Go Up
You are here: DeploymentConfigure IT InfrastructureExchangeConfigure Exchange for Monitoring Mailbox Access

Configure Exchange for Monitoring Mailbox Access

Netwrix Auditor allows tracking non-owner mailbox access in your Exchange organization. Review the following procedures:

To configure mailbox access tracking for 2010 manually

NOTE: Perform the procedure below only if you do not want to enable network traffic compression option when setting up Exchange monitoring in Netwrix Auditor.

  1. On the computer where the monitored Exchange server is installed, navigate to Start Programs Exchange Management Shell.
  2. Execute the following command:

    Set-EventLogLevel "MSExchangeIS\9000 Private\Logons" –Level Low

  3. Navigate to Start Run and type "services.msc". In the Services snap-in, locate the Microsoft Exchange Information Store service and restart it.

To configure mailbox access tracking for Exchange 2013 and 2016 manually

NOTE: Perform the procedures below only if you do not want to enable the automatic audit configuration option when setting up monitoring in Netwrix Auditor.

You can configure auditing for:

  • All user, shared, linked, equipment, and room mailboxes
  • Selected mailboxes
Track... Steps...

All mailboxes

 

  1. On the computer where the monitored Exchange server is installed, navigate to Start Programs Exchange Management Shell.

  2. Execute the following command:

    Get-MailboxDatabase -Server {0} | foreach { Get-Mailbox -RecipientTypeDetails UserMailbox,SharedMailbox,EquipmentMailbox,LinkedMailbox,RoomMailbox | Set-Mailbox -AuditEnabled $true -AuditAdmin Update,Copy,Move,MoveToDeletedItems,SoftDelete,HardDelete,FolderBind,SendAs,
    SendOnBehalf,MessageBind,Create
    -AuditDelegate Update,Move,MoveToDeletedItems,SoftDelete,HardDelete,FolderBind,SendAs,SendOnBehalf,Create }

    Where the {0} character must be replaced with your audited server FQDN name (e.g., stationexchange.enterprise.local).

NOTE: If you are going to audit multiple Exchange servers, repeat these steps for each audited Exchange.

Selected mailbox

  1. On the computer where the monitored Exchange server is installed, navigate to Start Programs Exchange Management Shell.

  2. Execute the following command:

    Set-Mailbox -Identity {0} -AuditEnabled $true -AuditAdmin Update,Copy,Move,MoveToDeletedItems,SoftDelete,HardDelete,FolderBind,SendAs,SendOnBehalf,MessageBind,Create -AuditDelegate Update,Move,MoveToDeletedItems,SoftDelete,HardDelete,FolderBind,SendAs,SendOnBehalf,Create

    Where the {0} character must be replaced with one of the following:

    • Display Name. Example: "Michael Jones"
    • Domain\User. Example: enterprise.local\MJones
    • GUID. Example: {c43a7694-ba06-46d2-ac9b-205f25dfb32d}
    • (DN) Distinguished name. Example: CN=MJones,CN=Users,DC=enterprisedc1,DC=enterprise,DC=local
    • User Principal Name. Example: MJones@enterprise.local

NOTE: If you are going to audit multiple individual mailboxes, repeat these steps for each mailbox on each Exchange server.

Go Up