The Search-AdminAuditLog is used to retrieve logs of all admin and user activities performed on a particular mailbox in your hybrid Exchange environment.
Examples of Search-Adminauditlog cmdlet:
Search-AdminAuditLog -Cmdlets Set-Mailbox -Parameters UseDatabaseQuotaDefaults,ProhibitSendReceiveQuota,ProhibitSendQuota
This cmdlet helps find the administrator log entries where the Set-Mailbox cmdlet was triggered with the UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota and ProhibitSendQuota. So, any action performed related to modifying or setting quota limits will be listed.
Search-AdminAuditLog -ExternalAccess $true -StartDate 01/01/2020 -EndDate 12/01/2020
This cmdlet returns entries in the administrator audit log for Exchange Online between January 1st to December 1st.
Retrieving audit logs is a tricky job. When you have specific needs, piping the cmdlets with various parameters to customize your search can create more trouble and you might still not end up getting the result you require. Exchange Reporter Plus, an Exchange reporting, change auditing and monitoring tool offers various reports on admin activities for both Exchange Server and Exchange Online platforms. In addition, the tool gives you an option to add new parameters to the cmdlet and audit all the required changes.
Getting insights about admin actitivities using Exchange Reporter Plus:
Exchange Reporter Plus offers multiple admin audit log reports to help you keep track of all activities and changes performed in your hybrid Exchange environment.
List of admin audit reports available:
For Exchange Server:
- Mailbox Permission Changes
- Mailbox Storage Quota Changes
- Mailbox Move Request
- Mailbox Create and Delete
- Send and Receive Connector Changes
- Circular Logging Changes
- Hub Transport Settings Changes
- Cmdlets Summary
For Exchange Server:
- Activities by Exchange Admins
Steps for fetching admin audit log reports in Exchange Reporter Plus:
- Go to the Auditing tab on the top pane.
- Navigate to Exchange Server > Advanced Audit > Admin Audit Log. .
Note: Or navigate to Exchange Online > Exchange Activity > Activities by Exchange Admins.(for Exchange Online).
- Select a suitable report from the list of available reports.
- Enter the period for report generation.
- Select the type of view in which you want the report to be presented. (Summary, default or custom view).
- For Exchange Online, select the domains for which you want to generate the report and navigate to the Admin Activity tab in the generated report.
Why Exchange Reporter Plus?
- Report Scheduling: Generate reports automatically at scheduled times, and send them to the concerned personnel such as IT admins and managers through email.
- Quick access and export options: Add reports to your favorites list to access them easily; Also export reports in different file formats such as PDF, HTML, XLS and CSV.
- Filter and alerting options: Add or remove columns from reports to view information relevant to your needs. Use advanced filters options to customize your search and configure real-time alerts for specific actions of interest.
- Technician Delegation: Delegate different reports to different technicians. Have control over who gets access to what. You can also protect your reports with passwords.
- Easy-to-analyse reports: Generate reports on a periodic basis, per domain basis, tenant-wise or get an overall summary as you choose. Get graphical and dashboard representation of complex analytical data.
- Log Forwarding to SIEM solutions: Integrate with other SIEM solutions such as Splunk and forward logs to them for analytical purposes.
To know how to utilize Exchange Reporter Plus to get best benefits while performing Exchange tasks, click here.