Mar 28 2018 02:24 PM - edited Mar 28 2018 02:27 PM
Hello,
I am having trouble auditing a shared mailbox. I have enabled auditing on a shared mailbox. When viewing the audit logs via the Compliance Manager the only audited event I have are from a user working in OWA. I do not see any events logged from any users using outlook.
Here is the status of the mailbox
PS C:\WINDOWS\system32> Get-Mailbox MAILBOXNAME | fl au* AutoExpandingArchiveEnabled : False AuditEnabled : True AuditLogAgeLimit : 60.00:00:00 AuditAdmin : {Update, Move, MoveToDeletedItems, SoftDelete...} AuditDelegate : {Update, Move, MoveToDeletedItems, SoftDelete...} AuditOwner : {Update, Move, MoveToDeletedItems, SoftDelete...}
Mar 29 2018 12:16 AM
Have you checked the actual mailbox audit logs, the ones stored in the mailbox not the SCC console? In other words, run this:
Search-MailboxAuditLog -Identity shared -ShowDetails -LogonTypes Delegate
Mar 29 2018 04:37 AM
Thanks for sharing. I thought all the audit logs are available in SCC!.
Mar 29 2018 10:27 AM
In theory, yes. In practice... not as reliable as you might think. Did you find the events in the mailbox log?