Admins often have full access permissions in Office 365 to open another mailbox. One reason is that they might need to make sure the mailbox is good to be deleted after a user departs from the organization. However, there’s always a chance that they might misuse their privileges and access mailboxes they shouldn’t, such as the CEO’s mailbox. How can you make sure there’s no such privilege abuse in your Office 365 environment? To secure your critical Exchange Online content, you need to know about all non-owner mailbox access events and what exactly the non-owner did in that mailbox — which folders they read and which mailbox items they modified, moved or deleted.
Tracking which mailboxes Office 365 admins access and view using built-in tools
To make sure no Office 365 admins access a user mailbox without a valid need and that they perform no unauthorized actions in the ones they do access, monitoring Office 365 full access permissions is a good start, but not sufficient. You also have to keep an eye on non-owner mailbox access events so you can respond to unwarranted actions before your data is compromised.
You can start monitoring which Office 365 admins view other mailboxes’ content with the native tools. But first you’ll have to enable mailbox auditing. If it’s not set by default, be ready to revamp your PowerShell skills, because you’ll need them to put together a script. Then you can view a report on non-owner mailbox access in the Office 365 Security and Compliance Management console; however, don’t expect to be able to get the report easily. There’s no subscription option, so you’ll have to manually go get it. Then you’ll need to export it into Excel or another format, and then massage the resulting spreadsheet into a ready-to use, readable report. Wouldn’t you prefer an option that involved far less effort and stress?
Staying on top of Office 365 administrator access to mailboxes that don’t belong to them with Netwrix Auditor
Are you ready for the simplest and the most reliable way to prevent privilege abuse in your Office 365 environment? Netwrix Auditor delivers pervasive visibility into Exchange Online, SharePoint Online, and OneDrive for Business with Office 365 audit reporting you can rely on. And when it comes to keeping an eye on non-owner mailbox access, you can be sure the solution has you covered.
With Netwrix Auditor, you can:
- Worry no more about unauthorized non-owner mailbox access going under your radar. Predefined, detailed Office 365 mailbox access reports help you spot aberrant activity and block privilege abuse in its early stages.
- Make reporting easy and seamless by subscribing to the reports that you find most critical and get them automatically at the exact time you need them.
- Quickly investigate any suspicious non-owner mailbox access using the Google-like, Interactive Search feature.
- Leave your office on Friday evening and not stress that the CEO’s mailbox will be accessed by a noisy admin by setting up a custom alert on critical activity, including non-owner mailbox access.
- Take a step further and stay on top of all activity in Exchange Online, including changes to mailboxes, permissions and much more.
- Breathe easy, because now you can keep your audit data stored securely for years in a cost-effective two-tiered (SQL database + file-based) storage, and access it easily whenever you need to.