How to Stay on Top of Permissions Changes to Public Folders in Exchange Online

Native Auditing vs. Netwrix Auditor for Exchange
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Exchange
Native Auditing
Netwrix Auditor for Exchange
  1. Open Exchange Administrative Console in Internet Explorer → Navigate to "Compliance management" → Choose "Auditing" → Choose "Run the admin audit log report…"
  2. Choose a start date and end date → Click "Search". 
    You will see all configuration changes made during the specified time period.
  3. Sort the list by cmdlet and find "Add-PublicFolderPermission" → Click on it for details.
  4. You will see who changed permissions ("User"), which public folder permissions  were changed and how ("Parameters").

Report Sample

Top of Permissions Changes to Public Folders in Exchange Online
  1. Run Netwrix Auditor → Navigate to "Search" → Choose "Advanced" and specify the following criteria:
    • Filter – "Data Source";
      Operator – "=(Equals)";
      Value – "Exchange Online"
    • Filter – "Object type";   
      Operator – "Contains";
      Value – "Public Folder"
    • Filter – "Details";
      Operator – "Contains";
      Value – "Access Rights"
  2. Select "Modify" → Click "Search".

    After that, you will see which public folder permissions were modified, who did that and when it was done.

Report Sample

Report - Top of Permissions Changes to Public Folders in Exchange Online

Keep an Eye on Permissions Changes to Exchange Online Public Folders

Many organizations use Exchange Online public folders to collect and share data, including highly sensitive data. Anyone who has sufficient Exchange Online permissions to public folders can easily access the content in them, modify and remove information, move content around, or even forward it to those who shouldn’t see it — which can result in a breach or a data loss. Staying on top of changes to permissions for public folders, especially those that contain critical data, is a must-have for IT administrators, so they can quickly identify unauthorized changes and mitigate threats. 

Netwrix Auditor for Exchange is a software application for user behavior analysis and risk mitigation across cloud IT environments. The application delivers insightful reports that enable you to gain visibility into what’s going on across your hosted Exchange component including who changed which permissions to public folders in Exchange Online and Exchange Server and when it happened, so you can respond quickly and harden the security of your sensitive assets against threats. The Interactive Search feature helps you quickly spot suspicious changes to public folder permissions across your Exchange Online environment, while alerts on threat patterns keep you notified about the activity you deem risky. 

Related How-tos