Auditing Reports in Exchange Online - CloudFronts

Auditing Reports in Exchange Online

Posted On November 14, 2017 by Abhishek Kumar Posted in 

Introduction:

Auditing in Exchange Admin Center means troubleshooting the configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements.

Exchange provides two types of audit logging:

  • Administrator audit logging.
  • Mailbox audit logging.

Note: You must enable mailbox audit logging for each mailbox so that audited events are saved to the audit log for that mailbox.

Enabling Mailbox Audit Logging

You need to use Remote PowerShell connected to your exchange, you can’t use EAC.

Connect to Exchange Online using PowerShell.

  1. Open Windows PowerShell and run command. 
    $UserCredential = Get-Credential
  2. In Windows PowerShell credential request, enter your Office 365 global admin account username and password.PowerShell login
  3. Run the following command. 
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  4. Run the following command. 
    Import-PSSession $Session
  5. To verify that you’re connected to your Exchange Online organization, run the following command to get a list of all the mailboxes in your organization.
    Get-Mailbox
    Get Mailbox
  6. This command enables mailbox audit logging for all user mailboxes in your organization. 
    Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true

    Enabled mailbox

  7. You can see in above image AuditEnable is showing True, means mailbox audit logging has been enables for the mailboxes.

Run a non-owner mailbox access report.

  • In the EAC, go to Compliance ManagementAuditing.
  • Click Run a non-owner mailbox access report.
    Auditing
  • Click Run a non-owner mailbox access report, you can specify dates and select mailbox for whom you want to view edit log.

    • Mailbox access report

    Run the admin audit log report – Administrator auditing logging is enabled by default.

    1. In the EAC, go to Compliance Management > Auditing and choose Run the admin audit log report.
      Admin audit log
    2. Choose Start date and End date. And then choose Search. All configuration changes made during the specified time are displayed.
      Audit log report

    Similarly, you can run audit report for In-Place eDiscovery & hold, Litigation hold report, administrator role group report & external admin audit log report.

    Also, you can export the log report for Mailbox and the admin.

    Exporting the admin audit log report

    1. In the EAC, go to Compliance Management > Auditing > Export the admin audit log.
      Export the admin audit log
    2. Mention Start date and End date and select the User  whom you want to send the audit log. Click OK and Export.
      Send audit log
    3. Audit log entries are saved to an XML file that is attached to a message and sent to the specified recipients within 24 hours.

    Conclusion:

    You can enable mailbox audit logging, generating reports and audit logs in Exchange Online using Exchange Admin Center.

     

    Related posts:

    Azure Blob Storage: Features, Benefits, And Usage
    Use Database Access Intent List to Boost Performance in Business Central
    Setting Up Business Central On-Premise (BC-230) on a Virtual Machine
    How to create Virtual Machine on Azure Portal?

    Share Story :

    SEARCH BLOGS :

    FOLLOW CLOUDFRONTS BLOG :


    Secured By miniOrange