audit public folders

IniobongNkanga-8038 266 Reputation points


Please i need your help on this issue. 

When trying to run audits, results are not showing.


I would like to know how to audit public folders. 


Also i am not getting the desire results when i try to search for audit logs for compliance mailboxes.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,957 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,992 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Khaled El-Sayed Mohamed 1,160 Reputation points

    Hi I8 if we will talk about Exchange, try: Auditing Public Folders: To audit public folder deletions in Exchange Online, follow these steps:

    1. Login to the Microsoft Purview Compliance portal
    2. Select Audit.
    3. Specify the date range for which you want to search for auditing entries.
    4. Under Record types, select Public Folder.
    5. Provide a meaningful search name and click on Search.
    6. The search results will appear, and you can also export them if needed.
    7. Searching Audit Logs for Compliance Mailboxes:  To search mailbox audit logs for compliance mailboxes, you can use the Search-MailboxAuditLog cmdlet in Exchange PowerShell. Here’s an example:
    Search-MailboxAuditLog -Identity "demo" -LogonTypes Admin,Delegate -StartDate 1/1/2018 -EndDate 12/31/2018 -ResultSize 2000

    Replace "demo" with the actual mailbox identity and adjust the date range as needed Remember to ensure that you have the necessary permissions to run these commands.

    Also there are a few reasons you might not be seeing results when trying to audit public folders and compliance mailboxes. Here's how to troubleshoot:

    Public Folder Audits:

    Native limitations: Unfortunately, native auditing for public folders in Exchange Server is limited. It doesn't track specific user actions like who moved or deleted emails. Here are some alternative approaches:

    Third-party tools: Consider third-party auditing tools designed for Exchange servers. These can provide more granular tracking of public folder activity. Permission monitoring: Tighten permission controls on public folders. Restrict access and monitor who has editing or deletion privileges. Compliance Mailbox Audits:

    Audit Logging Enabled: Double-check that mailbox audit logging is enabled for the specific compliance mailboxes you're interested in. You can usually manage this through the Exchange admin center or PowerShell.

    Retention Period: Ensure the audit log retention period covers the timeframe you're searching for. Logs might be automatically purged after a set period (often 90 days in Exchange Online).

    Search Filters: Refine your search filters within the audit logs. Specify relevant dates, user accounts, or mailbox activities to narrow down the results.

    Here are some resources to help further:

    Manage mailbox auditing: Audit logs at email / user level on public folders (Exchange 2010): (While this is for an older version, it might offer some insights) Additional Tips:

    Contact your IT admin: If you're unsure about auditing configurations or have limited access, contact your IT administrator for assistance. Microsoft Documentation: Refer to the official Microsoft documentation for your specific version of Exchange for detailed instructions on enabling and searching audit logs.

    0 comments No comments

  2. Neuvi Jiang 230 Reputation points Microsoft Vendor

    Hi IniobongNkanga-8038,

    Thank you for posting on the Q&A Forum.

    For auditing public folders, you can set up and query as follows:

    Setting up public folder auditing: Using Exchange Admin Center or Exchange PowerShell, you can enable auditing for public folders. You can configure auditing policies to track access, changes, and other activities on public folders.

    Querying audit logs: Using Exchange Admin Center or Exchange PowerShell, you can query audit logs to view activities on public folders. Make sure to use the correct filtering criteria during the query process to obtain the desired results.

    For searching audit logs for compliance mailboxes, you may need to ensure the following:

    Audit for compliance mailboxes is enabled: Ensure that auditing functionality for the required compliance mailboxes is enabled. This can be done through Exchange Admin Center or Exchange PowerShell.

    Correct search criteria: When searching audit logs for compliance mailboxes, ensure that you use the correct mailbox identifiers and time ranges. This helps ensure that you obtain the desired results.

    Check permissions: Ensure that you have sufficient permissions to search and view audit logs for compliance mailboxes. If you are a compliance administrator or global administrator, you should have the necessary permissions.

    All the best

    Neuvi Jiang