Auditing Reports in Exchange Online
Introduction:
Auditing in Exchange Admin Center means troubleshooting the configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements.
Exchange provides two types of audit logging:
- Administrator audit logging.
- Mailbox audit logging.
Note: You must enable mailbox audit logging for each mailbox so that audited events are saved to the audit log for that mailbox.
Enabling Mailbox Audit Logging
You need to use Remote PowerShell connected to your exchange, you can’t use EAC.
Connect to Exchange Online using PowerShell.
- Open Windows PowerShell and run command.
$UserCredential = Get-Credential
- In Windows PowerShell credential request, enter your Office 365 global admin account username and password.
- Run the following command.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
- Run the following command.
Import-PSSession $Session
- To verify that you’re connected to your Exchange Online organization, run the following command to get a list of all the mailboxes in your organization.
Get-Mailbox
- This command enables mailbox audit logging for all user mailboxes in your organization.
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true
- You can see in above image AuditEnable is showing True, means mailbox audit logging has been enables for the mailboxes.
Run a non-owner mailbox access report.
Run the admin audit log report – Administrator auditing logging is enabled by default.
- In the EAC, go to Compliance Management > Auditing and choose Run the admin audit log report.
- Choose Start date and End date. And then choose Search. All configuration changes made during the specified time are displayed.
Similarly, you can run audit report for In-Place eDiscovery & hold, Litigation hold report, administrator role group report & external admin audit log report.
Also, you can export the log report for Mailbox and the admin.
Exporting the admin audit log report
- In the EAC, go to Compliance Management > Auditing > Export the admin audit log.
- Mention Start date and End date and select the User whom you want to send the audit log. Click OK and Export.
- Audit log entries are saved to an XML file that is attached to a message and sent to the specified recipients within 24 hours.
Conclusion:
You can enable mailbox audit logging, generating reports and audit logs in Exchange Online using Exchange Admin Center.