Azure · TwistedAlex · Mar 18, 2026
@@ -8,9 +8,9 @@
     "connectorUiConfig": {
       "id": "ZoomReportsConnector",
       "title": "Zoom Reports Connector (via Codeless Connector Framework)",
-      "publisher": "Zoom",
-      "descriptionMarkdown": "The [Zoom Reports](https://developers.zoom.us/docs/api/) data connector enables you to ingest Zoom Reports data into Microsoft Sentinel through the Zoom REST API v2, allowing you to monitor and audit Zoom usage across your organization. This connector uses server-to-server OAuth account credentials for authentication and supports ingestion of multiple report types including Daily Usage Reports for meeting statistics and usage metrics, User Reports for active/inactive user host information, Telephony Reports for telephony usage statistics, Cloud Recording Usage Reports for cloud storage and recording usage, Operation Logs for administrative operations and audit trail, and Activity Logs for user sign-in/sign-out activities. Each report type is collected in a separate polling configuration with automatic pagination support using NextPageToken, polling every 5 minutes per 7-day window with a rate limit of 2 queries per second per endpoint and up to 3 automatic retries with exponential backoff. The data connector is built on Microsoft Sentinel Codeless Connector Platform and supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) for optimized query performance.",
-      "graphQueriesTableName": "Zoom_CL",
+      "publisher": "Microsoft",
+      "descriptionMarkdown": "The [Zoom Reports](https://developers.zoom.us/docs/api/) data connector enables you to ingest Zoom Reports data into Microsoft Sentinel through the Zoom REST API v2, allowing you to monitor and audit Zoom usage across your organization. This connector uses server-to-server OAuth account credentials for authentication and supports ingestion of multiple report types including Daily Usage Reports for meeting statistics and usage metrics, User Reports for active/inactive user host information, Telephony Reports for telephony usage statistics, Cloud Recording Usage Reports for cloud storage and recording usage, Operation Logs for administrative operations and audit trail, and Activity Logs for user sign-in/sign-out activities. Each report type is collected in a separate polling configuration with automatic pagination support using NextPageToken. The data connector is built on Microsoft Sentinel Codeless Connector Platform and supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) for optimized query performance.",
+      "graphQueriesTableName": "ZoomV2_CL",
       "graphQueries": [
         {
           "metricName": "Total Records",
@@ -29,13 +29,13 @@
         },
         {
           "description": "Reports by type",
-          "query": "{{graphQueriesTableName}}\n| summarize count() by event_type_s"
+          "query": "{{graphQueriesTableName}}\n| summarize count() by EventType"
         }
       ],
       "dataTypes": [
         {
-          "name": "Zoom_CL",
-          "lastDataReceivedQuery": "Zoom_CL\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
+          "name": "ZoomV2_CL",
+          "lastDataReceivedQuery": "ZoomV2_CL\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
         }
       ],
       "connectivityCriteria": [
@@ -66,10 +66,6 @@
           {
             "name": "Zoom API access",
             "description": "Access to Zoom REST API v2 with account credentials"
-          },
-          {
-            "name": "If you've used an `Azure Functions` based connector that uses the same table Zoom_CL before",
-            "description": "Migrate your classic custom table to use the CCF connector. Open your `Log Analytics Workspace` attached to the current `Microsoft Sentinel Workspace`, find the existing Zoom_CL and edit its schema, then click `Migrate to manual schema management` to migrate. Please close the current data connector page and reopen it after migration to see the effect, in case you run into errors asking for table migration."
