Home > Manage Auto Discovery > Supported Criteria in Auto Discovery Rules > Microsoft 365
Export to PDFMicrosoft 365
The following sections list the criteria that are supported in auto discovery advanced mode rules for Microsoft 365 objects.
Exchange Mailbox
The sections below are the supported criteria and conditions.
| Criteria | Condition | Tip |
|---|---|---|
| City | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Company | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Usage location | Equals / Does not equal | |
| Custom attribute | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | After selecting this criterion, select an attribute number, which is retrieved from Exchange Online. |
| Department | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Display name | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Email address | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group membership | Contains / Does not contain / Equals / Does not equal / Equals any of / Does not equal any of | This criterion allows you to scan the mailboxes of users in a specific group.If users are in a security group, enter the group name.If users are in a Microsoft 365 group, distribution group, shared mailbox, or mail-enabled security group, enter the group ID before domain ‘@’.If the group you entered has nested groups, AvePoint Online Services will scan mailboxes for users in the first five layers of groups.If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Job title | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Exchange mailbox type | Equals / Does not equal | This criterion only supports app profiles with the Exchange.ManageAsApp API permission. You also must ensure that the app has been assigned with the Exchange Administrator role. For additional details, see How to Assign the Exchange Administrator Role to an App? |
| Office | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Microsoft 365 subscription name | Contains / Does not contain / Equals / Does not equal | |
| Geo location | Equals / Does not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| State or province | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| User ID | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| ZIP/Postal code | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Sign-in status | Equals / Does not equal | |
| Property synced from on-premises: Distinguished name / Domain name / Immutable ID / SAM account name / Security identifier / User principal name | Contains / Does not contain / Equals / Does not equal / Matches / Does not match |
OneDrive
| Criteria | Condition | Tip |
|---|---|---|
| Site collection property > Created time | Before / After / On / Within / Older than | |
| Site collection property > Custom property: Date and Time | Before / After / On / Within / Older than | |
| Site collection property > Custom property: Number | >= / <= / = | |
| Site collection property > Custom property: Text | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Site collection property > Custom property: Yes/No | Equals / Does not equal | |
| Site collection property > Orphaned OneDrive | Equals / Does not equal | For an orphaned user that no longer exists in your organization, this user’s OneDrive is regarded as an orphaned OneDrive. To use this criterion, contact AvePoint representatives to enable the scan for orphaned OneDrive first. For unified management, it is recommended that you configure one container for all orphaned OneDrive. |
| Site collection property > Primary administrator | Contains / Equals / Equals any of | If you want to configure multiple values for the Equals any of condition, separate the values with a semicolon (;). |
| Site collection property > Site status | Equals / Does not equal | Available options: Active / Locked (Read-only) / Locked (No access) |
| Site collection property > Size | >= / <= | |
| Site collection property > URL | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Basic user information > City | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Company | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Country or region | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Custom attribute | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Department | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Basic user information > Employee type | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Group membership | Contains / Does not contain / Equals / Does not equal / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Basic user information > Job title | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Office | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Basic user information > Sign-in status | Equals / Does not equal | |
| Basic user information > Microsoft 365 subscription name | Contains / Does not contain / Equals / Does not equal | |
| Basic user information > Geo location | Equals / Does not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| Basic user information > Username | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Basic user information > Usage location | Equals / Does not equal | |
| User profile property > Boolean | Equals / Does not equal | |
| User profile property > Date | Before / After / On / Within / Older than | |
| User profile property > Email | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| User profile property > Person | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| User profile property > String (single value) | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| User profile property > URL | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
SharePoint Site
| Criteria | Condition | Tip |
|---|---|---|
| Archive status | Equals | Available options: Archived / Not archived |
| Created time | Before / After / On / Within / Older than | |
| Creator > Department | Contains / Does not contain / Equals / Does not equal / Matches / Does not match / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Creator > Microsoft Entra ID attribute | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Creator > Group membership | Contains / Does not contain / Equals / Does not equal / Equals any of / Does not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Creator > Custom property: Text | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Custom property: Date and Time | Before / After / On / Within / Older than | |
| Custom property: Number | >= / <= / = | |
| Custom property: Text | Contains / Does not contain / Equals / Does not equal / Matches / Does not match | |
| Custom property: Yes/No | Equals / Does not equal | |
