Forum Discussion

Jacob Airov's avatar
Jacob Airov
Copper Contributor
Feb 02, 2018

Auditing an O365 shared mailbox

I have turned on auditing on an Office 365 shared mailbox, but when I do a search at the audit logs I get zero results. I've expanded from the standard auditing and added the parameters "harddelete...
Auditing
office 365
Shared mailbox
Aziz Hamid's avatar
Aziz Hamid
Copper Contributor
Jul 31, 2018

Auditing works for both type of customers: business as well as regular ones. Thus, the share mailboxes are also subject to the same audit mechanisms. Audit will not be enabled by default in any of the mailboxes, it needs to activated manually.

 

You can try two options: 1. To view log entries w.r.t a specific action, performed by a user of a selected type (owner, delegate or administrator) in a given timespan, run the following PowerShell command:

 

Search-MailboxAuditLog –Identity [user or shared mailbox name] –LogonTypes Owner –ShowDetails –StartDate [start date: d/m/y] –EndDate [end date: d/m/y] | Where-Object {$_.Operation -eq “[action name]”}

 

2.  You can also search the Exchange audit mailbox audit logs through Exchange Control Panel (ECP). Once you start ECP, go to compliance management >auditing.

 

You can also generate the report for actions performed on one or more shared mailboxes, click "Run a non-owner mailbox access report..."

Resources