\n    (\r\n        WebSession_Summarized_DstIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(DestDomain_s)\r\n        | extend DestHostname = DestDomain_s\r\n        | where ('*' in~ ({SrcIpAddr}))\r\n        and ('*' in~ ({SrcUsername}))\r\n        and ('*' in~ ({SrcHostname}))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct DestHostname\r\n    )\r\n    | distinct DestHostname;\r\nSecurityAlert\r\n| where TimeGenerated > {TimeRange:start}\r\n    | extend Parsed_Entities = parse_json(Entities)\r\n    | mv-expand Parsed_Entities\r\n    | extend Parsed_EntityType=tostring(Parsed_Entities.Type)\r\n    | where Parsed_EntityType =~ 'url'\r\n    | extend UrlEntity = tostring(Parsed_Entities.Url)\r\n    | project-away Parsed_Entities\r\n| where UrlEntity has_any (AllDstWebsites)\r\n| project TimeGenerated, AlertSeverity, AlertName, Description, ProviderName, UrlEntity, Status, Tactics, Techniques",
               "size": 1,
               "title": "Request URLs matching with Entities in Security Alert table",
-              "timeContext": {
-                "durationMs": 86400000
-              },
+              "timeContextFromParameter": "TimeRange",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "crossComponentResources": [
@@ -2587,7 +2583,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let LastIngestionTime = toscalar (\r\n    union isfuzzy=true \r\n        (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | summarize max_TimeGenerated=max(EventTime_t)\r\n        | extend max_TimeGenerated = datetime_add('hour', 1, max_TimeGenerated)\r\n        ),\r\n        (\r\n        print({TimeRange:start})\r\n        | extend max_TimeGenerated = print_0\r\n        | project max_TimeGenerated\r\n        )\r\n    | summarize maxTimeGenerated = max(max_TimeGenerated) \r\n    );\r\nlet AllSrcHostnames = \r\n    union isfuzzy=true \r\n        (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(SrcHostname)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct SrcHostname\r\n        ),\r\n        (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(SrcHostname_s)\r\n        | extend SrcIpAddr=SrcIpAddr_s, DestHostname=DestDomain_s, SrcUsername=SrcUsername_s, SrcHostname=SrcHostname_s\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct SrcHostname=SrcHostname_s\r\n        )\r\n    | distinct SrcHostname;\r\nSecurityAlert\r\n| where TimeGenerated > {TimeRange:start}\r\n    | extend Parsed_Entities = parse_json(Entities)\r\n    | mv-expand Parsed_Entities\r\n    | extend Parsed_EntityType=tostring(Parsed_Entities.Type)\r\n    | where Parsed_EntityType =~ 'host'\r\n    | extend UrlEntity = tostring(Parsed_Entities.Url)\r\n    | project-away Parsed_Entities\r\n| where Entities in~ (AllSrcHostnames)",
+              "query": "let LastIngestionTime = toscalar (\r\n    union isfuzzy=true \r\n        (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | summarize max_TimeGenerated=max(EventTime_t)\r\n        | extend max_TimeGenerated = datetime_add('hour', 1, max_TimeGenerated)\r\n        ),\r\n        (\r\n        print({TimeRange:start})\r\n        | extend max_TimeGenerated = print_0\r\n        | project max_TimeGenerated\r\n        )\r\n    | summarize maxTimeGenerated = max(max_TimeGenerated) \r\n    );\r\nlet AllSrcHostnames = \r\n    union isfuzzy=true \r\n        (\r\n        _Im_WebSession(starttime=todatetime(LastIngestionTime), endtime=now())\r\n        | where isnotempty(SrcHostname)\r\n        | extend DestHostname = tostring(parse_url(Url)[\"Host\"])\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct SrcHostname\r\n        ),\r\n        (\r\n        WebSession_Summarized_SrcIP_CL\r\n        | where EventTime_t >= {TimeRange:start}\r\n        | where isnotempty(SrcHostname_s)\r\n        | extend SrcIpAddr=SrcIpAddr_s, DestHostname=DestDomain_s, SrcUsername=SrcUsername_s, SrcHostname=SrcHostname_s\r\n        | where ('*' in~ ({SrcIpAddr}) or (SrcIpAddr in~ ({SrcIpAddr})))\r\n        and ('*' in~ ({SrcUsername}) or (SrcUsername in~ ({SrcUsername})))\r\n        and ('*' in~ ({SrcHostname}) or (SrcHostname in~ ({SrcHostname})))\r\n        and ('*' in~ ({DstHostname}) or (DestHostname in~ ({DstHostname})))\r\n        | distinct SrcHostname=SrcHostname_s\r\n        )\r\n    | distinct SrcHostname;\r\nSecurityAlert\r\n| where TimeGenerated > {TimeRange:start}\r\n    | extend Parsed_Entities = parse_json(Entities)\r\n    | mv-expand Parsed_Entities\r\n    | extend Parsed_EntityType=tostring(Parsed_Entities.Type)\r\n    | where Parsed_EntityType =~ 'host'\r\n    | extend HostEntity = tostring(Parsed_Entities.HostName)\r\n    | project-away Parsed_Entities\r\n| where HostEntity in~ (AllSrcHostnames)\r\n| project TimeGenerated, AlertSeverity, AlertName, Description, ProviderName, HostEntity, Status, Tactics, Techniques",
               "size": 1,
               "title": "Source HostNames matching with Entities in Security Alert table",
               "timeContextFromParameter": "TimeRange",
diff --git a/Solutions/WireX Network Forensics Platform/Data Connectors/WireXsystemsNFP(1b).json b/Solutions/WireX Network Forensics Platform/Data Connectors/WireXsystemsNFP(1b).json
index 9afb009892a..a3cf11c04f1 100644
--- a/Solutions/WireX Network Forensics Platform/Data Connectors/WireXsystemsNFP(1b).json	
+++ b/Solutions/WireX Network Forensics Platform/Data Connectors/WireXsystemsNFP(1b).json	
@@ -1,6 +1,6 @@
 {
     "id": "WireX_Systems_NFP",
-    "title": "WireX Network Forensics Platform",
+    "title": "[Deprecated] WireX Network Forensics Platform via Legacy Agent",
     "publisher": "WireX_Systems",
     "descriptionMarkdown": "The WireX Systems data connector allows security professional to integrate with Microsoft Sentinel to allow you to further enrich your forensics investigations; to not only encompass the contextual content offered by WireX but to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows.",
     "graphQueries": [
