Exchange Online Audit Reports


Exchange Reporter Plus offers auditing for Exchange Online activities. Using this feature, you can effectively store logs of Exchange user activities (owners, non-owner delegates); transport setting changes; create, modify, and delete various objects; detect malware and spam; and more for an indefinite period of time. (The native tool has a 90-day storage period only).

You can access these reports by navigating to Auditing → Exchange Online. Choose the category drop-down, and expand to select the report you need. Click on Enable Now to enable auditing. Enter inputs for Period and Hours (for report generation), and select the Domains you want to appear in the report.

default-view-of-exchange-online-reports

Below are the various categories under Exchange Online auditing and the list of reports available in each category.

Exchange Activity

The reports under this category give you information about all types of mailbox activities performed by mailbox owners, non-owners, Exchange admins, and delegates. This category also has exclusive reports for Send As, mail move, and delete activities. Find the list of reports below:

Mail Contact

Using the list of reports given below, you can keep track of all contact creation, modification, and deletion processes.

Connector

Using the Connector Changes report you can monitor and keep tabs on all the connector-related changes made in your Exchange Online platform.

Mailflow

This category offers the Transport Settings Changes reports, which gives information about all the mail-flow-related settings and the changes made to them by users and more. This very important aspect should be monitored closely to avoid any kind of tampering with an organization’s emails.

Management Roles

Using the Management Role report, keep track of all the roles created, modified, and deleted; the role definitions; and more.

Public Folder

Using the reports in this category, you can audit all the creation, modification, and deletion of all Public Folders in your Office 365 tenant. The reports available in this category are:

Mailbox Move

The Mailbox Move Activities report gives a list of all the mailbox move activities that were performed over a given period of time. Results can also be filtered by domain.

Mail Trace

Use the reports available under this category to trace all the emails, their senders' addresses, recipients' addresses, time of mailing, and more. You also have exclusive reports to audit failed and pending emails.

exchange-online-mail-trace-reports

Malware Detection

The Malware Detection report lists all the possible malware emails in your Office 365 tenant over a given period of time.

Spam Detection

The Spam Detection report lists all the possible spam emails in your Office 365 tenant over a given period of time.

DLP Policy Matches

The DLP Policy Matches report gives a set of Data Loss Prevention (DLP) policies, their corresponding mailbox addresses, the actions performed on the policy, and the direction in which the policy works (from and to which user mailboxes).

Transport Rule Matches

The Transport Rule Matches report available under this category gives a list of set transport rules and actions (such as creation, deletion) performed over those rules.

Mailbox

The reports under this category give you information about the storage quota changes along with information on mailbox enabling, disabling, creation, and deletion activities. Find the list of reports below:

Mailbox Permissions

The Mailbox Permission Changes report lists all the changes made to permissions of all mailboxes in your Exchange tenant over a period of time.

Calendar

The Calendar Changes report audits and maintains logs of all the changes made to the mailbox calendar by the users in a tenant.

Get download link