Detecting Non-Owner Mailbox Access with Exchange Mailbox Auditing


To help organizations to protect confidential mailbox data and sender integrity, Exchange provides mailbox audit logging to track such message events as View, Update, Delete, Create, Send As, SendOnBehalf, Copy, and Move. You can specify the actions to be audited, based on whether the user is the owner a delegate (i.e., another user designated by the owner), or a privileged administrator.
In this webinar, I will show you how Exchange mailbox auditing works. You will learn how to detect:
  • Users viewing an executive’s confidential email
  • Impersonated, fraudulent emails
  • Administrators exporting copies of entire mailboxes
  • Deletion of emails to cover up evidence
I’ll also explain:
  • How to configure Exchange mailbox auditing
  • Where mailbox audit logs are stored
  • How to get mailbox audit reports from Exchange
  • The gap between mailbox auditing and your SIEM
My own software company, LOGbinder, is sponsoring this webinar and I’ll follow up this real-training-for-free™ session with a brief demonstration of LOGbinder EX which bridges the gap between Exchange audit and your SIEM. I’ll also clear up some confusion about:
  • The various logs produced by Exchange
  • Which logs can be accessed by SIEMs
  • Which logs can’t and why it matters so much
This will be an awesome technical security event. Don’t miss it! Please register now!


Additional Resources