diff --git a/Solutions/WireX Network Forensics Platform/Data Connectors/template_WireXsystemsNFPAMA.json b/Solutions/WireX Network Forensics Platform/Data Connectors/template_WireXsystemsNFPAMA.json
new file mode 100644
index 00000000000..1c1298385fb
--- /dev/null
+++ b/Solutions/WireX Network Forensics Platform/Data Connectors/template_WireXsystemsNFPAMA.json	
@@ -0,0 +1,146 @@
+{
+    "id": "WireX_Systems_NFPAma",
+    "title": "[Recommended] WireX Network Forensics Platform via AMA",
+    "publisher": "WireX_Systems",
+    "descriptionMarkdown": "The WireX Systems data connector allows security professional to integrate with Microsoft Sentinel to allow you to further enrich your forensics investigations; to not only encompass the contextual content offered by WireX but to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "WireXNFPevents",
+            "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "All Imported Events from WireX",
+            "query":"CommonSecurityLog | where DeviceVendor == \"WireX\"\n"
+        }, 
+   
+        {
+            "description" : "Imported DNS Events from WireX",
+            "query":"CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"DNS\"\n" 
+        },
+    
+        {
+            "description" : "Imported DNS Events from WireX",
+            "query":"CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"HTTP\"\n" 
+        },
+    
+        {
+            "description" : "Imported DNS Events from WireX",
+            "query":"CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"TDS\"\n"
+        } 
+    ],
+    "dataTypes": [
+        {
+            "name": "CommonSecurityLog (WireXNFPevents)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+	   {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "read": true,
+                    "write": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+					"action": true
+			}
+
+            }
+        ],
+		"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+    },
+    "instructionSteps": [
+        {
+            "title": "",
+            "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+          "instructions": [
+			       {
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                                "description": "Contact WireX support (https://wirexsystems.com/contact-us/) in order to configure your NFP solution to send Syslog messages in CEF format to the proxy machine. Make sure that they central manager can send the logs to port 514 TCP on the machine's IP address.",
+                                "instructions": [
+                                ]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ] 
+        },
+        {
+            "title": "2. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ],
+    "metadata": {
+        "id": "4c0776c2-a5dc-419d-8cf7-81c2484448d2",
+        "version": "1.0.0",
+        "kind": "dataConnector",
+        "source": {
+            "kind": "community"
+        },
+        "author": {
+            "name": "WireX Systems"
+        },
+        "support": {
+            "name": "WireX Systems",
+            "email": "support@wirexsystems.com",
+            "tier": "developer"
+        }
+    }
+}
diff --git a/Solutions/WireX Network Forensics Platform/Data/Solution_WireXNetworkForensicsPlatform.json b/Solutions/WireX Network Forensics Platform/Data/Solution_WireXNetworkForensicsPlatform.json
index ac3d304092b..4641ac4c0ef 100644
--- a/Solutions/WireX Network Forensics Platform/Data/Solution_WireXNetworkForensicsPlatform.json	
+++ b/Solutions/WireX Network Forensics Platform/Data/Solution_WireXNetworkForensicsPlatform.json	
@@ -2,12 +2,13 @@
   "Name": "WireX Network Forensics Platform",
   "Author": "WireX Systems - info@wirexsystems.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/wirex-systems_logo.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [WireX Systems](https://wirexsystems.com/) solution allows custom dashboards and workflows during forensic investigation integrated with Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \na. [Common Event Format (CEF) formatted logs in Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "Description": "The [WireX Systems](https://wirexsystems.com/) solution allows custom dashboards and workflows during forensic investigation integrated with Microsoft Sentinel.\n\r\n1. **WireX Network Forensics Platform via AMA** - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **WireX Network Forensics Platform via Legacy Agent** - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of WireX Network Forensics Platform via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Data Connectors": [
-	"Solutions/WireX Network Forensics Platform/Data Connectors/WireXsystemsNFP(1b).json"
+	"Solutions/WireX Network Forensics Platform/Data Connectors/WireXsystemsNFP(1b).json",
+	"Solutions/WireX Network Forensics Platform/Data Connectors/template_WireXsystemsNFPAMA.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "2.0.2",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/WireX Network Forensics Platform/Data/system_generated_metadata.json b/Solutions/WireX Network Forensics Platform/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..3ce26bdd968
--- /dev/null
+++ b/Solutions/WireX Network Forensics Platform/Data/system_generated_metadata.json	
@@ -0,0 +1,29 @@
+{
+  "Name": "WireX Network Forensics Platform",
+  "Author": "WireX Systems - info@wirexsystems.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/wirex-systems_logo.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [WireX Systems](https://wirexsystems.com/) solution allows custom dashboards and workflows during forensic investigation integrated with Microsoft Sentinel.\n\r\n1. **WireX Network Forensics Platform via AMA** - This data connector helps in ingesting OSSEC logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **WireX Network Forensics Platform via Legacy Agent** - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of WireX Network Forensics Platform via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1PConnector": false,
