Home

Enabling Mailbox Audit by Default

%3CLINGO-SUB%20id%3D%22lingo-sub-50493%22%20slang%3D%22en-US%22%3EEnabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50493%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20of%20turning%20on%20mailbox%20auditing%20by%20default%20in%20Exchange%20Online%20for%20newly%20created%20mailboxes%3F%20%26nbsp%3BIt%20appears%20that%20this%20would%20be%20feasable%20via%20the%20%22Set-mailboxplan%22%20cmdlet%20but%20the%20actual%20parameter%26nbsp%3Bappears%20to%20be%20reserved%20for%20internal%20use%20according%20to%20the%20technet%20article%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fmt586788(v%3Dexchg.160).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fmt586788(v%3Dexchg.160).aspx%3C%2FA%3E.%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20other%20than%20turning%20on%20Auditing%20manually%20everytime%20a%20mailbox%20is%20enabled%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-50493%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-331891%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331891%22%20slang%3D%22en-US%22%3EYep%20finally%2C%20great%20new%20feature%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-331500%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331500%22%20slang%3D%22en-US%22%3E%3CP%3Eit%20is%20applied%20by%20Default%20now.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-153515%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-153515%22%20slang%3D%22en-US%22%3E%3CP%3ENope.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-153500%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-153500%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EApart%20from%20the%20methods%20of%20manually%2Fscheduled%2Fscript%20enabling%20auditing%20on%20new%20mailboxes%2C%20has%20the%20%22Set-MailboxPlan%22%20or%20any%20other%20Default%2FAutomated%20methods%20become%20available%20yet%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-51721%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-51721%22%20slang%3D%22en-US%22%3EThank%20%40Vasil.%3CBR%20%2F%3E%3CBR%20%2F%3EMy%20doubts%20are%20now%20cleared.%20It%20is%20time%20for%20me%20to%20enable%20auditing%20for%20all%20of%20our%20shared%20mailboxes.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20had%20not%20enabled%20auditing%20assuming%20they%20all%20are%20counted%20against%20mailbox%20size%20etc.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-51513%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-51513%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20you%20need%20to%20create%20script%20to%20run%20everytime%20you%20create%20a%20mailbox.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-51240%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-51240%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20you%20have%20a%20separate%20quota%20for%20it%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5B21%3A33%3A25%5D%5BO365%5D%23%20Get-Mailbox%20vasil%20%7C%20fl%20*quota*%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EProhibitSendQuota%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%2099%20GB%20(106%2C300%2C440%2C576%20bytes)%3CBR%20%2F%3EProhibitSendReceiveQuota%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20100%20GB%20(107%2C374%2C182%2C400%20bytes)%3CBR%20%2F%3ERecoverableItemsQuota%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%2030%20GB%20(32%2C212%2C254%2C720%20bytes)%3CBR%20%2F%3ERecoverableItemsWarningQuota%20%3A%2020%20GB%20(21%2C474%2C836%2C480%20bytes)%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3ERead%20more%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fee364755(v%3Dexchg.160).aspx%23RIQuotas%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fee364755(v%3Dexchg.160).aspx%23RIQuotas%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50761%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50761%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bthanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20elaborate%20more%20on%20the%20same%3F%20Recoverable%20data%20is%20also%20counted%20against%20total%20size%20of%20mailbox%20right%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50631%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50631%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20storage%20doesnt%20count%20against%20the%20mailbox%20quota%2C%20it%20uses%20the%20RecoverableItems%20quota%20instead.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50552%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50552%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20that's%20what%20we%20are%20currently%20doing.%20%26nbsp%3BI%20was%20looking%20for%20a%20way%20to%20possibly%20skip%20that%20and%20let%20the%20mailboxplan%20actually%20default%26nbsp%3Bthe%20parameter%20to%20True%20for%20any%20new%20mailbox.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50537%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50537%22%20slang%3D%22en-US%22%3EAny%20body%20know%20if%20we%20enable%20Mailbox%20Auditing%20how%20much%20%25%20of%20storage%20will%20be%20used%20by%20Audit%20logs%3F%3CBR%20%2F%3E%3CBR%20%2F%3Efor%20e.g.%20If%20the%20Mailbox%20size%20is%20100GB%20then%20once%20we%20enable%20Auditing%20how%20much%20size%20will%20be%20consumed%20by%20Audit%20logs%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50536%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50536%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20create%20a%20script%20to%20run%20each%20time%20you%20create%20a%20mailbox%20to%20do%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-50514%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20Mailbox%20Audit%20by%20Default%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-50514%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20to%20run%20the%20Set-Mailbox%20-AuditEnabled%20%24True%20every%20time%20we%20add%20a%20new%20mailbox%20so%20that%20Auditing%20is%20turned%20on.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jessie Hernandez
Occasional Contributor

Is there a way of turning on mailbox auditing by default in Exchange Online for newly created mailboxes?  It appears that this would be feasable via the "Set-mailboxplan" cmdlet but the actual parameter appears to be reserved for internal use according to the technet article: https://technet.microsoft.com/en-us/library/mt586788(v=exchg.160).aspx.  

 

Any ideas other than turning on Auditing manually everytime a mailbox is enabled?

13 Replies

I have to run the Set-Mailbox -AuditEnabled $True every time we add a new mailbox so that Auditing is turned on.

You can create a script to run each time you create a mailbox to do that.

Any body know if we enable Mailbox Auditing how much % of storage will be used by Audit logs?

for e.g. If the Mailbox size is 100GB then once we enable Auditing how much size will be consumed by Audit logs?

Thanks, that's what we are currently doing.  I was looking for a way to possibly skip that and let the mailboxplan actually default the parameter to True for any new mailbox.

The storage doesnt count against the mailbox quota, it uses the RecoverableItems quota instead.

@Vasil Michev thanks

 

Could you please elaborate more on the same? Recoverable data is also counted against total size of mailbox right?

No, you have a separate quota for it:

 

[21:33:25][O365]# Get-Mailbox vasil | fl *quota*


ProhibitSendQuota            : 99 GB (106,300,440,576 bytes)
ProhibitSendReceiveQuota     : 100 GB (107,374,182,400 bytes)
RecoverableItemsQuota        : 30 GB (32,212,254,720 bytes)
RecoverableItemsWarningQuota : 20 GB (21,474,836,480 bytes)

Read more here: https://technet.microsoft.com/en-us/library/ee364755(v=exchg.160).aspx#RIQuotas

I think you need to create script to run everytime you create a mailbox.

Thank @Vasil.

My doubts are now cleared. It is time for me to enable auditing for all of our shared mailboxes.

I had not enabled auditing assuming they all are counted against mailbox size etc.

Hi,

 

Apart from the methods of manually/scheduled/script enabling auditing on new mailboxes, has the "Set-MailboxPlan" or any other Default/Automated methods become available yet?

Nope.

it is applied by Default now.

Yep finally, great new feature :)
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies