Enable Auditing and understanding its usage
We will discuss the following two types of audit logs available in Exchange 2013:
Administrator audit logs
Mailbox audit logs
Administrator audit logs
Administrator audit logs are used to log when a cmdlet is executed from Exchange Management Shell or Exchange Admin Center except the cmdlets that are used to display information such as the Get-* and Search-* cmdlets. By default, Administrator audit log is enabled for new Exchange 2013/2016 installations. The admin audit log is a built-in cmdlet extension agent that we have covered in Chapter 2, Learning Recipient Management This agent reads the audit log configuration and evaluates each cmdlet when they are run, and then it logs it based on the configuration.
The following command will audit all cmdlets. Note that this is the default behavior. So, if this is a new installation of Exchange 2013 and 2016, you don't have to make any changes. You have to only run this if you have made some changes using...