+  "publisherId": "wirexsystems1584682625009",
+  "offerId": "wirex_network_forensics_platform_mss",
+  "providers": [
+    "WireX Systems"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Network",
+      "Security - Automation (SOAR)"
+    ]
+  },
+  "firstPublishDate": "2022-05-06",
+  "support": {
+    "tier": "Partner",
+    "name": "WireX Systems",
+    "link": "https://wirexsystems.com/contact-us/"
+  },
+  "Data Connectors": "[\n  \"WireXsystemsNFP(1b).json\",\n  \"template_WireXsystemsNFP(1b).json\"\n]"
+}
diff --git a/Solutions/WireX Network Forensics Platform/Package/3.0.0.zip b/Solutions/WireX Network Forensics Platform/Package/3.0.0.zip
new file mode 100644
index 00000000000..1ba418d3c8d
Binary files /dev/null and b/Solutions/WireX Network Forensics Platform/Package/3.0.0.zip differ
diff --git a/Solutions/WireX Network Forensics Platform/Package/createUiDefinition.json b/Solutions/WireX Network Forensics Platform/Package/createUiDefinition.json
index 9c170a1551e..9bd6898d184 100644
--- a/Solutions/WireX Network Forensics Platform/Package/createUiDefinition.json	
+++ b/Solutions/WireX Network Forensics Platform/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/wirex-systems_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [WireX Systems](https://wirexsystems.com/) solution allows custom dashboards and workflows during forensic investigation integrated with Microsoft Sentinel.\n\r\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \r\n\na. [Common Event Format (CEF) formatted logs in Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/wirex-systems_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/WireX Network%20Forensics%20Platform/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [WireX Systems](https://wirexsystems.com/) solution allows custom dashboards and workflows during forensic investigation integrated with Microsoft Sentinel.\n\r\n1. **WireX Network Forensics Platform via AMA** - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **WireX Network Forensics Platform via Legacy Agent** - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of WireX Network Forensics Platform via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,9 +60,10 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-                "text": "This solution installs the data connector for ingesting WireX Network Forensics Platform to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for WireX Network Forensics Platform. You can get WireX Network Forensics Platform CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
+        
           {
             "name": "dataconnectors-link2",
             "type": "Microsoft.Common.TextBlock",
diff --git a/Solutions/WireX Network Forensics Platform/Package/mainTemplate.json b/Solutions/WireX Network Forensics Platform/Package/mainTemplate.json
index 38ca6af1b8a..2457b60afb1 100644
--- a/Solutions/WireX Network Forensics Platform/Package/mainTemplate.json	
+++ b/Solutions/WireX Network Forensics Platform/Package/mainTemplate.json	
@@ -30,49 +30,43 @@
     }
   },
   "variables": {
-    "solutionId": "wirexsystems1584682625009.wirex_network_forensics_platform_mss",
-    "_solutionId": "[variables('solutionId')]",
     "email": "info@wirexsystems.com",
     "_email": "[variables('email')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "WireX Network Forensics Platform",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "wirexsystems1584682625009.wirex_network_forensics_platform_mss",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "WireX_Systems_NFP",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "WireX_Systems_NFP",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
-    "dataConnectorVersion1": "1.0.0"
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "WireX_Systems_NFPAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "WireX_Systems_NFPAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "WireX Network Forensics Platform data connector with template",
-        "displayName": "WireX Network Forensics Platform template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "WireX Network Forensics Platform data connector with template version 2.0.2",
+        "description": "WireX Network Forensics Platform data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -88,7 +82,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "WireX Network Forensics Platform",
+                  "title": "[Deprecated] WireX Network Forensics Platform via Legacy Agent",
                   "publisher": "WireX_Systems",
                   "descriptionMarkdown": "The WireX Systems data connector allows security professional to integrate with Microsoft Sentinel to allow you to further enrich your forensics investigations; to not only encompass the contextual content offered by WireX but to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows.",
                   "graphQueries": [
@@ -232,7 +226,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -256,12 +250,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] WireX Network Forensics Platform via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -296,7 +301,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "WireX Network Forensics Platform",
+          "title": "[Deprecated] WireX Network Forensics Platform via Legacy Agent",
           "publisher": "WireX_Systems",
           "descriptionMarkdown": "The WireX Systems data connector allows security professional to integrate with Microsoft Sentinel to allow you to further enrich your forensics investigations; to not only encompass the contextual content offered by WireX but to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows.",
           "graphQueries": [
@@ -423,14 +428,386 @@
         }
       }
