Exchange Online Protection Reports

Exchange Online Protection Reports

 

MicrosoftExchange Online Protection (EOP) is a cloud-based email filtering service that can help safeguard your company from spam andmalware. EOP includes featuresto protect your company frommessaging-policy abuse. EOP canbe used for messaging protection in the following situations:

• In a stand-alone scenario. EOP provides cloudbased email protection for your on-premises Microsoft Exchange Server 2013 environment, legacy Exchange Server versions, or for any other on-premises SMTP email solution.
• As a part of Microsoft Exchange Online. By default, EOP protects Microsoft Exchange Online cloudhosted mailboxes.
• In a hybrid deployment. EOP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes.

 

EOPauditing reports can help your organization meet regulatory, compliance, andlitigation requirements bydetermining what changes have been made to the configuration of EOP. Auditingreports can help you troubleshootissues with configuration and determine the cause of security-related orcompliance-related problems.

 

Thefour auditing reports available in the Exchange admin center are the same asthe four auditing reportsdiscussed earlier in the Office 365 admin center, but with slightly differentnames in the user interface.

 

To accessthe Exchange Online Protection auditing reports:

 

1. In the Office 365 admin center, click Admin, then click Exchange.
2. In the left menu, click compliance management.
3. On the compliance management page, click auditing.
4. Select one of the following reports:
   • Non-owner mailbox access report
   • Administrator role group report
   • In-Place eDiscovery and Hold report
   • Per-mailbox litigation hold report

Fromthe auditing section you can also export mailbox audit logs, view and exportthe administrator audit log,and view the datacenter admin log.

 

Enable Mailbox Audit Logging

 

Youhave to enable mailbox audit logging for each mailbox that you want to run aNon-owner Mailbox Access reportfor. If mailbox audit logging is not enabled for a mailbox, you will not receive any results when you run a report for it or export the mailbox audit log.

 

To enablemailbox audit logging for a single user’s mailbox:

 

1.  Open Windows PowerShell.
2. At the prompt, type the following command and press Enter: Set-Mailbox user@domainname.com -AuditEnabled $true

 

To enablemailbox audit logging for all users’ mailboxes:

 

1. Open Windows PowerShell.
2. At the prompt, type the following command and press Enter: $UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')}
3. At the prompt, type the following command and press Enter: $UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}

 

Windows PowerShell Reporting in Exchange Online

 

Thereare several Windows PowerShell cmdlets that you can use for reporting purposes in Exchange Online.

 

Auditing Cmdlets

 

Youcan use the following Windows PowerShell cmdlets to configure audit logging, and to view the audit logs:

 

 

Message Tracking Cmdlets

 

Youcan use the following Windows PowerShell cmdlets to track delivery informationabout messages sent by, orreceived from, any specific mailbox in your organization:

 

 

General Reporting Cmdlets

 

You canuse the following Windows PowerShell cmdlets for general reporting in ExchangeOnline: