0 votes

I have a handful of manual PowerShell scripts that I run after a new user is created. Most of these commands can be done using a Business Rule except one. I need to turn on global auditing but I don't see it as an option. Is this something that can be added in a future release? Can I run a PowerShell command in the meantime? The command is below. Thank you!

Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems
by (70 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

I need to turn on global auditing but I don't see it as an option. Is this something that can be added in a future release?

According to the Enable mailbox auditing article, mailbox audit logging is turned on by default for all Microsoft 365 organizations since January 2019. So, there is no necessity to turn it on again. You can configure default settings for mailbox auditing using the Set-OrganizationConfig cmdlet.

Can I run a PowerShell command in the meantime?

You can use the following script to configure mailbox auditing individually:

try
{
    # Get the object ID in Office 365
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    return # The user doesn't have an Office 365 account
}

try
{
    # Connect to Exchange Online
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" `
        -Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
    Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName Set-Mailbox

    # Configure audit
    Set-Mailbox $objectId.ToString() -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, `
                                                                  SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, `
                                                                  MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems    
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Related questions

0 votes
1 answer

I'd like to set up a business rule to automatically enable the Office 365 archiving feature for newly created users. I've found the PowerShell code to do this, but I'm ... get it to connect to our Office 365 account or does it know to use that automatically?

asked Sep 8, 2014 by danftasc (440 points)
0 votes
1 answer

Good afternoon, Is there a script for adding a user to an already existing Office 365 Shared Mailbox? I want to add this script onto the onboarding rules I have added already.

asked May 7 by ocanizales (60 points)
0 votes
1 answer

Hi All, I have an OU ADSynced to Office 365 When I create Shared Mailboxes I basically create the user account sync it to 365 Assign it a license and and set ... only process the below actions if the previous one returned an Operation status of "Completed"

asked Oct 26, 2020 by casey101 (20 points)
0 votes
2 answers

Hi All, Weve switched to Office365 and Im using Adaxes to create users which is working really well. However lots of our users now have remote mailboxes which is all good ... be stored even though the user will be removed from the users list. Thanks, Will

asked Aug 11, 2017 by will17 (350 points)
0 votes
1 answer

Is there a way to use the built-in "Modify Exchange Properties" action to add a mailbox delegate that only resides in the cloud? We can do it via a powershell script, but I ... action. For example, I want to add "Company Administrator" to a user via the GUI:

asked Sep 14, 2015 by yourpp (540 points)
3,588 questions
3,277 answers
8,303 comments
548,089 users