     },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "WireX Network Forensics Platform data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] WireX Network Forensics Platform via AMA",
+                  "publisher": "WireX_Systems",
+                  "descriptionMarkdown": "The WireX Systems data connector allows security professional to integrate with Microsoft Sentinel to allow you to further enrich your forensics investigations; to not only encompass the contextual content offered by WireX but to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "WireXNFPevents",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "All Imported Events from WireX",
+                      "query": "CommonSecurityLog | where DeviceVendor == \"WireX\"\n"
+                    },
+                    {
+                      "description": "Imported DNS Events from WireX",
+                      "query": "CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"DNS\"\n"
+                    },
+                    {
+                      "description": "Imported DNS Events from WireX",
+                      "query": "CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"HTTP\"\n"
+                    },
+                    {
+                      "description": "Imported DNS Events from WireX",
+                      "query": "CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"TDS\"\n"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (WireXNFPevents)",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                                
+                              },
+                              {
+                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                                "description": "Contact WireX support (https://wirexsystems.com/contact-us/) in order to configure your NFP solution to send Syslog messages in CEF format to the proxy machine. Make sure that they central manager can send the logs to port 514 TCP on the machine's IP address."
+                               
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ],
+                  "metadata": {
+                    "id": "4c0776c2-a5dc-419d-8cf7-81c2484448d2",
+                    "version": "1.0.0",
+                    "kind": "dataConnector",
+                    "source": {
+                      "kind": "community"
+                    },
+                    "author": {
+                      "name": "WireX Systems"
+                    },
+                    "support": {
+                      "name": "WireX Systems",
+                      "email": "support@wirexsystems.com",
+                      "tier": "developer"
+                    }
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "WireX Network Forensics Platform",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "WireX Systems",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "tier": "Partner",
+                  "name": "WireX Systems",
+                  "link": "https://wirexsystems.com/contact-us/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] WireX Network Forensics Platform via AMA",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
+      }
+    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId2')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion2')]",
+        "source": {
+          "kind": "Solution",
+          "name": "WireX Network Forensics Platform",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "WireX Systems",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "tier": "Partner",
+          "name": "WireX Systems",
+          "link": "https://wirexsystems.com/contact-us/"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
       "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
       "properties": {
-        "version": "2.0.2",
+        "connectorUiConfig": {
+          "title": "[Recommended] WireX Network Forensics Platform via AMA",
+          "publisher": "WireX_Systems",
+          "descriptionMarkdown": "The WireX Systems data connector allows security professional to integrate with Microsoft Sentinel to allow you to further enrich your forensics investigations; to not only encompass the contextual content offered by WireX but to analyze data from other sources, and to create custom dashboards to give the most complete picture during a forensic investigation and to create custom workflows.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "WireXNFPevents",
+              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (WireXNFPevents)",
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'WireX'\n |where DeviceProduct=~'WireX NFP'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "All Imported Events from WireX",
+              "query": "CommonSecurityLog | where DeviceVendor == \"WireX\"\n"
+            },
+            {
+              "description": "Imported DNS Events from WireX",
+              "query": "CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"DNS\"\n"
+            },
+            {
+              "description": "Imported DNS Events from WireX",
+              "query": "CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"HTTP\"\n"
+            },
+            {
+              "description": "Imported DNS Events from WireX",
+              "query": "CommonSecurityLog| where DeviceVendor == \"WireX\"\n and ApplicationProtocol == \"TDS\"\n"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+              "instructions": [
+                {
+                  "parameters": {
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                       
+                      },
+                      {
+                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
+                        "description": "Contact WireX support (https://wirexsystems.com/contact-us/) in order to configure your NFP solution to send Syslog messages in CEF format to the proxy machine. Make sure that they central manager can send the logs to port 514 TCP on the machine's IP address."
