Forum Discussion
The Big Flaw in Exchange Online Auditing
You can capture Exchange mailbox events in the Office 365 audit log, but only if you remember to enable auditing for target mailboxes. Exchange Online doesn’t enable new mailboxes for auditing by default, so administrators must remember to enable the mailboxes manually – and check for new mailboxes periodically. If you don’t, nothing is recorded and your audit log will be empty
3 Replies
Here are related links which explains how you can better audit your Exchange Online environment.
https://technet.microsoft.com/en-us/library/jj150497(v=exchg.150).aspx
https://support.office.com/en-us/article/Enable-mailbox-auditing-in-Office-365-aaca8987-5b62-458b-9882-c28476a669181. The Exchange auditing reports are worse than useless. I don't know why they are still in Exchange Online given that the Office 365 Audit Log is available.
2. The suggestion in the article is to configure mailbox auditing on an ongoing basis. My view is that Microsoft should update the mailbox plans to support the enablement of auditing for mailboxes automatically, thus nullifying the need to keep on going back to check for non-enabled mailboxes.
3. I wouldn't use Lepide software if I was paid (based on previous experience). There are far better solutions available on the market if you want to track down issues like mailboxes that are not enabled for auditing, including https://www.cogmotive.com/ and https://www.4ward365.com/.
I don't publish these kind of articles without doing some research... For more information on mailbox auditing, see https://practical365.com/ebooks/office-365-for-it-pros/ or any of the books I have written about Exchange on-premises server over the years!
Re-read, and decided my question was completely ridiculous:). I see the answer in your OP and the linked article. Thanks.
