03 January 2019

Enable audit logging on all mailboxes in your tenant - Optimize your SecureScore

If you want to achieve the highest Secure Score number you will be advised to enable mailbox auditing by the SecureScore actions list.
If you follow the link provided in the article you will land on a Github page that has a script to enable auditing on all mailboxes in a tenant.
But it was missing one type of mailbox, the SchedulingMailbox.
I added the missing mailbox type in the command below, now it works as it should.

First login to your tenant with global admin rights or Exchange Online admin privileges:
Connect-EXOPSSession
Check how your settings are now:
Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-Gridview
Then turn on audit logging on all mailboxes:
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or 
RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox" -or RecipientTypeDetails -eq "SchedulingMailbox"}
 | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, 
SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, 
MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems
Check again to be sure all mailboxes are enabled for audit logging:
Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-Gridview


No comments:

Post a Comment