+                       
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "2. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId2')]"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "WireX Network Forensics Platform",
+        "publisherDisplayName": "WireX Systems",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://wirexsystems.com/\">WireX Systems</a> solution allows custom dashboards and workflows during forensic investigation integrated with Microsoft Sentinel.</p>\n<ol>\n<li><p><strong>WireX Network Forensics Platform via AMA</strong> - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>WireX Network Forensics Platform via Legacy Agent</strong> - This data connector helps in ingesting WireX Network Forensics Platform logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of WireX Network Forensics Platform via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/wirex-systems_logo.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -454,6 +831,11 @@
               "kind": "DataConnector",
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
+            },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
             }
           ]
         },
diff --git a/Solutions/WireX Network Forensics Platform/ReleaseNotes.md b/Solutions/WireX Network Forensics Platform/ReleaseNotes.md
new file mode 100644
index 00000000000..d0c2e90f791
--- /dev/null
+++ b/Solutions/WireX Network Forensics Platform/ReleaseNotes.md	
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                     |
+|-------------|--------------------------------|------------------------------------------------------------------------|
+| 3.0.0       | 05-09-2023                     |  Addition of new WireX Network Forensics Platform **Data Connector**   | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml b/Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml
index 0d031f5291a..4ff86d70d62 100644
--- a/Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml	
+++ b/Solutions/vArmour Application Controller/Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml	
@@ -8,6 +8,9 @@ requiredDataConnectors:
   - connectorId: vArmourAC
     dataTypes:
       - CommonSecurityLog
+  - connectorId: vArmourACAma
+    dataTypes:
+      - CommonSecurityLog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -33,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SourceIP
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/vArmour Application Controller/Data Connectors/Connector_vArmour_AppController_CEF.json b/Solutions/vArmour Application Controller/Data Connectors/Connector_vArmour_AppController_CEF.json
index 9ea48ac6534..db144ddf21b 100644
--- a/Solutions/vArmour Application Controller/Data Connectors/Connector_vArmour_AppController_CEF.json	
+++ b/Solutions/vArmour Application Controller/Data Connectors/Connector_vArmour_AppController_CEF.json	
@@ -1,6 +1,6 @@
 {
     "id": "vArmourAC",
-    "title": " vArmour Application Controller",
+    "title": "[Deprecated] vArmour Application Controller via Legacy Agent",
     "publisher": "vArmour",
     "descriptionMarkdown": "vArmour reduces operational risk and increases cyber resiliency by visualizing and controlling application relationships across the enterprise. This vArmour connector enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.",
     "graphQueries": [
diff --git a/Solutions/vArmour Application Controller/Data Connectors/template_vArmour_AppControllerAMA.json b/Solutions/vArmour Application Controller/Data Connectors/template_vArmour_AppControllerAMA.json
new file mode 100644
index 00000000000..966d2cdca8c
--- /dev/null
+++ b/Solutions/vArmour Application Controller/Data Connectors/template_vArmour_AppControllerAMA.json	
@@ -0,0 +1,141 @@
+{
+    "id": "vArmourACAma",
+    "title":"[Recommended] vArmour Application Controller via AMA",
+    "publisher": "vArmour",
+    "descriptionMarkdown": "vArmour reduces operational risk and increases cyber resiliency by visualizing and controlling application relationships across the enterprise. This vArmour connector enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "vArmour",
+            "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n   |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+        }
+    ],
+    "sampleQueries": [
+        {
+          "description" : "Top 10 App to App violations",
+          "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| extend AppNameSrcDstPair = extract_all(\"AppName=;(\\\\w+)\", AdditionalExtensions)\n| summarize count() by tostring(AppNameSrcDstPair)\n| top 10 by count_\n"
+        },
+        {
+          "description" : "Top 10 Policy names matching violations",
+          "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by DeviceCustomString1\n| top 10 by count_ desc\n"
+        },
+        {
+            "description" : "Top 10 Source IPs generating violations",
+            "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by SourceIP\n| top 10 by count_\n"
+        },
+        {
+            "description" : "Top 10 Destination IPs generating violations",
+            "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by DestinationIP\n| top 10 by count_\n"
+        },
+        {
+            "description" : "Top 10 Application Protocols matching violations",
+            "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by ApplicationProtocol\n| top 10 by count_\n"
+        }
+
+    ],
+    "dataTypes": [
+        {
+            "name": "CommonSecurityLog (vArmour)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "read": true,
+                    "write": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ],
+			"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+    },
+    "instructionSteps": [
+        {
+            "title": "",
+            "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+               "instructions": [
+			       {
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B. Configure the vArmour Application Controller to forward Common Event Format (CEF) logs to the Syslog agent",
+                                "description": "Send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.",
+                                "innerSteps": [
+							{
+								"title": "1 Download the vArmour Application Controller user guide",
+								"description": "Download the user guide from https://support.varmour.com/hc/en-us/articles/360057444831-vArmour-Application-Controller-6-0-User-Guide."
+							},
+							{
+								"title": "2 Configure the Application Controller to Send Policy Violations",
+								"description": "In the user guide - refer to \"Configuring Syslog for Monitoring and Violations\" and follow steps 1 to 3."
+							}
+							]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ]
+        },
+      
+       
+        {
+            "title": "2. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ]
+}
diff --git a/Solutions/vArmour Application Controller/Data/Solution_vArmour.json b/Solutions/vArmour Application Controller/Data/Solution_vArmour.json
index b9bd99306e4..25ad5af3646 100644
--- a/Solutions/vArmour Application Controller/Data/Solution_vArmour.json	
+++ b/Solutions/vArmour Application Controller/Data/Solution_vArmour.json	
@@ -2,9 +2,10 @@
   "Name": "vArmour Application Controller",
   "Author": "vArmour",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/vArmour%20Application%20Controller/Data%20Connectors/Logo/varmour-logo.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "This vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)",
+  "Description": "This vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.\n\r\n1. **vArmour Application Controller via AMA** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **vArmour Application Controller via Legacy Agent** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of vArmour Application Controller via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Data Connectors": [
-    "Data Connectors/Connector_vArmour_AppController_CEF.json"
+    "Data Connectors/Connector_vArmour_AppController_CEF.json",
+	"Data Connectors/template_vArmour_AppControllerAMA.json"
   ],
   "Workbooks": [
 	"Workbooks/vArmour_AppContoller_Workbook.json"
@@ -13,7 +14,7 @@
     "Analytic Rules/vArmourApplicationControllerSMBRealmTraversal.yaml"
 	],
 	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\vArmour Application Controller",
-  "Version": "2.0.0",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/vArmour Application Controller/Data/system_generated_metadata.json b/Solutions/vArmour Application Controller/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..1edb6a6ea54
--- /dev/null
+++ b/Solutions/vArmour Application Controller/Data/system_generated_metadata.json	
@@ -0,0 +1,31 @@
+{
+  "Name": "vArmour Application Controller",
+  "Author": "vArmour",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/vArmour%20Application%20Controller/Data%20Connectors/Logo/varmour-logo.svg\"width=\"75px\"height=\"75px\">",
+  "Description": "This vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.\n\r\n1. **vArmour Application Controller via AMA** - This data connector helps in ingesting OSSEC logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **vArmour Application Controller via Legacy Agent** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of vArmour Application Controller via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\vArmour Application Controller",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "varmournetworks",
+  "offerId": "varmour_sentinel",
+  "providers": [
+    "vArmour"
+  ],
+  "categories": {
+    "domains": [
+      "IT Operations"
+    ],
+    "verticals": []
+  },
+  "firstPublishDate": "2022-06-01",
+  "support": {
+    "name": "vArmour Networks",
+    "tier": "Partner",
+    "link": "https://www.varmour.com/contact-us/"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/Connector_vArmour_AppController_CEF.json\",\n  \"Data Connectors/template_Connector_vArmour_AppController_CEFAMA.json\"\n]",
+  "Workbooks": "[\n  \"Workbooks/vArmour_AppContoller_Workbook.json\"\n]",
+  "Analytic Rules": "[\n  \"vArmourApplicationControllerSMBRealmTraversal.yaml\"\n]"
+}
diff --git a/Solutions/vArmour Application Controller/Package/3.0.0.zip b/Solutions/vArmour Application Controller/Package/3.0.0.zip
new file mode 100644
index 00000000000..408b917367b
Binary files /dev/null and b/Solutions/vArmour Application Controller/Package/3.0.0.zip differ
diff --git a/Solutions/vArmour Application Controller/Package/createUiDefinition.json b/Solutions/vArmour Application Controller/Package/createUiDefinition.json
index 4440663c659..f6122199738 100644
--- a/Solutions/vArmour Application Controller/Package/createUiDefinition.json	
+++ b/Solutions/vArmour Application Controller/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/vArmour%20Application%20Controller/Data%20Connectors/Logo/varmour-logo.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThis vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Agent-based log collection (CEF over Syslog)](https://docs.microsoft.com/azure/sentinel/connect-common-event-format)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/vArmour%20Application%20Controller/Data%20Connectors/Logo/varmour-logo.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/vArmour%20Application%20Controller/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.\n\r\n1. **vArmour Application Controller via AMA** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **vArmour Application Controller via Legacy Agent** - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of vArmour Application Controller via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Workbooks:** 1, **Analytic Rules:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,10 +60,10 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector that enables streaming of Application Controller Violation Alerts into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for vArmour Application Controller. You can get vArmour Application Controller CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
-          {
+        {
             "name": "dataconnectors-link2",
             "type": "Microsoft.Common.TextBlock",
             "options": {
@@ -88,7 +88,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The workbook installed with the vArmour Application Controller help’s you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {
@@ -100,6 +100,20 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
               }
             }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "vArmour Application Controller",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Sets the time name for analysis"
+                }
+              }
+            ]
           }
         ]
       },
diff --git a/Solutions/vArmour Application Controller/Package/mainTemplate.json b/Solutions/vArmour Application Controller/Package/mainTemplate.json
index b4000912d50..4f50161844f 100644
--- a/Solutions/vArmour Application Controller/Package/mainTemplate.json	
+++ b/Solutions/vArmour Application Controller/Package/mainTemplate.json	
@@ -38,57 +38,54 @@
     }
   },
   "variables": {
+    "_solutionName": "vArmour Application Controller",
+    "_solutionVersion": "3.0.0",
     "solutionId": "varmournetworks.varmour_sentinel",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "uiConfigId1": "vArmourAC",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "vArmourAC",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "vArmourACAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "vArmourACAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "vArmourAppContollerWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
-    "analyticRuleVersion1": "1.0.0",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+    "analyticRuleVersion1": "1.0.1",
     "analyticRulecontentId1": "a36de6c3-3198-4d37-92ae-e19e36712c2e",
     "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
     "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]"
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "vArmour Application Controller data connector with template",
-        "displayName": "vArmour Application Controller template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "vArmour Application Controller data connector with template version 2.0.0",
+        "description": "vArmour Application Controller data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -104,7 +101,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": " vArmour Application Controller",
+                  "title": "[Deprecated] vArmour Application Controller via Legacy Agent",
                   "publisher": "vArmour",
                   "descriptionMarkdown": "vArmour reduces operational risk and increases cyber resiliency by visualizing and controlling application relationships across the enterprise. This vArmour connector enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.",