| External sharing: Anyone / New and existing guests / Existing guests only / Only people in your organization | Equals / Does not equal | |
| Primary administrator | ContainsEqualsEquals any of | If you want to configure multiple values for the Equals any of condition, separate the values with a semicolon (;). |
| Sensitivity label | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Site classification | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Geo location | EqualsDoes not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| Site status | EqualsDoes not equal | Available options: Active / Locked (Read-only) / Locked (No access) |
| Size | >=<= | |
| Template name | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | An example for Template name is STS#0. |
| Template title | ContainsEquals | An example for Template title is Team Site. |
| Title | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| URL | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Hub site name | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Last activity (UTC) | BeforeAfterOnWithinOlder thanIs no detected activity |
Microsoft 365 Group / Microsoft Team / Viva Engage Community
| Criteria | Condition | Tip |
|---|---|---|
| Group / Team / Viva Engage community property > Type | EqualsDoes not equal | |
| Group / Team / Viva Engage community property > Team status | ActiveArchived | |
| Group / Team / Viva Engage community property > Display name | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group / Team / Viva Engage community property > Creator > Department | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group / Team / Viva Engage community property > Creator: Microsoft Entra ID attributeUsage locationCustom property > Text | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions |
| Group / Team / Viva Engage community property > Custom attribute | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Group / Team / Viva Engage community property > Custom property > Number | >=<== | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions. |
| Group / Team / Viva Engage community property > Custom property > Text | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions |
| Group / Team / Viva Engage community property > Classification | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Group / Team / Viva Engage community property > Cloud Governance metadata | Contains Does not containEqualsDoes not equalMatchesDoes not match | |
| Group / Team / Viva Engage community property > Primary email address | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group / Team / Viva Engage community property > Owner | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchIs not emptyIs a member of the groupDomain isEquals any ofDoes not equal any of | Equals – If you use this condition to scan a Microsoft 365 Group which has more than one owner, you add each owner’s user ID using the Equals condition and apply the Or logic option to these Equals conditions.Equals / Does not equal / Contains / Does not contain / Matches / Does not match – If you use any of these conditions to scan Microsoft 365 Groups, enter the full user ID before domain ‘@’.Equals any of / Does not equal any of – Enter the full user ID before domain ‘@’, and separate the values with semicolon (;).Is a member of the group – This condition allows you to scan all Microsoft 365 Groups whose owner or at least one of their owners is a member of a group in Microsoft 365.If the owner is in a security group, enter the group name.If the owner is in a Microsoft 365 Group, distribution group, shared mailbox, or mail-enabled security group, enter the group ID before domain ‘@’.If the group you entered has nested groups, AvePoint Online Services will search members from the first five layers. |
| Group / Team / Viva Engage community property > Member | ContainsDoes not containMatchesDoes not matchIs not emptyEquals any ofDoes not equal any of | If you use the Contains / Does not contain / Equals any of / Does not equal any of condition to scan Microsoft 365 Groups, enter the full user ID before domain ‘@’.If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group / Team / Viva Engage community property > Privacy | EqualsDoes not equal | |
| Group / Team / Viva Engage community property > Sensitivity label | ContainsDoes not containMatchesDoes not match | Due to the Microsoft Graph API limitations, only the final label value can be retrieved and used to configure conditions. For example, if an object’s sensitivity label is A/B/C/D, only D can be used to set conditions. |
| Group / Team / Viva Engage community property > Geo location | EqualsDoes not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| Group team site property > Archive status | Equals | Available options: Archived / Not archived |
| Group team site property > Created time | BeforeAfterOnWithinOlder than | |
| Group team site property > Custom property > Date and Time | BeforeAfterOnWithinOlder than | |
| Group team site property > Custom property > Number | >=<== | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions |
| Group team site property > Custom property > Text | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions. |
| Group team site property > Custom property > Yes/No | EqualsDoes not equal | |
| Group team site property > External sharing: AnyoneNew and existing guestsExisting guests onlyOnly people in your organization | EqualsDoes not equal | |
| Group team site property > Hub site name | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group team site property > Last activity (UTC) | BeforeAfterOnWithinOlder thanIs no detected activity | |
| Group team site property > Sensitivity label | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Group team site property > Site status | EqualsDoes not equal | Available options: Active / Locked (Read-only) / Locked (No access) |
| Group team site property > Size | >=<= | |
| Group team site property > Title | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Group team site property > URL | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
Project Site
| Criteria | Condition | Tip |
|---|---|---|
| Archive status | Equals | Available options: Archived / Not archived |
| Created time | BeforeAfterOnWithinOlder than | |
| Custom property > Date and Time | BeforeAfterOnWithinOlder than | |
| Custom property > Number | >=<== | |
| Custom property > Text | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Custom property > Yes/No | EqualsDoes not equal | |
| External sharing | EqualsDoes not equal | Available options: AnyoneNew and existing guestsExisting guests onlyOnly people in your organization |
