From 850111c79cdd3e8f548619929489ed6d35164c37 Mon Sep 17 00:00:00 2001 From: Arjan Cornelissen Date: Sun, 28 Jul 2019 11:41:58 +0200 Subject: [PATCH] Update to the default auditing settings Updated the code to mirror the new default auditing set of Microsoft as described in https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing Exported the check to a CSV file for large environments. Set-Mailbox on ExternalDirectoryObjectId because this is the Azure AD object and is always unique in the environment --- EnableMailboxAuditing.ps1 | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/EnableMailboxAuditing.ps1 b/EnableMailboxAuditing.ps1 index 6630345..91fbc77 100644 --- a/EnableMailboxAuditing.ps1 +++ b/EnableMailboxAuditing.ps1 @@ -1,4 +1,5 @@ -#This script will enable non-owner mailbox access auditing on every mailbox in your tenancy +#This script will set the auditing to the default Microsoft Set of Auditing +#https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing #First, let's get us a cred! $userCredential = Get-Credential @@ -7,11 +8,15 @@ $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri Import-PSSession $ExoSession -Name Get-Mailbox, Set-Mailbox #Enable global audit logging -foreach ($mailbox in Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"}) +#Get all User, Shared, Room and Discovery mailbox +$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"}) | Select-Object ExternalDirectoryObjectId +foreach ($mailbox in $mailboxes) { try { - Set-Mailbox -Identity $mailbox.DistinguishedName -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems + #Use the ExternalDirectoryObjectId to set the mailbox for setting the correct item + #Set them to the default set + Set-Mailbox -Identity $mailbox.ExternalDirectoryObjectId -AuditEnabled $true -AuditLogAgeLimit 180 -DefaultAuditSet Admin,Delegate,Owner } catch { @@ -20,4 +25,4 @@ foreach ($mailbox in Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDet } #Double-Check It! -Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit +Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit, DefaultAuditSet | Export-Csv -Path mailboxaudit.csv -Delimiter ';'