Enable Non-Owner Mailbox Access Auditting – Exchange Online

One of the Office 365 Security recommendations is to enable auditing for non-owner mailbox access in Exchange Online. This should then be reviewed on a scheduled basis, i.e. weekly, to make sure other people are not snooping on mailboxes.

Let’s walk through how you can do this in Powershell for ALL mailboxes in your Exchange Online subscription

Because you should have MFA enabled for any Admin accounts in your subscription, we need to download the Exchange Online Remote Powershell module.
1. Open the Exchange Admin Center (EAC) for your Exchange Online organisation
2. In the EAC, go to Hybrid > Setup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
3. In the Application Install window that opens, click Install.
Connect To Exchange Online Using MFA
1. On your computer, Exchange Online Remote Powershell Module
2. Run the command below and specify your admin account

You will then get prompted to provide your MFA details.
OK, so in one command we can get mailbox auditing for all the mailboxes in our Exchange Online environment

Now we want to verify that this has worked and we use this;

mailbox non-owner output

Leave a Reply

Your email address will not be published. Required fields are marked *