           }
         ]
       },
@@ -153,7 +149,7 @@
             {
               "type": "Markdown",
               "parameters": {
-                "content": "### Activate the Connector\r\n\r\nReview your Zoom App credentials found in Step 2, then enable the connector to begin collecting Zoom Reports data.\r\n\r\n### Monitoring\r\n\r\nCheck data arrival using these queries:\r\n\r\n**Check all report types:**\r\n```kusto\r\nZoom_CL\r\n| where TimeGenerated > ago(30m)\r\n| summarize Records = count() by event_type_s\r\n```\r\n\r\n**Check specific report type:**\r\n```kusto\r\nZoom_CL\r\n| where event_type_s == 'dates'\r\n| where TimeGenerated > ago(1h)\r\n| limit 10\r\n```\r\n\r\n**Monitor connector health:**\r\n```kusto\r\nZoom_CL\r\n| where TimeGenerated > ago(24h)\r\n| summarize LastRecord = max(TimeGenerated), RecordCount = count() by event_type_s\r\n| order by LastRecord desc\r\n```"
+                "content": "### Activate the Connector\r\n\r\nReview your Zoom App credentials found in Step 2, then enable the connector to begin collecting Zoom Reports data.\r\n\r\n### Monitoring\r\n\r\nCheck data arrival using these queries:\r\n\r\n**Check all report types:**\r\n```kusto\r\nZoomV2_CL\r\n| where TimeGenerated > ago(30m)\r\n| summarize Records = count() by EventType\r\n```\r\n\r\n**Check specific report type:**\r\n```kusto\r\nZoomV2_CL\r\n| where EventType == 'dates'\r\n| where TimeGenerated > ago(1h)\r\n| limit 10\r\n```\r\n\r\n**Monitor connector health:**\r\n```kusto\r\nZoomV2_CL\r\n| where TimeGenerated > ago(24h)\r\n| summarize LastRecord = max(TimeGenerated), RecordCount = count() by EventType\r\n| order by LastRecord desc\r\n```"
               }
             },
             {

@@ -1,12 +1,12 @@
 {
-  "name": "ZoomReportsDCR",
+  "name": "ZoomReportsV2DCR",
   "apiVersion": "2023-03-11",
   "type": "Microsoft.Insights/dataCollectionRules",
   "location": "{{location}}",
   "properties": {
     "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
     "streamDeclarations": {
-      "Custom-ZoomReportsGeneral_CL": {
+      "Custom-ZoomReportsV2General_CL": {
         "columns": [
           {
             "name": "TimeGenerated",
@@ -20,6 +20,10 @@
             "name": "event_name",
             "type": "string"
           },
+          {
+            "name": "custom_attributes",
+            "type": "dynamic"
+          },
           {
             "name": "dept",
             "type": "string"
@@ -178,7 +182,7 @@
           }
         ]
       },
-      "Custom-ZoomReportsUser_CL": {
+      "Custom-ZoomReportsV2User_CL": {
         "columns": [
           {
             "name": "TimeGenerated",
@@ -250,23 +254,23 @@
     "dataFlows": [
       {
         "streams": [
-          "Custom-ZoomReportsGeneral_CL"
+          "Custom-ZoomReportsV2General_CL"
         ],
         "destinations": [
           "clv2ws1"
         ],
-        "outputStream": "Custom-Zoom_CL",
-        "transformKql": "source | extend TimeGenerated = now() , event_type_s = ['event_type'] , event_name_s = ['event_name'] , dept_s = ['dept'] , email_s = ['email'] , id_s = ['id'] , meeting_minutes_d = ['meeting_minutes'] , meetings_d = ['meetings'] , participants_d = ['participants'] , type_s = tostring(['type']) , user_name_s = ['user_name'] , usage_s = ['usage'] , plan_usage_s = ['plan_usage'] , free_usage_s = ['free_usage'] , date_s = ['date'] , new_users_d = ['new_users'] , operator_s = ['operator'] , action_s = ['action'] , category_type_s = ['category_type'] , operation_detail_s = ['operation_detail'] , time_t = ['time'] , ip_address_s = ['ip_address'] , client_type_s = ['client_type'] , call_in_number_s = ['call_in_number'] , country_name_s = ['country_name'] , duration_d = ['duration'] , end_time_t = ['end_time'] , host_email_s = ['host_email'] , host_name_s = ['host_name'] , host_id_s = ['host_id'] , meeting_id_d = ['meeting_id'] , meeting_type_s = ['meeting_type'] , phone_number_s = ['phone_number'] , rate_d = ['rate'] , signaled_number_s = ['signaled_number'] , start_time_t = ['start_time'] , total_d = ['total'] , uuid_s = ['uuid'] , version_s = ['version'] , last_client_version_s = ['last_client_version'] , last_login_time_t = ['last_login_time'] , create_time_t = ['create_time'] | project TimeGenerated , event_type_s , event_name_s , dept_s , email_s , id_s , meeting_minutes_d , meetings_d , participants_d , type_s , user_name_s , usage_s , plan_usage_s , free_usage_s , date_s , new_users_d , operator_s , action_s , category_type_s , operation_detail_s , time_t , ip_address_s , client_type_s , call_in_number_s , country_name_s , duration_d , end_time_t , host_email_s , host_name_s , host_id_s , meeting_id_d , meeting_type_s , phone_number_s , rate_d , signaled_number_s , start_time_t , total_d , uuid_s , version_s , last_client_version_s , last_login_time_t , create_time_t"
+        "outputStream": "Custom-ZoomV2_CL",
+        "transformKql": "source | extend TimeGenerated = now() , EventType = ['event_type'] , EventName = ['event_name'] , CustomAttributes = ['custom_attributes'] , Dept = ['dept'] , Email = ['email'] , Id = ['id'] , MeetingMinutes = ['meeting_minutes'] , Meetings = ['meetings'] , Participants = ['participants'] , ActivityType = tostring(['type']) , UserName = ['user_name'] , Usage = ['usage'] , PlanUsage = ['plan_usage'] , FreeUsage = ['free_usage'] , ReportDate = ['date'] , NewUsers = ['new_users'] , Operator = ['operator'] , Action = ['action'] , CategoryType = ['category_type'] , OperationDetail = ['operation_detail'] , Time = ['time'] , IpAddress = ['ip_address'] , ClientType = ['client_type'] , CallInNumber = ['call_in_number'] , CountryName = ['country_name'] , Duration = ['duration'] , EndTime = ['end_time'] , HostEmail = ['host_email'] , HostName = ['host_name'] , HostId = ['host_id'] , MeetingId = ['meeting_id'] , MeetingType = ['meeting_type'] , PhoneNumber = ['phone_number'] , Rate = ['rate'] , SignaledNumber = ['signaled_number'] , StartTime = ['start_time'] , Total = ['total'] , Uuid = ['uuid'] , Version = ['version'] , LastClientVersion = ['last_client_version'] , LastLoginTime = ['last_login_time'] , CreateTime = ['create_time'] | project TimeGenerated , EventType , EventName , CustomAttributes , Dept , Email , Id , MeetingMinutes , Meetings , Participants , ActivityType , UserName , Usage , PlanUsage , FreeUsage , ReportDate , NewUsers , Operator , Action , CategoryType , OperationDetail , Time , IpAddress , ClientType , CallInNumber , CountryName , Duration , EndTime , HostEmail , HostName , HostId , MeetingId , MeetingType , PhoneNumber , Rate , SignaledNumber , StartTime , Total , Uuid , Version , LastClientVersion , LastLoginTime , CreateTime"
       },
       {
         "streams": [
-          "Custom-ZoomReportsUser_CL"
+          "Custom-ZoomReportsV2User_CL"
         ],
         "destinations": [
           "clv2ws1"
         ],
-        "outputStream": "Custom-Zoom_CL",
-        "transformKql": "source | extend TimeGenerated = now() , event_type_s = ['event_type'] , event_name_s = ['event_name'] , id_s = ['id'] , dept_s = ['dept'] , email_s = ['email'] , meeting_minutes_d = ['meeting_minutes'] , meetings_d = ['meetings'] , participants_d = ['participants'] , type_d = ['type'] , user_name_s = ['user_name'] , last_client_version_s = ['last_client_version'] , last_login_time_t = ['last_login_time'] , create_time_t = ['create_time'] | project TimeGenerated , event_type_s , event_name_s , id_s , dept_s , email_s , meeting_minutes_d , meetings_d , participants_d , type_d , user_name_s , last_client_version_s , last_login_time_t , create_time_t"
+        "outputStream": "Custom-ZoomV2_CL",
+        "transformKql": "source | extend TimeGenerated = now() , EventType = ['event_type'] , EventName = ['event_name'] , Id = ['id'] , Dept = ['dept'] , Email = ['email'] , MeetingMinutes = ['meeting_minutes'] , Meetings = ['meetings'] , Participants = ['participants'] , UserType = ['type'] , UserName = ['user_name'] , LastClientVersion = ['last_client_version'] , LastLoginTime = ['last_login_time'] , CreateTime = ['create_time'] | project TimeGenerated , EventType , EventName , Id , Dept , Email , MeetingMinutes , Meetings , Participants , UserType , UserName , LastClientVersion , LastLoginTime , CreateTime"
       }
     ]
   }

@@ -50,9 +50,9 @@
         "pageSizeParameterName": "page_size"
       },
       "connectorDefinitionName": "ZoomReportsConnector",
-      "dataType": "Zoom",
+      "dataType": "ZoomV2",
       "dcrConfig": {
-        "streamName": "Custom-ZoomReportsGeneral_CL",
+        "streamName": "Custom-ZoomReportsV2General_CL",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
         "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
       },
@@ -113,9 +113,9 @@
         "pageSizeParameterName": "page_size"
       },
       "connectorDefinitionName": "ZoomReportsConnector",
-      "dataType": "Zoom",
+      "dataType": "ZoomV2",
       "dcrConfig": {
-        "streamName": "Custom-ZoomReportsUser_CL",
+        "streamName": "Custom-ZoomReportsV2User_CL",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
         "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
       },
@@ -176,9 +176,9 @@
         "pageSizeParameterName": "page_size"
       },
       "connectorDefinitionName": "ZoomReportsConnector",
-      "dataType": "Zoom",
+      "dataType": "ZoomV2",
       "dcrConfig": {
-        "streamName": "Custom-ZoomReportsGeneral_CL",
+        "streamName": "Custom-ZoomReportsV2General_CL",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
         "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
       },
@@ -239,9 +239,9 @@
         "pageSizeParameterName": "page_size"
       },
       "connectorDefinitionName": "ZoomReportsConnector",
-      "dataType": "Zoom",
+      "dataType": "ZoomV2",
       "dcrConfig": {
-        "streamName": "Custom-ZoomReportsGeneral_CL",
+        "streamName": "Custom-ZoomReportsV2General_CL",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
         "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
       },
@@ -302,9 +302,9 @@
         "pageSizeParameterName": "page_size"
       },
       "connectorDefinitionName": "ZoomReportsConnector",
-      "dataType": "Zoom",
+      "dataType": "ZoomV2",
       "dcrConfig": {
-        "streamName": "Custom-ZoomReportsGeneral_CL",
+        "streamName": "Custom-ZoomReportsV2General_CL",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
         "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
       },
@@ -365,9 +365,9 @@
         "pageSizeParameterName": "page_size"
       },
       "connectorDefinitionName": "ZoomReportsConnector",
-      "dataType": "Zoom",
+      "dataType": "ZoomV2",
       "dcrConfig": {
-        "streamName": "Custom-ZoomReportsGeneral_CL",
+        "streamName": "Custom-ZoomReportsV2General_CL",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
         "dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
       },

@@ -14,8 +14,8 @@
     "Workbooks/ZoomReports.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\solutions\\ZoomReports",
-  "Version": "3.0.6",
-  "DataConnectorCCFVersion": "3.0.6",
+  "Version": "3.0.7",
+  "DataConnectorCCFVersion": "3.0.7",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false