Skip to content

Get the Most Out of Exchange Online Mailbox Auditing

Everything You Need to Know About Exchange Online Mailbox Auditing Image

The Best Practices for Exchange Online Mailbox Auditing. Exchange Online Mailbox Permission Review: Mailboxes are a treasure trove of personal information and sensitive business data, especially if they contain the most sensitive information in your organization.

Everything You Need to Know About Exchange Online Mailbox Auditing

One of the first things hackers do after breaking into your network is trying to find accounts with higher privileges and gain access to them. Also, They may even block others from accessing those account mailboxes, creating chaos.

How to Audit Exchange Online Mailbox

Mailbox auditing is disabled by default for all Exchange Online Mailboxes. To view the audit logs, you must manually enable the Exchange mailbox auditing.

The native Microsoft 365 portal does not support auditing mailboxes in bulk at all. You must either enable auditing separately for each mailbox or use scripting to automate the process for each mailbox.

Even if you are an expert in scripting, this can still take a lot of time if your organization has many mailboxes. That’s where M365 Manager Plus comes in.

M365 Manager Plus lets you enable auditing for any number of Mailboxes with just a couple of clicks, all without a single script.

You can:

  • Determine which mailboxes are auditing disabled
  • Also, Enable mailbox auditing

Mailbox Audit Permission

The Essential Guide to Exchange Online Mailbox Auditing. Mailbox permissions allow you to access the content of the mailbox. That includes not just the inbox, but also the folders, calendars, and contacts in the mailbox. That’s why it’s important to be careful when giving delegate access to the mailbox. Delegates don’t get elevated privileges unless you give them.

Agents can have full access to the mailbox:

  • They can open mailboxes
  • They can view, add and delete content
  • Also, They can’t send emails from the mailbox

They can send as:

  • An authorized representative sends emails from the delegate’s mailbox or group without revealing their identity
  • Also, The emails appear to come from the delegate’s mailbox or group

They can send it on behalf of

How to Export Mailbox Audit Logs in Exchange Online

  • When mailbox audit, Exchange Online records information in a mailbox audit log every time a non-owner accesses it. The log entry contains information such as:
  • Who accessed the mailbox
  • When did they do so?
  • What actions did they take?
  • Also, Did they succeed?
  • By default, the entries in the audit log are kept for 90 days.
  • You can use the audit log to check if a non-owner has accessed the mailbox.

How do I know if it worked?

  • You will receive a message from Exchange if you have successfully exported the mailbox audit logs. It may take a couple of days to receive the message. The message will attach.
  • The XML file (searchresult.xml) is saved by Exchange Online and attached to the email message that is sent to the recipients.
  • If you have set up Outlook on the Web to allow for XML attachments, please download the XML file.

Everything You Need to Know About Exchange Online Mailbox Auditing Image
Everything You Need to Know About Exchange Online Mailbox Auditing; Image by Gerd Altmann from Pixabay.
Author