Exchange Online mailbox auditing
Email remains one of the most relied on methods of communication for organizations today. With around 75 percent of your organization’s intellectual property stored in email, Exchange Online mailboxes are a treasure trove of valuable information.
That's why it's no surprise that email and compliance go hand-in-hand. This highlights the importance of keeping an eye on exactly who is accessing what within Exchange Online. In addition, that focus should be directed at every mailbox, regardless of who it belongs to.
Why M365 Security Plus?
Microsoft 365 mailbox auditing is disabled by default. You won't be able to see any Exchange Online mailbox audit logs unless you enable mailbox auditing manually. The native Microsoft 365 portal also doesn't offer any provisions to enable mailbox auditing for Exchange Online mailboxes in bulk, which means you'll have to enable auditing for each and every mailbox individually, unless you happen to be an expert in PowerShell scripting.
But scripting is a time-consuming process if you have a significant number of mailboxes in your organization, even if you're proficient in PowerShell. M365 Security Plus eliminates these challenges by allowing you to enable auditing for any number of mailboxes in just a few clicks—no PowerShell scripting required.
Mailbox auditing with M365 Security Plus
M365 Security Plus keeps track of every user and admin's activity in their Exchange Online mailboxes and makes sure nothing goes unnoticed. You can automate user mailbox auditing by scheduling the delivery of audit reports to your inbox in PDF, HTML, CSV, or XLS formats at regular intervals.
Some of the Exchange Online mailbox aspects that you can audit with M365 Security Plus include:
- Mailbox activity: Get audit details on mailbox creation, deletion, modification, and configuration changes made in your Exchange Online setup.
- Mailbox permission changes: Keep a close eye on mailbox permission changes, as they may signal an intruder granting themselves full access permission to mailboxes with elevated permissions or blocking access to mailboxes.
- Mail delivery status: Audit users' mailboxes and view information on successfully delivered messages, undelivered messages, messages yet to be delivered, and more.
- Malware settings: Know when changes are made in anti-malware, phishing, SafeLink, and other security policies.
- Public folder: View details on who created which public folder and when. Get audit details on public folders that have email enabled.
- Distribution list: Stay updated on distributed lists inside your organization. Keep track of distribution list creation and deletion, member addition and removal, and more.
The user and admin activities that you can audit with M365 Security Plus is a rather exhaustive list, and it doesn't end here. Try our online demo to view the complete list of actions that you can audit with M365 Security Plus.
Advantages of M365 Security Plus over Microsoft 365.
- Long-term historical data archival: With the native tools in Microsoft 365, there are limits on how long you can retrieve historical data. M365 Security Plus stores audit data indefinitely to maintain complete records.
- Real-time auditing: Instead of gathering the associated data for audit reports each time, M365 Security Plus keeps audit reports updated in real time.
- Profile-based auditing: Instead of browsing through the entire list of audit reports to find the right one (like in Microsoft 365), M365 Security Plus lets you create your own profiles so you can view only those audit details you need to see.
- Group-based auditing: While auditing Azure Active Directory, M365 Security Plus lets you generate reports for user activity based on group membership. Native Microsoft 365 tools are not able to audit based on group membership.
- Advanced filtering: With Microsoft 365's native tools, you can only filter audit logs based on certain attribute values. With M365 Security Plus, you can filter your audit logs based on any attribute, and perform multi-valued searches as needed.
- Custom views: While Microsoft 365 doesn't support custom views, with M365 Security Plus you can create your own custom views to see filtered data, summarized data, or summarized data that is filtered.
- Business hours auditing: Microsoft 365 doesn't support restricted time frame auditing, but M365 Security Plus lets you retrieve audit details based on business hours or a specific period of time.
- Instant alerts: You can create alerts for critical activities in your Microsoft 365 mailbox to detect unauthorized activities in real-time.
- Data export: In Microsoft 365, you can only export data in CSV format. But in M365 Security Plus, you can export audit data in multiple formats, including PDF, XLS, HTML, or CSV.
Need more than just a Microsoft 365 security solution? Try our unified
SIEM solution, Log360!
Explore Log360 now!