Export (0) Print
Expand All

Bypass a User Account From Mailbox Audit Logging

Exchange 2010
 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

When you enable mailbox audit logging for a mailbox, specified mailbox access events (for example, accessing a folder or a message, or permanently deleting a message) are logged. However, access by some authorized accounts, such as accounts used by third-party tools or accounts used for lawful monitoring, can create a large number of mailbox audit log entries and may not be of interest to your organization.

You can configure a user or computer account to bypass mailbox audit logging, so actions taken by that user or account for any mailbox aren't logged. By bypassing trusted user or computer accounts that need frequent access to mailboxes, you can reduce the noise in mailbox audit logs.

noteNote:
When an account is configured to bypass mailbox audit logging, access to any mailbox by that account won't be logged. You can't configure an account to bypass the logging of access to a specific mailbox.
CautionCaution:
If you use mailbox audit logging to audit mailbox access and actions, you must monitor mailbox audit bypass associations at regular intervals. If a mailbox audit bypass association is added for an account, the account can access any mailbox in the organization to which it has been assigned permissions, without any mailbox audit logging entries being generated for such access or any actions taken (such as message deletions).

Looking for other management tasks related to mailbox audit logging? Check out Managing Mailbox Audit Logging.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Mailbox audit logging" entry in the Messaging Policy and Compliance Permissions topic.

noteNote:
You can't use the EMC to enable mailbox audit logging bypass for an account.

This example enables mailbox audit logging bypass for the ServiceAccess account.

Set-MailboxAuditBypassAssociation -Identity "ServiceAccess" -AuditBypassEnabled $true

For detailed syntax and parameter information, see Set-MailboxAuditBypassAssociation.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Mailbox audit logging" entry in the Messaging Policy and Compliance Permissions topic.

noteNote:
You can't use the EMC to disable mailbox audit logging bypass for an account.

This example disables mailbox audit logging bypass for the ServiceAccess account.

Set-MailboxAuditBypassAssociation -Identity "ServiceAccess" -AuditBypassEnabled $false

For detailed syntax and parameter information, see Set-MailboxAuditBypassAssociation.

After you enable or disable mailbox audit logging bypass for a user or computer account, you may also want to:

 © 2010 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft