Moving Exchange to the Office 365 cloud eliminates a lot of work but it doesn’t eliminate your compliance responsibilities or security requirements. To be secure and detect information grabs and data theft you need 2 critical feeds of activity from Exchange Online:
- Non-owner mailbox access – especially “high value” mailboxes like executives
- Privileged user operations
Exchange Online provides the ability to monitor both. And if you are familiar with Exchange on-premise you will find a degree of shared functionality – at least on the surface.
For instance, the configuration of mailbox audit policy and of the admin audit log use the same 2 PowerShell commands as Exchange on-premise:
- Set-Mailbox and all the “-Audit…” parameters
- Set-AdminAuditLogConfig
The commands are the same but the way you execute them against Exchange Online is a little different and I'll show you how it works.
But then getting the audit data out of Exchange Online is very, very different than on-premise. That may come as a surprise because the same Search-MailboxAuditLog and Search-AdminAuditLog commands are technically supported by Exchange Online but after you see what I show you I'm pretty sure you'll avoid them.
The good news is that there is an interactive audit reporting capability in the Exchange Online audit portal and I’ll show you how that works along with the export feature.
These built-in reports may suffice for casual audit use when you wonder “who did ___” within Exchange Online but to better secure your environment and fulfill compliance regulations, you really need to be able to get this audit data out of the cloud and into a central reporting and monitoring framework. Additionally, if you have a hybrid environment and your security needs are more than Exchange Online, you need have a single correlated view so you’re not trying to find a needle in a hay stack from multiple sources.
This is where our sponsor, Dell Software, comes in to bridge the gap with Change Auditor. Bryan Patton will briefly show you how the latest version brings to Exchange Online the same Who, What, When and Where capability Change Auditor is famous for
Please join me for this technical and cloud security focused real training for free ™ event.
Please register now.