Finding out who logged in to a mailbox or purged an item from a mailbox can be tedious when using the search log console in the Office 365 Security and Compliance Center. Instead of fiddling with multiple filter options, IT admins can run PowerShell scripts to fetch the required audit logs easily. Below are some of the PowerShell scripts utilized when searching Exchange Online audit logs.Mailbox activities report
This script fetches mailbox audit log entries for John's mailbox on the actions performed by Admins and Delegates between 1/1/19 and 12/31/19. A maximum of 2,000 log entries will be returned.
This script retrieves mailbox audit log entries for John Doe and William Smith's mailboxes on the actions performed by Admins and Delegates between 1/1/19 and 12/31/19. A maximum of 2,000 log entries will be returned.Hard deleted mailbox items
This script retrieves mailbox audit log entries for Ken Kwok's mailbox on actions performed by the mailbox owner between 1/1/16 and 3/1/16. The results are piped to the Where-Object cmdlet and filtered to only return entries with the HardDelete action.Exchange admin activities report
This script searches the unified audit log for all Exchange admin events from 8am to 6pm on 6/1/19.
O365 Manager Plus' prepackaged audit reports eliminate the need to comb through the unified audit logs in the Security and Compliance Center. In many aspects, this tool is easier to use than the Office 365 Security and Compliance Center. Below are some features showcasing how O365 Manager Plus is the superior tool: