Exchange Online Protection Reports

Exchange Online Protection Reports
 
MicrosoftExchange Online Protection (EOP) is a
cloud-based email filtering service that can help
safeguard your company from spam andmalware.
EOP includes featuresto protect your company
frommessaging-policy abuse.
EOP canbe used for messaging protection in the
following situations:
In a stand-alone scenario. EOP provides cloudbased
email protection for your on-premises
Microsoft Exchange Server 2013 environment,
legacy Exchange Server versions, or for any
other on-premises SMTP email solution.

As a part of Microsoft Exchange Online. By default, EOP protects Microsoft Exchange Online cloudhosted
mailboxes.

In a hybrid deployment. EOP can be configured to protect your messaging environment and control
mail routing when you have a mix of on-premises and cloud mailboxes.

 
EOPauditing reports can help your organization meet regulatory, compliance, andlitigation requirements
bydetermining what changes have been made to the configuration of EOP. Auditingreports can help you
troubleshootissues with configuration and determine the cause of security-related orcompliance-related
problems.
 
Thefour auditing reports available in the Exchange admin center are the same asthe four auditing
reportsdiscussed earlier in the Office 365 admin center, but with slightly differentnames in the user
interface.
 
To accessthe Exchange Online Protection auditing reports:
 
In the Office 365 admin center, click Admin, then click Exchange.

In the left menu, click compliance management.

On the compliance management page, click auditing.

Select one of the following reports:
Non-owner mailbox access report

Administrator role group report

In-Place eDiscovery and Hold report

Per-mailbox litigation hold report

Fromthe auditing section you can also export mailbox audit logs, view and exportthe administrator audit
log,and view the datacenter admin log.
 
Enable Mailbox Audit Logging
 
Youhave to enable mailbox audit logging for each mailbox that you want to run aNon-owner Mailbox
Access reportfor. If mailbox audit logging is not enabled for a
mailbox, you will not receive any results
when you run a report for it or export the mailbox audit log.
 
To enablemailbox audit logging for a single user’s mailbox:
 
 Open Windows PowerShell.

At the prompt, type the following command and press Enter:Set-Mailbox user@domainname.com -AuditEnabled $true
 
To enablemailbox audit logging for all users’ mailboxes:
 
Open Windows PowerShell.

At the prompt, type the following command and press Enter:
$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')}

At the prompt, type the following command and press Enter:
$UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}
 
Windows PowerShell Reporting in Exchange Online
 
Thereare several Windows PowerShell cmdlets that
you can use for reporting purposes in Exchange
Online.
 
Auditing Cmdlets
 
Youcan use the following Windows PowerShell
cmdlets to configure audit logging, and to view the
audit logs:
 



 
Message Tracking Cmdlets
 
Youcan use the following Windows PowerShell cmdlets to track delivery informationabout messages sent
by, orreceived from, any specific mailbox in your organization:
 



 
General Reporting Cmdlets
 
You canuse the following Windows PowerShell cmdlets for general reporting in ExchangeOnline: