Exchange Online Protection Reports

demn

Exchange Online Protection Reports

MicrosoftExchange Online Protection (EOP) is acloud-based email filtering service that can helpsafeguard your company from spam andmalware.EOP includes featuresto protect your companyfrommessaging-policy abuse. EOP canbe used for messaging protection in thefollowing situations:

• In a stand-alone scenario. EOP provides cloudbasedemail protection for your on-premisesMicrosoft Exchange Server 2013 environment,legacy Exchange Server versions, or for anyother on-premises SMTP email solution.
  
• As a part of Microsoft Exchange Online. By default, EOP protects Microsoft Exchange Online cloudhostedmailboxes.
  
• In a hybrid deployment. EOP can be configured to protect your messaging environment and controlmail routing when you have a mix of on-premises and cloud mailboxes.
  

EOPauditing reports can help your organization meet regulatory, compliance, andlitigation requirementsbydetermining what changes have been made to the configuration of EOP. Auditingreports can help youtroubleshootissues with configuration and determine the cause of security-related orcompliance-relatedproblems.

Thefour auditing reports available in the Exchange admin center are the same asthe four auditingreportsdiscussed earlier in the Office 365 admin center, but with slightly differentnames in the userinterface.

To accessthe Exchange Online Protection auditing reports:

• In the Office 365 admin center, click Admin, then click Exchange.
  
• In the left menu, click compliance management.
  
• On the compliance management page, click auditing.
  
• Select one of the following reports:
  
  
  
  • Non-owner mailbox access report
    
  • Administrator role group report
    
  • In-Place eDiscovery and Hold report
    
  • Per-mailbox litigation hold report
    
  
  

Fromthe auditing section you can also export mailbox audit logs, view and exportthe administrator auditlog,and view the datacenter admin log.

Enable Mailbox Audit Logging

Youhave to enable mailbox audit logging for each mailbox that you want to run aNon-owner MailboxAccess reportfor. If mailbox audit logging is not enabled for amailbox, you will not receive any resultswhen you run a report for it or export the mailbox audit log.

To enablemailbox audit logging for a single user’s mailbox:

• Open Windows PowerShell.
  
• At the prompt, type the following command and press Enter:Set-Mailbox user@domainname.com -AuditEnabled $true
  

To enablemailbox audit logging for all users’ mailboxes:

• Open Windows PowerShell.
  
• At the prompt, type the following command and press Enter:$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')}
  
• At the prompt, type the following command and press Enter:$UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}
  

Windows PowerShell Reporting in Exchange Online

Thereare several Windows PowerShell cmdlets thatyou can use for reporting purposes in ExchangeOnline.

Auditing Cmdlets

Youcan use the following Windows PowerShellcmdlets to configure audit logging, and to view theaudit logs:



Message Tracking Cmdlets

Youcan use the following Windows PowerShell cmdlets to track delivery informationabout messages sentby, orreceived from, any specific mailbox in your organization:



General Reporting Cmdlets

You canuse the following Windows PowerShell cmdlets for general reporting in ExchangeOnline: