Keep Control over Your Hosted Email Service with Continuous Exchange Online Auditing

Being able to spot unauthorized mailbox access events or privilege misuse in your Exchange Online organization is essential to the security and compliance of your Office 365 environment. Continuous Exchange Online auditing helps you stay on top of changes to configurations and permissions, as well as user mailbox activity, so you can take appropriate steps to prevent a security breach or compliance failure.

Limitations of Native Exchange Online Auditing

Native auditing in Exchange Online can capture audit log entries from two sources:  administrative events and mailboxes. The former is enabled automatically, but to enable mailbox audit logging, you’ll have to run PowerShell scripts. After you enable mailbox auditing, you’ll be able to see mailbox-related events in auditing reports or in exported audit logs. Auditing reports can be accessed through both the Office 365 Security & Compliance Center and the Exchange admin center. Although you can view administrators’ actions, including changes they make to mailbox identity, and non-owner mailbox access events, native auditing in Office 365 lacks some important functionality, such as the following:

  • There is no way to automate routine monitoring or compliance preparation tasks. No report subscription option means you have to run reports manually on demand to perform monitoring or respond to auditors’ requests.
  • You can choose from a few predefined reports, but you can’t create custom reports to meet your specific requirements or to answer questions from your auditor’s checklist.
  • The native audit log retains data for 90 days only. Therefore, it’s impossible to retrieve the historical data necessary to prove to auditors that you have always had control over your cloud environment and security policies have been strictly followed for longer than 3 months.

Enabling Continuous Auditing of Your Exchange Online Organization with Netwrix Auditor

Netwrix Auditor for Office 365 streamlines Exchange Online auditing, as well as auditing of SharePoint Online and OneDrive for Business. It empowers you with security intelligence that helps you stay in control of changes and access events in your Office 365 environment. For example, you can easily review changes made by administrators, or mailbox access events and other actions performed by someone other than the mailbox owner. Report subscriptions facilitate routine review of activity and also simplify compliance preparation — simply add your auditors to the recipient list or have reports saved to a specific folder that you give them access to. In addition to providing ready-to-use predefined reports, Netwrix Auditor also makes it easy to create and save custom reports to meet your specific requirements. Its two-tiered storage can securely retain your Office 365 audit trail for more than 10 years while ensuring quick and easy access to the data throughout the whole retention period. Finally, Netwrix Auditor for Office 365 is a part of a unified platform that provides single-pane-of-glass user behavior monitoring and risk mitigation across your hybrid IT environment, including Azure AD, Active Directory, Microsoft Exchange Server and more.

All Exchange Online Non-Owner Mailbox Access Events report from Netwrix Auditor: Action, Object type, What, Who and When