GitBit Logo Gitbit

view future sign-ins to the mailbox of a user

Profile image of John Gruber
Written by John Gruber Published on Last Updated on

Your organization has a valid Microsoft 365 subscription.

Your CFO's name is John Gruber. He has requested 5 people to have full mailbox access to his mailbox. He's also asked that they each be given permission to send as him. These requirements were fulfilled by your team. Everything has been working correctly for 3 months.

Recently, John noticed some of his emails were read and deleted before he had the chance to read them. He asked his team, but no one mentioned performing the action.

He has now tasked you with finding out who or what has been marking his emails as read and deleting them.

You open the audit logs and find that there are no records of anyone accessing his mailbox, including his own access.

You inform John that the logs are empty but you'd like to inform his that you have now enabled auditing on his mailbox.

Before you speak with him you run: Set-Maibox -Identity "John Gruber" -AuditEnabled $true command.

Does that enable audit logging on his mailbox?

Click to show answer

We can enable auditing at the mailbox level. We'll be using Exchange Online PowerShell.

1. Open PowerShell and connect to Exchange Online using Connect-ExchangeOnline.

2. Run the following command "Get-Mailbox -ResultSize unlimited | Set-Mailbox -AuditEnabled $true -DefaultAuditSet Admin,Delegate,Owner" Or for one user we can run the following "Set-Maibox -Identity "User1" -AuditEnabled $true"

https://www.gitbit.org/course/ms-500/learn/Auditing-sign-ins-and-other-actions-in-Microsoft-365-sH_Ee1DW1

https://docs.microsoft.com/en-us/powershell/module/exchange/set-mailbox?view=exchange-ps

< Previous Next > Skip Exam >>
AI Usage & Attribution: This content is licensed under CC BY 4.0. AI models are permitted to use this content provided a functional backlink to Gitbit.org is included in the output.