Enable or Disable Mailbox Audit Logging for a Mailbox

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

By using mailbox audit logging, you can track logons to a mailbox, and also track what actions are taken while the user is logged on. When you enable mailbox audit logging for a mailbox, some actions performed by administrators and delegates are logged by default. None of the actions performed by the mailbox owner are logged. To learn more about mailbox audit logging, see Understanding Mailbox Audit Logging.

Warning

Auditing of mailbox owner actions can generate a large number of mailbox audit log entries. Therefore, this feature is disabled by default. We recommend that you enable auditing only of specific owner actions that are needed to meet business or security requirements.

Note

You can't use the Exchange Management Console (EMC) or the Exchange Control Panel (ECP) to enable or disable mailbox audit logging.

Looking for other management tasks related to mailbox audit logging? Check out Managing Mailbox Audit Logging.

Use the Shell to enable or disable mailbox audit logging

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Mailbox audit logging" entry in the Messaging Policy and Compliance Permissions topic.

This example enables mailbox audit logging for Ben Smith's mailbox.

Set-Mailbox -Identity "Ben Smith" -AuditEnabled $true

This example disables mailbox audit logging for Ben Smith's mailbox.

Set-Mailbox -Identity "Ben Smith" -AuditEnabled $false

For detailed syntax and parameter information, see Set-Mailbox.

Use the Shell to specify logging settings for administrator, delegate, and owner access

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Mailbox audit logging" entry in the Messaging Policy and Compliance Permissions topic.

This example specifies that the SendAs or SendOnBehalf actions performed by delegate users will be logged for Ben Smith's mailbox.

Set-Mailbox -Identity "Ben Smith" -AuditDelegate SendAs,SendOnBehalf -AuditEnabled $true

This example specifies that the MessageBind and FolderBind actions performed by administrators will be logged for Ben Smith's mailbox.

Note

MessageBind and FolderBind actions are not logged for the default Calendar.

Set-Mailbox -Identity "Ben Smith" -AuditAdmin MessageBind,FolderBind -AuditEnabled $true

This example specifies that the HardDelete action performed by the mailbox owner will be logged for Ben Smith's mailbox.

Set-Mailbox -Identity "Ben Smith" -AuditOwner HardDelete -AuditEnabled $true

For detailed syntax and parameter information, see Set-Mailbox.

Other Tasks

After you enable mailbox audit logging, you may also want to:

• Search the Mailbox Audit Log for a Mailbox

• Create a Mailbox Audit Log Search

 © 2010 Microsoft Corporation. All rights reserved.