Wednesday 18 July 2018

Enabling Mailbox Auditing in Office 365

Mailbox Auditing is not enabled by default in Office 365. Mailbox Auditing is a security flag when you check the Security Score of your tenant. The Security Centre states that Mailbox Auditing should be abled for at least 90% of the mailboxes in your organisation.

Mailbox Auditing allows administrators to search the audit log for mailbox activity.

Imports the Office 365 Module
Import-Module MSOnline

Stores the Global Admin Creds in a Variable
$UserCredential = Get-Credential

Connects to the Tenant using the Variable
Connect-MsolService = $UserCredential

Creates a Session to Exchange Online and Stores in Variable
$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri -Credential $UserCredential –Authentication Basic -AllowRedirection

Import-PSSession $Session

Enables Mailbox Auditing for all Users
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true

Verifies that Mailbox Auditing is Enabled, if so “True” will be returned
Get-Mailbox "Username"| FL Audit*