Managing Mailbox Audit Policy in Exchange 2013


Management is increasingly concerned about who is accessing other people’s mailboxes – especially those belonging to key executives. Exchange provides mailbox auditing that allows you to track any combination of:

  • Owner access to their own mailbox
  • Administrator privileged access to user mailboxes
  • Other users with delegated authority to someone elses mailbox

You can choose which actions to audit such as view, send, delete etc.

That's the good news. But the bad news is that you must configure audit policy on each individual mailbox separately - through PowerShell using Set-Mailbox and a number of different –Audit parameters.

There's no way to manage audit policy at the group or OU level native to Exchange. So how do you ensure auditing is enabled consistently and thoroughly on all desired mailboxes for the correct people and actions?

That's what I'll address in this webinar. First I’ll explain how mailbox auditing works and show you examples of the audit reports you can get from Exchange. Then I'll show you how to configure audit policy with Set-Mailbox. Then I'll discuss different methods for ensuring audit policy configuration such as:

  • Making mailbox audit policy configuration part of the new user provisioning process
  • How to handle issues like job changes and transfers that could affect audit policy
  • How to catch inappropriate changes to mailbox audit policy
  • Running a daily script to check and configure audit policy on all mailboxes

This webinar is sponsored by LOGbinder for Exchange and I'll briefly show you how LOGbinder automatically manages mailbox audit policy for you based on rules you can define at the OU or group level as well as how LOGbinder pulls cryptic mailbox audit events from Exchange and feeds them to your SIEM for correlation with the rest of your security logs.

Please join me for this real training for free ™ event. Register now!



Additional Resources