You have a Microsoft 365 subscription.
You have a user named John Gruber. Several users have full access to the mailbox of John Gruber.
Some email messages sent to John Gruber appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of John Gruber, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of John Gruber. You run the Set-Maibox -Identity "John Gruber" -AuditEnabled $true command. Does that
meet the goal?
We can enable auditing at the mailbox level. We'll be using Exchange Online PowerShell.
1. Open PowerShell and connect to Exchange Online using Connect-ExchangeOnline.
2. Run the following command "Get-Mailbox -ResultSize unlimited | Set-Mailbox -AuditEnabled $true -DefaultAuditSet Admin,Delegate,Owner" Or for one user we can run the following "Set-Maibox -Identity "User1" -AuditEnabled $true"