Audit logging track who clicked what, and when. It enables organizations to answer questions such as "Who deleted that shared mailbox?", and "Why doesn't user X have permissions for resource Y anymore?" As you can imagine, this puts significant strain on the cloud servers and is not enabled by default.; the lean state of the Office 365 tenant servers is called "dehydrated", and the enhanced mode is "hydrated". Microsoft do not charge any extra if you do enable it, so here's how to do it!
- Connect to Exchange Online via PowerShell
- Enable "OrganizationCustomization"
- Use the Office 365 admin UI to enable audit logging
PowerShell with Exchange Online Management
If your Office 365 admin account has MFA enabled, you will need to connect using Exchange Online Management - get it at https://www.powershellgallery.com/packages/ExchangeOnlineManagement- see full docs here: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell
For MFA-enabled admin accounts:
Connect-ExchangeOnline -UserPrincipalName admin@companyname.onmicrosoft.com Enable-OrganizationCustomization Exit
For non-MFA accounts, launch PowerShell as a local administrator, and run the following commands:
set-executionpolicy unrestricted $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session Enable-OrganizationCustomization Exit
Security & Compliance
(You may need to allow an hour for the PowerShell
Log on to https://security.microsoft.com/ as an administrator
Navigate to Permissions
Under the Roles for both Azure AD and Email, add at least 1 admin user (usually yourself!)
The Microsoft 365 tenant is now enabled for extensive audit logging. Note: logging begins from the time it is enabled.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article