If you follow the link provided in the article you will land on a Github page that has a script to enable auditing on all mailboxes in a tenant.
But it was missing one type of mailbox, the SchedulingMailbox.
I added the missing mailbox type in the command below, now it works as it should.
First login to your tenant with global admin rights or Exchange Online admin privileges:
Connect-EXOPSSession
Check how your settings are now:Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-GridviewThen turn on audit logging on all mailboxes:
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox" -or RecipientTypeDetails -eq "SchedulingMailbox"} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItemsCheck again to be sure all mailboxes are enabled for audit logging:
Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-Gridview
No comments:
Post a Comment