[Note] This thread was originally posted on MSDN. As the MSDN Exchange Dev forum mainly focuses on developing issues and the TechNet Exchange forums for general questions have been locked down, we manually migrated this one to Microsoft Q&A platform to continue the troubleshooting.
Hi!
I have the following scenario:
I need to register the IP address that accessed a particular mailbox and the access will be done through an outlook client, so I enabled auditing on the mailbox in question and configured it to register the “MailboxLogin” action for Owner:
Set-Mailbox -Identity "Ben Smith" -AuditEnabled $true
Set-Mailbox -Identity "Ben Smith" -AuditOwner MailboxLogin -AuditEnabled $true
But according to the article below, this configuration does not work for NTLM and Kerberos (which is my case):
"Auditing for owner logins to a mailbox works only for POP3, IMAP4, or OAuth logins. It doesn't work for NTLM or Kerberos logins to the mailbox."
https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging?view=exchserver-2016
So far I have not been able to register the IP that accesses this particular mailbox, this is my goal, so if anyone has any idea how to register this information, please let me know.
Best regards,
Renato.