Office365 PowerShell Open Mailbox Audit feature

Recently the head office asked OFFICE365 to open the audit function on all mailboxes. This feature cannot be manipulated through the graphical interface, but only through PowerShell scripting.

Microsoft has provided an official script, but there is a small bug in it.

Https://technet.microsoft.com/en-us/library/dn879651.aspx#step2

When there are multiple user accounts with the same alias, he will be surprised to think that the same name of the account, and can not modify the corresponding several accounts, so it is not recommended to use Get-mailbox | Set-mailbox modifies the data, but manually for the For loop processing.

Another 2 is that Office365 cannot set the default open audit, so all new accounts are not open. Beans can only set a scheduled task, allowing the script to be automatically executed daily to modify the new account settings.

In addition, after the execution, I would like to send a revised account sent me an email notification, and finally windows also wrote me a log for later viewing.

The following is the complete script

#Create  a secure string of the your password#read-host -assecurestring  | convertfrom-securestring > c:\temp\key.txt#check if o365 session  is setup, if not, create a new one$Sessions=Get-PSSessionif  ($ sessions.computername -eq  "outlook.office365.com")  -and  ($Sessions .state -ne  ' Broken ') {    write-host  "Detect existing office365 session, skip .."  -ForegroundColor Cyan}else{         $username  =  "[ Email protected] "     $secureStringPwd  = gc c:\temp\key.txt |  ConvertTo-SecureString     $creds  = New-Object  system.management.automation.pscredential -argumentlist  $username,  $secureStringPwd       $ExoSession &NBSP;=&NBSP;NEW-PSSession -configurationname microsoft.exchange -connectionuri https://outlook.office365.com/ powershell-liveid/ -credential  $creds  -Authentication Basic -AllowRedirection     Import-PSSession  $ExoSession} #Find  mailboxes that haven ' t enabled  auditing$users=get-mailbox -Filter {AuditEnabled -eq  $false} | select  name, alias, auditenabled, auditlogagelimit, distinguishednameforeach ($user  in   $users) {    try{        set-mailbox $ user.distinguishedname -auditenabled  $true  -AuditLogAgeLimit 365 -AuditOwner  create,harddelete,mailboxlogin,movetodeleteditems,softdelete,update -erroraction stop        # Create a Windows Eventlog if needed          $username = $user. Name        write-eventlog  -logname   ' Application '  -Source  ' application '  -eventid 666 -entrytype information  -Message  "$username  maibox auditing is enabled"           }    catch{         write-eventlog  -logname  ' Application '  -Source  ' application '  -eventid 667  -EntryType Error -Message  "$user  mailbox auditing is failed to  enable "&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;}&NBSP;&NBSP;} #There  are two ways to check  the resut, event viewer or email#check again if the status  is changed  $result =foreach ($user  in  $users) {    get-mailbox   $user. Name | select name, alias, auditenabled, auditlogagelimit, distinguishedname}  #Send   email to the admin$from =  "[email protected]" $to  =  "[email  Protected] "$smtp  =  smtp.office365.com"   $sub  =  "Auditing list"  $ securestringpwd = gc c:\temp\key.txt | convertto-securestring$creds =  new-object system.management.automation.pscredential -argumentlist  $username,  $ securestringpwd$date=get-date  $htmlbody = $result | convertto-html -body  " <H1>   $date  Mailbox Auditing Enabled record </H1> " -cssuri c:\tmp\ table.css send-mailmessage -to  $to  -From  $from  -Subject  $sub  -body   ($htmlbody | out-string)  -Credential  $creds  -SmtpServer  $smtp  -DeliveryNotificationOption  never -bodyashtml -usessl -port 587  #Check  from Event Viewertry{     $eventcritea  =  @{logname= ' Application ';id=666}     $Events  =get-winevent -filterhashtable   $eventcritea  -ErrorAction Stop    ForEach  ($Event  in $ Events)  {                          $eventXML  = [xml] $Event. TOXML ()                          $Event  | Add-Member -MemberType NoteProperty -Force -Name   information -value  $eventXML .event.eventdata.data                       $Event .information               }            }catch  [system. exception] {         "Couldn ' t fine any mailbox  auditing logs "}     $events  | select information, id,  Logname, timecreated| out-gridview -title status

Test results

Get the Windows log

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M01/9E/90/wKiom1mShjLBa8dSAAC8P4ocmk8510.jpg "style=" float : none; "title=" AA. JPG "alt=" Wkiom1mshjlba8dsaac8p4ocmk8510.jpg "/>

Notification of incoming mail

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/9E/7E/wKioL1mShjOQQ0OTAAGkn3iYXIs147.jpg "style=" float : none; "title=" BBB. JPG "alt=" Wkiol1mshjoqq0otaagkn3iyxis147.jpg "/>

After 2 days, make sure the status has changed on the Https://securescore.office.com/#!/score!

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M00/9E/90/wKiom1mShr6BO1iuAACfH_2vTRM821.jpg "title=" CCCC. JPG "alt=" Wkiom1mshr6bo1iuaacfh_2vtrm821.jpg "/>

This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1956406

Office365 PowerShell opens the mailbox Audit feature