                   "graphQueries": [
@@ -246,7 +243,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -269,12 +266,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] vArmour Application Controller via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -308,7 +316,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": " vArmour Application Controller",
+          "title": "[Deprecated] vArmour Application Controller via Legacy Agent",
           "publisher": "vArmour",
           "descriptionMarkdown": "vArmour reduces operational risk and increases cyber resiliency by visualizing and controlling application relationships across the enterprise. This vArmour connector enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.",
           "graphQueries": [
@@ -450,33 +458,388 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
-      "name": "[variables('workbookTemplateSpecName1')]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "description": "vArmour Application Controller Workbook with template",
-        "displayName": "vArmour Application Controller workbook template"
+        "description": "vArmour Application Controller data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] vArmour Application Controller via AMA",
+                  "publisher": "vArmour",
+                  "descriptionMarkdown": "vArmour reduces operational risk and increases cyber resiliency by visualizing and controlling application relationships across the enterprise. This vArmour connector enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "vArmour",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n   |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Top 10 App to App violations",
+                      "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| extend AppNameSrcDstPair = extract_all(\"AppName=;(\\\\w+)\", AdditionalExtensions)\n| summarize count() by tostring(AppNameSrcDstPair)\n| top 10 by count_\n"
+                    },
+                    {
+                      "description": "Top 10 Policy names matching violations",
+                      "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by DeviceCustomString1\n| top 10 by count_ desc\n"
+                    },
+                    {
+                      "description": "Top 10 Source IPs generating violations",
+                      "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by SourceIP\n| top 10 by count_\n"
+                    },
+                    {
+                      "description": "Top 10 Destination IPs generating violations",
+                      "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by DestinationIP\n| top 10 by count_\n"
+                    },
+                    {
+                      "description": "Top 10 Application Protocols matching violations",
+                      "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by ApplicationProtocol\n| top 10 by count_\n"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (vArmour)",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                               
+                              },
+                              {
+                                "title": "Step B. Configure the vArmour Application Controller to forward Common Event Format (CEF) logs to the Syslog agent",
+                                "description": "Send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.",
+                                "innerSteps": [
+                                  {
+                                    "title": "1 Download the vArmour Application Controller user guide",
+                                    "description": "Download the user guide from https://support.varmour.com/hc/en-us/articles/360057444831-vArmour-Application-Controller-6-0-User-Guide."
+                                  },
+                                  {
+                                    "title": "2 Configure the Application Controller to Send Policy Violations",
+                                    "description": "In the user guide - refer to \"Configuring Syslog for Monitoring and Violations\" and follow steps 1 to 3."
+                                  }
+                                ]
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "vArmour Application Controller",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "vArmour"
+                },
+                "support": {
+                  "name": "vArmour Networks",
+                  "tier": "Partner",
+                  "link": "https://www.varmour.com/contact-us/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] vArmour Application Controller via AMA",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId2')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion2')]",
+        "source": {
+          "kind": "Solution",
+          "name": "vArmour Application Controller",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "vArmour"
+        },
+        "support": {
+          "name": "vArmour Networks",
+          "tier": "Partner",
+          "link": "https://www.varmour.com/contact-us/"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "[Recommended] vArmour Application Controller via AMA",
+          "publisher": "vArmour",
+          "descriptionMarkdown": "vArmour reduces operational risk and increases cyber resiliency by visualizing and controlling application relationships across the enterprise. This vArmour connector enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search & correlation, alerting, & threat intelligence enrichment for each log.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "vArmour",
+              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n   |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (vArmour)",
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'vArmour'\n |where DeviceProduct =~ 'AC'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Top 10 App to App violations",
+              "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| extend AppNameSrcDstPair = extract_all(\"AppName=;(\\\\w+)\", AdditionalExtensions)\n| summarize count() by tostring(AppNameSrcDstPair)\n| top 10 by count_\n"
+            },
+            {
+              "description": "Top 10 Policy names matching violations",
+              "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by DeviceCustomString1\n| top 10 by count_ desc\n"
+            },
+            {
+              "description": "Top 10 Source IPs generating violations",
+              "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by SourceIP\n| top 10 by count_\n"
+            },
+            {
+              "description": "Top 10 Destination IPs generating violations",
+              "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by DestinationIP\n| top 10 by count_\n"
+            },
+            {
+              "description": "Top 10 Application Protocols matching violations",
+              "query": "CommonSecurityLog\n| where DeviceVendor == \"vArmour\"\n| where DeviceProduct == \"AC\"\n| where Activity == \"POLICY_VIOLATION\"\n| summarize count() by ApplicationProtocol\n| top 10 by count_\n"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+              "instructions": [
+                {
+                  "parameters": {
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                        
+                      },
+                      {
+                        "title": "Step B. Configure the vArmour Application Controller to forward Common Event Format (CEF) logs to the Syslog agent",
+                        "description": "Send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.",
+                        "innerSteps": [
+                          {
+                            "title": "1 Download the vArmour Application Controller user guide",
+                            "description": "Download the user guide from https://support.varmour.com/hc/en-us/articles/360057444831-vArmour-Application-Controller-6-0-User-Guide."
