3 min read
Mailboxes are a very important part of every organization since they can contain high business impact (HBI) information and personally identifiable information (PII). This makes it essential to keep track of every activity taking place in the Exchange environment. When it comes to mailbox access, tracking the access of non-owners is a very important part of ensuring that mailboxes are being used correctly.
Mailbox audit logging is a feature of Microsoft Exchange that helps you keep track of mailboxes accessed by the owner, delegates and the administrator. It audits logon entries such as client IP address, host name and process or client used to access the mailbox. To run a non-owner mailbox access report, you must first enable mailbox audit logging by running the following command:
Get-Mailbox *{Identity} | Set-Mailbox -AuditEnabled:$true
Running a non-owner mailbox access report
1. Login into Exchange Admin Center (EAC) →Compliance Management →Auditing →Run a non-owner mailbox access report.
2. Select the mailboxes you want to audit, and click on OK.
3. After adding the mailboxes, in the next tab search for the mailboxes accessed by non-owners.
4. After selecting the mailboxes, the next step is to export the report.
5. To export the report you have to make certain changes in the attachment settings as these reports are generally generated in the form of XML which is by default blocked.
Run the following command to add the .xml file in the allowed file types:
Run the following command to remove the .xml file from the blocked file types:
6. This will send the Exported logs to the defined user/auditor as an .XML attachment. The user/auditor can access these logs using outlook or webmail.
The above method requires a sound knowledge of Exchange management shell and the process can be time-consuming and complex. Fortunately, many automated third-party solutions are available at cost-effective prices, such as Lepide Exchange Server Auditor, that allow continuous monitoring and reporting on a variety of factors, including non-owner mailbox access.
Auditing non-owner mailbox access by using Lepide Exchange Server Auditor
Auditing with Lepide Exchange Server Auditor is a simple two-step process.
1. Select your domain, and select the Mailbox Accessed by Non-Owners in Exchange Modification Reports.
2. Set the filters as per your preference and generate the report.
Conclusion:
Auditing non-owner mailbox access is a vital aspect of ensuring you mailboxes remain safe and secure. Administrators have several options when it comes to auditing; namely native processes and third-party solutions, such as Lepide Exchange Server Auditor. Whichever method you opt for will depend on how technically proficient you are with the Exchange management shell and how much free time you have to dedicate yourself to continuous audits. In many cases, opting for an automated solution will not only save time but also generate more frequent and in-depth reports that could be useful to your organization.
Top 10 Most Important Group Policy Settings for Preventing Security Breaches
15 Common Types of Cyber Attacks and How to Mitigate Them
Common Causes of Frequent Active Directory Account Lockouts