Mar 06 2017 06:33 AM
Is there a way of turning on mailbox auditing by default in Exchange Online for newly created mailboxes? It appears that this would be feasable via the "Set-mailboxplan" cmdlet but the actual parameter appears to be reserved for internal use according to the technet article: https://technet.microsoft.com/en-us/library/mt586788(v=exchg.160).aspx.
Any ideas other than turning on Auditing manually everytime a mailbox is enabled?
Mar 06 2017 07:31 AM
I have to run the Set-Mailbox -AuditEnabled $True every time we add a new mailbox so that Auditing is turned on.
Mar 06 2017 08:04 AM
You can create a script to run each time you create a mailbox to do that.
Mar 06 2017 08:19 AM
Mar 06 2017 08:59 AM
Thanks, that's what we are currently doing. I was looking for a way to possibly skip that and let the mailboxplan actually default the parameter to True for any new mailbox.
Mar 06 2017 12:04 PM
The storage doesnt count against the mailbox quota, it uses the RecoverableItems quota instead.
Mar 07 2017 01:25 AM
@VasilMichev thanks
Could you please elaborate more on the same? Recoverable data is also counted against total size of mailbox right?
Mar 07 2017 11:34 AM
No, you have a separate quota for it:
[21:33:25][O365]# Get-Mailbox vasil | fl *quota*
ProhibitSendQuota : 99 GB (106,300,440,576 bytes)
ProhibitSendReceiveQuota : 100 GB (107,374,182,400 bytes)
RecoverableItemsQuota : 30 GB (32,212,254,720 bytes)
RecoverableItemsWarningQuota : 20 GB (21,474,836,480 bytes)
Read more here: https://technet.microsoft.com/en-us/library/ee364755(v=exchg.160).aspx#RIQuotas
Mar 08 2017 08:26 AM
I think you need to create script to run everytime you create a mailbox.
Mar 08 2017 07:26 PM
Feb 07 2018 12:15 PM
Hi,
Apart from the methods of manually/scheduled/script enabling auditing on new mailboxes, has the "Set-MailboxPlan" or any other Default/Automated methods become available yet?
Aug 10 2020 03:47 AM
Yes you would think that all mailboxes would be enabled with that setting but guess what? turns out they are not! Important to note: some types of mailboxes are missing which could be used as an attack vector.
And... log shipping to the O365 unified log is also missing without that setting.
https://office365itpros.com/2020/03/12/exchange-online-mailbox-auditing-default-problem/
It's crazy stuff... when I first looked at this i thought just enable that and move on until I had a security assessment which still recommended enabling the setting on all mailbox in the tenant.