Enabling mailbox audit logging
You can enable mailbox audit logging to track logons to mailboxes and determine which actions are being taken against a mailbox. Audit log entries for a mailbox keep track of important details such as the username, client IP address, and hostname of the computer used by the person that made the change, and the actions made, such as accessing, moving, or deleting messages. In this recipe, we'll look at what needs to be done in order to enable and configure mailbox audit logging.
How to do it...
To enable mailbox audit logging, use the
Set-Mailboxcmdlet:Set-Mailbox -Identity dsmith -AuditEnabled $trueBy default, audit log entries are retained per mailbox based on the
AuditLogAgeLimitproperty, which, by default, is set to90days. You can increase this value using theSet-Mailboxcmdlet:Set-Mailbox -Identity dsmith -AuditLogAgeLimit 120To disable mailbox audit logging, set the
-AuditEnabledparameter to$false:Set-Mailbox -Identity dsmith -AuditEnabled $false...
