Forum Discussion
Auditing an O365 shared mailbox
I have turned on auditing on an Office 365 shared mailbox, but when I do a search at the audit logs I get zero results.
I've expanded from the standard auditing and added the parameters "harddelete...
I started with-
set-mailbox -identity "name" -auditenabled $true
then i specified actions with-
set-mailbox "name" -auditdelegate @{add="softdelete", "harddelete"}
After i checked with-
get-mailbox "name" | FL Audit*
following VasilMichev's reply, please perform a search using Search-MailboxAuditLog cmdlet
https://technet.microsoft.com/en-us/library/ff522360(v=exchg.160).aspx
Also, you can try searching audit logs in Security and Compliance center, or by running Search-UnifiedAuditLog cmdlet