Shulou(Shulou.com)06/02 Report--

There are times when various reports need to be submitted in the enterprise, and for the audit log, it can be used to understand the access of non-owners to mailboxes, but it is impossible to directly see which mailboxes have been accessed by which non-owners. For non-owner mailbox access reports, this can be made up for. The non-owner mailbox access report provided by Exchange Online lists mailboxes that have been accessed by people other than the mailbox owner.

The non-owner mailbox access report is a summary report based on the mailbox audit log. Therefore, to obtain a non-owner mailbox access report, you must first enable mailbox audit logs. How to enable mailbox audit logs, please refer to "how to enable auditing in 46 of the EXO service in O365" (https://blog.51cto.com/liulike/2358904).

Create a non-owner mailbox access report

The so-called non-owner means that he is not the owner of the mailbox. For example, Zhao Si is assigned a mailbox with an email address of zhaosi@lpwr.net. Then Zhao Si is the owner and owner of the mailbox. The access to the mailbox by all accounts except Zhao Si is called non-owner access.

Non-owner mailbox access reports can be easily obtained through Exchange Online's Exchange Management Center (EAC).

In Exchange Central Administration (EAC), click Compliance Management in the left navigation bar, click Audit in the right window, and then click run non-owner Mailbox access report.

Specify the sampling start and end times for the report in the pop-up search for mailboxes accessed by non-owners. Specify the mailbox that requires the production report, or leave it blank to find all mailboxes that have been accessed by the non-owner.

Specify the access of the person you are searching for, and then click search. If there are any results will be displayed in the search results. Clicking on the entries in the search results bar makes up the non-owner mailbox access report produced by Exchange Online.

II. Interpretation of non-owner mailbox access report

The entries in the non-owner mailbox access report are actually filtered by the mailbox audit log, and the contents of these entries are the same as those in the mailbox audit log. Each report entry contains the following information:

When did someone access the mailbox?

Which folders and messages are affected during access

What actions were performed in the mailbox

Whether the operation performed in the mailbox succeeded or failed.

In the above content, the first two items are relatively easy to understand, while Article 3 records the operations performed in the mailbox, where the records are limited and not all actions are recorded for all types of visitors.

The following table is about the mailbox actions that can be recorded by mailbox audits in Exchange Online:

The following table shows what different types of Exchange Online users can do to access mailboxes, and what actions mailbox auditing records by default when mailbox auditing is enabled for mailboxes.

For administrators, all actions can be recorded except that there is no user login, and logging of these operations is enabled by default when mailbox auditing starts.

For delegated users, basically all actions can be recorded except those that cannot be supported and cannot exist, and logging of these operations will be enabled by default when mailbox auditing starts.

For mailbox owners, because it is their own mailbox, Exchange Online does not design too many operation audit records. When mailbox audit starts, only UpdateCalendarDelegation, UpdateFolderPermissions and UpdateInboxRules operations are recorded by default.

If you want to disable or enable audit records for an action, please refer to how to enable auditing in 46 of the EXO service in O365 (https://blog.51cto.com/liulike/2358904).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.