How to Enable Auditing in Exchange 2010

Hi Readers,

Writing the information that will guide in enabling auditing for user mailboxes. In Exchange 2010 this is new feature & advantageous in case you want to know who has deleted, moved emails from shared mailbox, delegated mailbox etc.

Some times for Messaging Admins these kinds of requests are quite common in which Security team, HR & Legal  requires these details.

  • Get the current auditing status for Particular mailbox:

Get-Mailbox  “MailboxAlias” | fl aud*

By default Auditing Enabled is False & below screen shot shows default values.Capture1

  • Set the mailbox auditing  for Particular mailbox:

Get-Mailbox “MailboxAlias” | Set-Mailbox -AuditEnabled $true

You can set other values as well by using above command, like age of auditing. Same        way you can set various other options & disable auditing as well.

Capture2

  • There can be a situation where system mailboxes accesses mailboxes & those are coming in audit log so those system mailboxes can be by passed by using below command.

Set-MailboxAuditBypassAssociation -Identity “svc_Account” -AuditBypassEnabled $true

you can also check the Auditbypass for the svc account

Get-MailboxAuditBypassAssociation “svc_Account”

  • Now how to check these audit logs: you can use ECP for this purpose:

Capture4

 

Run Non owner Mailbox access report:

Capture5

 

Regards

Sukhija Vikas

http://msexchange.me

 

Advertisements

One thought on “How to Enable Auditing in Exchange 2010

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s