+                          },
+                          {
+                            "title": "2 Configure the Application Controller to Send Policy Violations",
+                            "description": "In the user guide - refer to \"Configuring Syslog for Monitoring and Violations\" and follow steps 1 to 3."
+                          }
+                        ]
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "2. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId2')]"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "vArmour_AppContoller_WorkbookWorkbook Workbook with template version 2.0.0",
+        "description": "vArmour_AppContoller_WorkbookWorkbook Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -533,43 +896,40 @@
                     {
                       "contentId": "vArmourAC",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "vArmourACAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('analyticRuleTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "vArmour Application Controller Analytics Rule 1 with template",
-        "displayName": "vArmour Application Controller Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "vArmourApplicationControllerSMBRealmTraversal_AnalyticalRules Analytics Rule with template version 2.0.0",
+        "description": "vArmourApplicationControllerSMBRealmTraversal_AnalyticalRules Analytics Rule with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion1')]",
@@ -578,7 +938,7 @@
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId1')]",
+              "name": "[variables('analyticRulecontentId1')]",
               "apiVersion": "2022-04-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
@@ -597,16 +957,26 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "vArmourAC",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "vArmourAC"
+                  },
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog"
+                    ],
+                    "connectorId": "vArmourACAma"
                   }
                 ],
                 "tactics": [
                   "Discovery",
                   "LateralMovement"
                 ],
+                "techniques": [
+                  "T1135",
+                  "T1570"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Host",
@@ -655,17 +1025,35 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "vArmour AppController - SMB Realm Traversal",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.0",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "vArmour Application Controller",
+        "publisherDisplayName": "vArmour Networks",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>This vArmour solution enables streaming of Application Controller Violation Alerts into Microsoft Sentinel, so you can take advantage of search &amp; correlation, alerting, &amp; threat intelligence enrichment for each log.</p>\n<ol>\n<li><p><strong>vArmour Application Controller via AMA</strong> - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>vArmour Application Controller via Legacy Agent</strong> - This data connector helps in ingesting vArmour Application Controller logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of vArmour Application Controller via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/vArmour%20Application%20Controller/Data%20Connectors/Logo/varmour-logo.svg\"width=\"75px\"height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -689,6 +1077,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
+            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/vArmour Application Controller/ReleaseNotes.md b/Solutions/vArmour Application Controller/ReleaseNotes.md
new file mode 100644
index 00000000000..e192c60f3d3
--- /dev/null
+++ b/Solutions/vArmour Application Controller/ReleaseNotes.md	
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                       |
+|-------------|--------------------------------|--------------------------------------------------------------------------|
+| 3.0.0       | 04-09-2023                     |	Addition of new vArmour Application Controller AMA **Data Connector** | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
index 6c86dcff0f1..96a27e3eed3 100644
--- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
+++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -2981,7 +2981,8 @@
             "CommonSecurityLog"
         ],
         "dataConnectorsDependencies": [
-            "vArmourAC"
+            "vArmourAC",
+			"vArmourACAma"
         ],
         "previewImagesFileNames": [
             "vArmourAppControllerAppBlack.png",
@@ -3231,7 +3232,8 @@
             "PingFederateEvent"
         ],
         "dataConnectorsDependencies": [
-            "PingFederate"
+            "PingFederate",
+			"PingFederateAma"
         ],
         "previewImagesFileNames": [
             "PingFederateBlack1.png",
@@ -5510,5 +5512,22 @@
     "templateRelativePath": "GreyNoiseOverview.json",
     "subtitle": "",
     "provider": "GreyNoise Intelligence, Inc."
-  }
+  },
+{
+    "workbookKey": "MailGuard365Workbook",
+    "logoFileName": "MailGuard365_logo.svg",
+    "description": "MailGuard 365 Workbook",
+    "dataTypesDependencies": [
+      "MailGuard365_Threats_CL"
+    ],
+    "dataConnectorsDependencies": [
+      "MailGuard365"
+    ],
+    "previewImagesFileNames": [],
+    "version": "1.0.0",
+    "title": "MailGuard365",
+    "templateRelativePath": "MailGuard365Dashboard.json",
+    "subtitle": "",
+    "provider": "MailGuard 365"
+}
 ]
\ No newline at end of file