How to audit non-owner mailbox access in Exchange 2016

by Ajit Singh
10.26.2016   Auditing

lepide-post-img

Mailboxes are a very important part of every organization since they can contain high business impact (HBI) information and personally identifiable information (PII). This makes it essential to keep track of every activity taking place in the Exchange environment. When it comes to mailbox access, tracking the access of non-owners is a very important part of ensuring that mailboxes are being used correctly.

Mailbox audit logging is a feature of Microsoft Exchange that helps you keep track of mailboxes accessed by the owner, delegates and the administrator. It audits logon entries such as client IP address, host name and process or client used to access the mailbox. To run a non-owner mailbox access report, you must first enable mailbox audit logging by running the following command:

Get-Mailbox *{Identity} | Set-Mailbox -AuditEnabled:$true

1

Running a non-owner mailbox access report

1. Login into Exchange Admin Center (EAC) →Compliance Management →Auditing →Run a non-owner mailbox access report.

2

2. Select the mailboxes you want to audit, and click on OK.

umendra

3. After adding the mailboxes, in the next tab search for the mailboxes accessed by non-owners.

4

4. After selecting the mailboxes, the next step is to export the report.

8

5. To export the report you have to make certain changes in the attachment settings as these reports are generally generated in the form of XML which is by default blocked.

Run the following command to add the .xml file in the allowed file types:

6

Run the following command to remove the .xml file from the blocked file types:

7

6. This will send the Exported logs to the defined user/auditor as an .XML attachment. The user/auditor can access these logs using outlook or webmail.

The above method requires a sound knowledge of Exchange management shell and the process can be time-consuming and complex. Fortunately, many automated third-party solutions are available at cost-effective prices, such as LepideAuditor for Exchange, that allow continuous monitoring and reporting on a variety of factors, including non-owner mailbox access.

Auditing non-owner mailbox access by using LepideAuditor for Exchange

Auditing with LepideAuditor for Exchange is a simple two-step process.

1. Select your domain, and select the Mailbox Accessed by Non-Owners in Exchange Modification Reports.

9

2. Set the filters as per your preference and generate the report.

10

Conclusion:

Auditing non-owner mailbox access is a vital aspect of ensuring you mailboxes remain safe and secure. Administrators have several options when it comes to auditing; namely native processes and third-party solutions, such as LepdieAuditor for Exchange. Whichever method you opt for will depend on how technically proficient you are with the Exchange management shell and how much free time you have to dedicate yourself to continuous audits. In many cases, opting for an automated solution will not only save time but also generate more frequent and in-depth reports that could be useful to your organization.


LepideĀ® is a Registered Trademarks of Lepide Software Private Limited. Ā© Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.