| Primary administrator | ContainsEqualsEquals any of | If you want to configure multiple values for the Equals any of condition, separate the values with a semicolon (;). |
| Sensitivity label | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Geo location | EqualsDoes not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| Site status | EqualsDoes not equal | Available options: Active / Locked (Read-only) / Locked (No access) |
| Size | >=<= | |
| Template name | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Template title | ContainsEquals | |
| Title | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| URL | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
Exchange Public Folder
| Criteria | Condition | Tip |
|---|---|---|
| Display name | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Path | Is underIs not under |
Microsoft 365 User
| Criteria | Condition | Tip |
|---|---|---|
| City | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Company | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Usage location | EqualsDoes not equal | |
| Department | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Display name*Note: If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | |
| Domain | EqualsDoes not equal | |
| Email address | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Geo location | EqualsDoes not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| Group membership | ContainsDoes not containEqualsDoes not equalEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Job title | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Microsoft 365 subscription name | ContainsDoes not containEqualsDoes not equal | |
| Office | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Primary email domain | EqualsDoes not equalEquals any of | If you want to configure multiple values for the Equals any of condition, separate the values with a semicolon (;). |
| Sign-in status | EqualsDoes not equal | |
| State or province | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| User ID | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| ZIP/Postal code | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Property synced from on-premises: Distinguished nameDomain nameImmutable IDSAM account nameSecurity identifierUser principal name | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Sync status | EqualsDoes not equal | |
| User type | EqualsDoes not equal | Available options: MemberGuest |
| B2B invitation status | EqualsDoes not equal | Available options: AcceptedPending acceptance |
Security and Distribution Group
*Note: The Security and distribution group object type includes security groups, mail-enabled security groups, distribution lists, room lists, and dynamic distribution lists.
| Criteria | Condition | Tip |
|---|---|---|
| Group type:Security groupMail-enabled security groupDistribution listDynamic distribution list | EqualsDoes not equal | This criterion cannot be used to filter room list type distribution lists. |
| Display name | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Owner | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchIs not emptyIs a member of the group*Domain isEquals any ofDoes not equal any of | This criterion only scans users with the Exchange license assigned.Equals – If you use this condition to scan a Microsoft 365 Group which has more than one owner, you add each owner’s user ID using the Equals condition and apply the Or logic option to these Equals conditions.Equals / Does not equal / Contains / Does not contain / Matches / Does not match – If you use any of these conditions to scan Microsoft 365 Groups, enter the full user ID before domain ‘@’.Equals any of / Does not equal any of – Enter the full user ID before domain ‘@’, and separate the values with semicolon (;).Is a member of the group – This condition allows you to scan all Microsoft 365 Groups whose owner or at least one of their owners is a member of a group in Microsoft 365.If the owner is in a security group, enter the group name.If the owner is in a Microsoft 365 Group, distribution group, shared mailbox, or mail-enabled security group, enter the group ID before domain ‘@’.If the group you entered has nested groups, AvePoint Online Services will search members from the first five layers.This criterion cannot be used to filter dynamic distribution lists. |
| Member | ContainsDoes not containMatchesDoes not matchEquals any ofDoes not equal any ofIs not empty | This criterion only scans users with the Exchange license assigned.If you use the Contains / Does not contain / Equals any of / Does not equal any of condition to scan groups, enter the full user ID before domain ‘@’.If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;).This criterion cannot be used to filter dynamic distribution lists and room lists. |
| Primary email address | ContainsDoes not containEqualsDoes not equalMatchesDoes not matchEquals any ofDoes not equal any of | This criterion cannot be used to filter security groups, but it works for mail-enabled security groups.If you want to configure multiple values for the Equals any of or Does not equal any of condition, separate the values with a semicolon (;). |
| Created time | BeforeAfterOnWithinOlder than | |
| Custom attribute | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | This criterion cannot be used to filter security groups, but it works for mail-enabled security groups. |
| Custom property > Number | >=<== | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions.This criterion cannot be used to filter dynamic distribution lists and room lists. |
| Custom property > Text | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | For more information about extended properties, refer to this Microsoft article: Add custom data to groups using schema extensions.This criterion cannot be used to filter dynamic distribution lists and room lists. |
| Sync status | EqualsDoes not equal | This criterion cannot be used to filter room list type distribution lists. |
| Cloud Governance metadata | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | This criterion cannot be used to filter dynamic distribution lists and room lists. |
Loop Workspace
*Note: Currently, only the EnPower service supports configuring app profiles and scan profiles to scan Loop Workspace objects.
| Criteria | Condition | Tip |
|---|---|---|
| Created time | BeforeAfterOnWithinOlder than | |
| Geo location | EqualsDoes not equal | This criterion corresponds to the Preferred Data Location property in a multi-geo Microsoft 365 tenant. |
| Loop name | ContainsDoes not containEqualsDoes not equalMatchesDoes not match | |
| Sensitivity label | ContainsDoes not containEqualsDoes not equalMatchesDoes not match |
On this page