Configuring administrator audit logging
As part of the Exchange native data protection features in Chapter 8, Configuring Security and Compliance Features, we talked about a mechanism called mailbox audit logging which tracks access to a specific mailbox.
Wouldn't it be cool to do the same level of inspection logging on the overall Exchange Organization? Administrator audit logging can be used to create a log of every change a regular user or an Exchange Administrative user makes to the Exchange Organization. By inspecting the log, you can track who made what changes and when they were made.
How to do it...
By default, Adminstrator audit logging is enabled in Exchange 2013, for all administrative cmdlets that are run within Exchange 2013. If the audit logging has been disabled and you want to turn it on again, use the following cmdlet:
Set-AdminAuditLogConfig -AdminAuditLogEnabled $False
Although, we wouldn't recommend this, you have the option to disable audit logging. This is achieved by...