Enable Mailbox Auditing on Office 365

Written By Luke Kavanagh

1. Run Powershell as admin

2. Enter the command but change [email protected] to your account:

Connect-ExchangeOnline -UserPrincipalName [email protected]

3. Enter your Office365 admin details

4. Enter the following For User Mailboxes:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true For Shared mailboxes: Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "SharedMailbox"} | Set-Mailbox -AuditEnabled $true

5. Enter the following For User Mailboxes:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditOwner @{Add="Create", "HardDelete", "MailboxLogin", "Move", "MoveToDeletedItems", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules"}

6. For Shared mailboxes:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq " SharedMailbox"} | Set-Mailbox -AuditOwner @{Add="Create", "HardDelete", "MailboxLogin", "Move", "MoveToDeletedItems", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules"}

Step 7. Check to see if it has worked by running the following

For User Mailboxes:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | FL Name,Audit*

For Shared mailboxes:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "SharedMailbox"} | FL Name,Audit*

Sourced from Microsoft support who provided the link: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing

Luke Kavanagh
Previous

How to check User and Shared Mailbox Forwards in O365