Learn more about auditing reports

  • Article

 

Applies to: Exchange Online, Exchange Server 2013

Use the Auditing page in the Exchange Admin Center (EAC) to troubleshoot configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements. Microsoft Exchange provides two types of audit logging:

  • Administrator audit logging records any action an administrator performs that is based on an Exchange Management Shell cmdlet. This can help you troubleshoot configuration issues or identify the cause of security-related or compliance-related problems. These actions are saved to the administrator audit log.

  • Mailbox audit logging records when a mailbox is accessed by the owner or by someone other than the person who owns the mailbox. This can help you determine who has accessed a mailbox and what they’ve done. These entries are saved to the mailbox audit log.

    Important

    You have to enable mailbox audit logging for each mailbox so that audited events are saved to the audit log for that mailbox. If mailbox audit logging isn't enabled for a mailbox, events for that mailbox won’t be saved in the audit log. For more information, see Enable mailbox auditing in Office 365.

You can search for and export entries from the administrator and mailbox audit logs on the Auditing page. When you export your search results, Exchange saves them in an XML file and attaches it to an email message.

You can also run the following reports on the Auditing page. When you run a report, the results are displayed in the details pane.

  • Non-owner mailbox access report   Use this report to find mailboxes that have been accessed by someone other than the person who owns the mailbox. If you have a cloud-based Exchange organization, you can also use this report to determine if mailbox data in your cloud-based organization is being accessed by Microsoft datacenter personnel.

  • Administrator role group report   Use this report to search for changes made to administrator role groups.

  • In-place discovery and hold report   Use this report to find mailboxes that have been put on, or removed from, In-Place Hold.

  • Per-mailbox litigation hold report   Use this report to find mailboxes that have been put on, or removed from, litigation hold.

For more information

Exchange auditing reports

Auditing reports in EOP

Run an administrator role group report in EOP

View the administrator audit log