This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 9%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I was wondering if there is any audit log for 365 defender admin activities.
Eg reviewing who previewed which email from threat explorer, who shared quarantined email with whom.
Cheers
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Sksks0909 ,
Just checking in to see how things are going on with this thread.
If the reply was helpful, you can click the "Accept Answer" button under this post so that other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back.
Hi,
You should be able to access the Defender logs via the Defender Portal:
https://security.microsoft.com/
I hope this answers your question.
---------------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--
Hi @Sksks0909 ,
As far as I know, you could view who accessed this mailbox by getting the audit logs or mailbox audit logs. However , you can't log which messages are previewed unless the user makes specific modifications to this message.
who shared quarantined email with whom.
I want to know if admin has assigned a quarantine policy to prevent users from managing their own quarantined phishing messages?
Quarantine policies - Office 365 | Microsoft Learn
If not, I would suggest you could use Get-MessageTrace cmdlet to search message data for the last 10 days . Or use message trace in EAC to query mail flow within your organization.
Message trace in the modern EAC in Exchange Online | Microsoft Learn
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
