Mailbox Auditing SHALL Be Enabled

Description

Mailbox auditing helps users investigate compromised accounts or discover illicit access to Exchange Online. Some actions performed by administrators, delegates, and owners are logged automatically. While mailbox auditing is enabled by default, organizations should ensure that it has not been inadvertently disabled.

Policy

Mailbox auditing SHALL be enabled

Licensing Considerations

• Exchange Online Protection

Set Up Instructions

Mailbox auditing can be enabled from the Exchange Online PowerShell. Follow the

instructions listed on Manage mailbox auditing in Office 365.

End-User Impact

Level: None

There is no end-user impact for this setting

Tips

None Currently

PowerShell Scripts

https://docs.microsoft.com/en-us/microsoft-365/compliance/enable-mailbox-auditing?view=o365-worldwide

To check the current mailbox auditing status via PowerShell:

Connect to the Exchange Online PowerShell.
Run the following command:

Get-OrganizationConfig | Format-List AuditDisabled.

To enable mailbox auditing

Set-OrganizationConfig –AuditDisabled $false.

Videos

PreviousIP Allow Lists SHOULD NOT be Implemented NextAlerts SHALL Be Enabled

Last updated 11 months ago