Scribd
Upload
89 views1 page

Exchange Online Mailbox Auditing Quick Reference Guide PDF

This quick reference guide provides instructions for enabling mailbox auditing in Exchange Online to log access to shared mailboxes. It outlines how to enable auditing for individual mailboxes or all user mailboxes via PowerShell commands. It also describes how to view audit logs and reports in the Exchange Admin Center. Actions that can be logged include copying, creating folders, deleting messages, moving mailboxes, sending messages as or on behalf of other users. The guide recommends granting the audit logs role to other users to view logs besides administrators by default.

Uploaded by

fptstop
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
89 views1 page

Exchange Online Mailbox Auditing Quick Reference Guide PDF

This quick reference guide provides instructions for enabling mailbox auditing in Exchange Online to log access to shared mailboxes. It outlines how to enable auditing for individual mailboxes or all user mailboxes via PowerShell commands. It also describes how to view audit logs and reports in the Exchange Admin Center. Actions that can be logged include copying, creating folders, deleting messages, moving mailboxes, sending messages as or on behalf of other users. The guide recommends granting the audit logs role to other users to view logs besides administrators by default.

Uploaded by

fptstop
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Quick Reference Guide

Exchange Online Mailbox Auditing


This quick reference guide shows how to enable logging of access to shared mailboxes
on Exchange Online

Mailbox Audit Logging


Enabling audit logging for a mailbox logs all access to that mailbox by Exchange Online administrators or users
with delegated permissions.
Connect to your Exchange Online server by running the following commands in PowerShell or
Exchange Management Shell (url2open.com/ems) as administrator:
$UserCredential = Get-Credential
$Session = New-PSSession -CongurationName Microsoft.Exchange -ConnectionUri https://outlook.oce365.com/
powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
To enable or disable mailbox audit logging granularly on each
mailbox (recommended), use the Set-Mailbox cmdlet:
To enable audit: Set-Mailbox Identity TestUser -AuditEnabled $true
To disable audit: Set-Mailbox Identity TestUser AuditEnabled $false
To enable audit for all users mailboxes, use this script:

Mailbox Actions
Logged:

$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq


'UserMailbox')}
$UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}

Manage
Mailbox
Audit
via
Management Shell or PowerShell

Exchange

Check whether audit is enabled:


Get-Mailbox | FL Name,AuditEnabled #A value of True for the
AuditEnabled property veries that audit logging is enabled
Retrieve mailbox audit log entries for specied mailbox:
Search-MailboxAuditLog TestUser -LogonTypes Admin,Delegate -ShowDetails
Send all mailbox audit log entries to specied email address:
New-MailboxAuditLogSearch -StatusMailRecipients [email protected]
#Note that you will be asked for start and end dates

Manage Mailbox Audit via Exchange Admin


Center (EAC)
Review non-owner access to mailboxes with audit enabled:
Navigate to Compliance Management > Auditing and click Run a
non-owner mailbox access report.
View details about non-owner access to a specic mailbox: Click the
mailbox in the report.
Export mailbox audit logs: Navigate to Compliance Management >
Auditing and click Export mailbox audit logs.

Copy

Create
FolderBind
HardDelete
MessageBind
Move
MoveToDeletedItems
SendAs
SendOnBehalf
SoftDelete
Update

For more details about these actions,


please see url2open.com/mailboxaudit

Assigning the Audit


Logs Role to a User:
By default, only administrators have
access to audit logs.
To grant access to another user, use the
New-ManagementRoleAssignment cmdlet
(url2open.com/nmra).

Gain #completevisibility into changes and non-owner mailbox access in


hybrid cloud IT environments with Netwrix Auditor for Oce 365:
netwrix.com/go/trial-o365
Corporate Headquarters:

Phone: 1-949-407-5125

Int'l: 1-949-407-5125

300 Center Drive, Suite 1100, Irvine, CA 92618

Toll-free: 888-638-9749

EMEA: 44 (0) 203-318-0261

netwrix.com/social

You might also like