Executive mailboxes are full of secret and potentially damaging information. It's unacceptable to not know if someone is reading the CEO's mailbox or otherwise tampering with it. You will find out eventually, but your SIEM should be the one to tell you – not the Wall Street Journal.
Whether you use Exchange on-prem or Exchange Online – mailbox auditing is NOT a simple matter of collecting a TXT or EVTX file. Both Exchange on-prem and Exchange Online in Office 365 can audit non-owner mailbox access, but the methods for configuration and log collection are significantly different. Both allow you to manually run reports on mailbox access, but that doesn’t fit most enterprise requirements for automated monitoring and near real-time alerting. So usually folks I talk to are more interested in how they can get non-owner mailbox access events out of Exchange/Office 365 for analysis.
In this webinar, I’ll show you how both products work:
- Exchange on-prem provides mailbox auditing through the Exchange admin web portal and PowerShell.
- Exchange Online surfaces the same data via the Office 365 portal and the Unified Audit Log.
The data is similar but there are differences that you need to understand and some important caveats - if you collect Exchange audit data the wrong way you will miss wide swaths of activity without knowing it.
I’ll also explain the actual events logged. Exchange monitors:
- Mailbox folder views
- Individual message views (but only in certain cases that I’ll explain)
- Copy
- Create
- Move
- Update
- SendOnBehalf
- SendAs
- Delete
I’ll explain how Exchange prevents a deluge of duplicate view events when a user is perusing a given folder in someone else’s mailbox.
I’ll also show you how Exchange differentiates between what it considers Delegate access and access by privileged administrators. And I’ll point out important PowerShell commands admins can run that bypass mailbox auditing, and how to catch those with a different log in Exchange and Office 365. That and lots of other things arcane to Exchange mailbox auditing.
Quest Software is sponsoring this webinar, and I think you’ll like seeing how easy they make it to monitor, report and alert on non-owner mailbox access, whether you use on-prem Exchange, Office 365, or a hybrid environment of both.
Please join us for this real training for free event.