How to Stay on Top of Permissions Changes to Public Folders in Exchange Online


Native Auditing vs. Netwrix Auditor for Office 365

We never share your data. Privacy Policy
Native Auditing Netwrix Auditor for Office 365
Steps
  1. Open Exchange Administrative Console in Internet Explorer → Navigate to "Compliance management" → Choose "Auditing" → Choose "Run the admin audit log report…"
  2. Choose a start date and end date → Click "Search". 
    You will see all configuration changes made during the specified time period.
  3. Sort the list by cmdlet and find "Add-PublicFolderPermission" → Click on it for details.
  4. You will see who changed permissions ("User"), which public folder permissions  were changed and how ("Parameters").

Report Sample

  1. Run Netwrix Auditor → Navigate to "Search" → Choose "Advanced" and specify the following criteria:
    • Filter – "Data Source";
      Operator – "=(Equals)";
      Value – "Exchange Online"
    • Filter – "Object type";   
      Operator – "Contains";
      Value – "Public Folder"
    • Filter – "Details";
      Operator – "Contains";
      Value – "Access Rights"
  2. Select "Modify" → Click "Search".

    After that, you will see which public folder permissions were modified, who did that and when it was done.

Report Sample

Keep an Eye on Permissions Changes to Exchange Online Public Folders

Many organizations use Exchange Online public folders to collect and share data, including highly sensitive data. Anyone who has sufficient Exchange Online permissions to public folders can easily access the content in them, modify and remove information, move content around, or even forward it to those who shouldn’t see it — which can result in a breach or a data loss. Staying on top of changes to permissions for public folders, especially those that contain critical data, is a must-have for IT administrators, so they can quickly identify unauthorized changes and mitigate threats. 

Netwrix Auditor for Office 365 is a software application for user behavior analysis and risk mitigation across cloud IT environments. The application delivers insightful reports that enable you to gain visibility into what’s going on across your hosted Exchange component including who changed which permissions to public folders in Exchange Online and when it happened, so you can respond quickly and harden the security of your sensitive assets against threats. The Interactive Search feature helps you quickly spot suspicious changes to public folder permissions across your Exchange Online environment, while alerts on threat patterns keep you notified about the activity you deem risky. 

Join the discussion