You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Microsoft365/purview/purview/audit-logs/mailbox-audit-logs.md
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: How to use mailbox audit logs in Microsoft 365
2
+
title: Use mailbox audit logs in Microsoft 365
3
3
description: Describes how to use mailbox audit logs to determine when a mailbox was updated unexpectedly or whether items are missing in Microsoft 365 dedicated.
4
4
author: Cloud-Writer
5
5
ms.author: meerak
@@ -18,19 +18,18 @@ search.appverid: MET150
18
18
ms.date: 05/05/2025
19
19
---
20
20
21
-
# How to use mailbox audit logs in Microsoft 365
21
+
# Use mailbox audit logs in Microsoft 365
22
22
23
23
In Microsoft 365, you can run mailbox audit logs to determine when a mailbox was updated unexpectedly or whether items are missing from a mailbox. For example, you may have to do this if items are moved or if they're deleted unexpectedly or incorrectly.
24
24
25
25
**Note**: For the vNext environment, by default, mailbox audit logs aren't enabled. The feature must be turned on in order for a user to begin a search.
26
26
27
-
## How to run and check mailbox audit logs
27
+
## Run mailbox audit logs
28
28
29
29
Mailbox audit logging lets users obtain information about actions that are performed by non-owners and administrators. Mailbox audit logging is available to members of the Audit Reporting Mailbox self-service group only by using Windows Remote PowerShell.
30
30
31
31
> [!NOTE]
32
-
> - Mailbox audit logging is turned on by default in all organizations. When mailbox auditing on by default is turned on for the organization, the _AuditEnabled_ property for affected mailboxes doesn't change from __False__ to __True__. In other words, mailbox auditing on by default ignores the _AuditEnabled_ property on mailboxes.
33
-
> - Some organizations might not allow you to use mailbox audit logging. In this case, the feature will be turned off for you.
32
+
> Some organizations might not allow you to use mailbox audit logging. In this case, the feature will be turned off for you.
34
33
35
34
To investigate this issue, create and use a Windows PowerShell script by using the sample script that's provided in Step 1 in this section, and then customize a search. By default, you can investigate actions that are performed by non-owners and administrators. This script exports content in a simplified, comma-separated values (.csv) file to help you troubleshoot reports about items that are missing or that were updated unexpectedly.
36
35
@@ -204,7 +203,7 @@ The most useful columns of the .csv file are exported. Some of these columns are
204
203
|OperationResult|Status of the operation</br></br>**Note** Operation results include the following: </br>- Failed </br>- PartiallySucceeded </br>- Succeeded |
205
204
|CrossMailboxOperation|Information about whether the operation that's logged is a cross-mailbox operation (for example, copying or moving messages among mailboxes) |
206
205
207
-
### More information about mailbox audit logging
206
+
### Use Windows Remote PowerShell
208
207
209
208
- The **Search-MailboxAuditLog** cmdlet is used in the sample script in Step 1 to search a single mailbox synchronously. You can do this also by running the cmdlet in Windows Remote PowerShell.
0 commit comments