Being able to spot unauthorized mailbox access events or privilege misuse in your Exchange Online organization is essential to the security and compliance of your Office 365 environment. Continuous Exchange Online auditing helps you stay on top of changes to configurations and permissions, as well as user mailbox activity, so you can take appropriate steps to prevent a security breach or compliance failure.
Native auditing in Exchange Online can capture audit log entries from two sources: administrative events and mailboxes. The former is enabled automatically, but to enable mailbox audit logging, you’ll have to run PowerShell scripts. After you enable mailbox auditing, you’ll be able to see mailbox-related events in auditing reports or in exported audit logs. Auditing reports can be accessed through both the Office 365 Security & Compliance Center and the Exchange admin center. Although you can view administrators’ actions, including changes they make to mailbox identity, and non-owner mailbox access events, native auditing in Office 365 lacks some important functionality, such as the following:
Netwrix Auditor for Office 365 streamlines Exchange Online auditing, as well as auditing of SharePoint Online and OneDrive for Business. It empowers you with security intelligence that helps you stay in control of changes and access events in your Office 365 environment. For example, you can easily review changes made by administrators, or mailbox access events and other actions performed by someone other than the mailbox owner. Report subscriptions facilitate routine review of activity and also simplify compliance preparation — simply add your auditors to the recipient list or have reports saved to a specific folder that you give them access to. In addition to providing ready-to-use predefined reports, Netwrix Auditor also makes it easy to create and save custom reports to meet your specific requirements. Its two-tiered storage can securely retain your Office 365 audit trail for more than 10 years while ensuring quick and easy access to the data throughout the whole retention period. Finally, Netwrix Auditor for Office 365 is a part of a unified platform that provides single-pane-of-glass user behavior monitoring and risk mitigation across your hybrid IT environment, including Azure AD, Active Directory, Microsoft Exchange Server and more.