Office365 PowerShell Open Mailbox Audit feature

Source: Internet
Author: User
Tags argumentlist sessions

Recently the head office asked OFFICE365 to open the audit function on all mailboxes. This feature cannot be manipulated through the graphical interface, but only through PowerShell scripting.


Microsoft has provided an official script, but there is a small bug in it.

Https://technet.microsoft.com/en-us/library/dn879651.aspx#step2


When there are multiple user accounts with the same alias, he will be surprised to think that the same name of the account, and can not modify the corresponding several accounts, so it is not recommended to use Get-mailbox | Set-mailbox modifies the data, but manually for the For loop processing.


Another 2 is that Office365 cannot set the default open audit, so all new accounts are not open. Beans can only set a scheduled task, allowing the script to be automatically executed daily to modify the new account settings.


In addition, after the execution, I would like to send a revised account sent me an email notification, and finally windows also wrote me a log for later viewing.


The following is the complete script

#Create  a secure string of the your password#read-host -assecurestring  | convertfrom-securestring > c:\temp\key.txt#check if o365 session  is setup, if not, create a new one$Sessions=Get-PSSessionif  ($ sessions.computername -eq  "outlook.office365.com")  -and  ($Sessions .state -ne  ' Broken ') {    write-host  "Detect existing office365 session, skip .."  -ForegroundColor Cyan}else{         $username  =  "[ Email protected] "     $secureStringPwd  = gc c:\temp\key.txt |  ConvertTo-SecureString     $creds  = New-Object  system.management.automation.pscredential -argumentlist  $username,  $secureStringPwd       $ExoSession &NBSP;=&NBSP;NEW-PSSession -configurationname microsoft.exchange -connectionuri https://outlook.office365.com/ powershell-liveid/ -credential  $creds  -Authentication Basic -AllowRedirection     Import-PSSession  $ExoSession} #Find  mailboxes that haven ' t enabled  auditing$users=get-mailbox -Filter {AuditEnabled -eq  $false} | select  name, alias, auditenabled, auditlogagelimit, distinguishednameforeach ($user  in   $users) {    try{        set-mailbox $ user.distinguishedname -auditenabled  $true  -AuditLogAgeLimit 365 -AuditOwner  create,harddelete,mailboxlogin,movetodeleteditems,softdelete,update -erroraction stop        # Create a Windows Eventlog if needed          $username = $user. Name        write-eventlog  -logname   ' Application '  -Source  ' application '  -eventid 666 -entrytype information  -Message  "$username  maibox auditing is enabled"           }    catch{         write-eventlog  -logname  ' Application '  -Source  ' application '  -eventid 667  -EntryType Error -Message  "$user  mailbox auditing is failed to  enable "&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;}&NBSP;&NBSP;} #There  are two ways to check  the resut, event viewer or email#check again if the status  is changed  $result =foreach ($user  in  $users) {    get-mailbox   $user. Name | select name, alias, auditenabled, auditlogagelimit, distinguishedname}  #Send   email to the admin$from =  "[email protected]" $to  =  "[email  Protected] "$smtp  =  smtp.office365.com"   $sub  =  "Auditing list"  $ securestringpwd = gc c:\temp\key.txt | convertto-securestring$creds =  new-object system.management.automation.pscredential -argumentlist  $username,  $ securestringpwd$date=get-date  $htmlbody = $result | convertto-html -body  " <H1>   $date  Mailbox Auditing Enabled record </H1> " -cssuri c:\tmp\ table.css send-mailmessage -to  $to  -From  $from  -Subject  $sub  -body   ($htmlbody | out-string)  -Credential  $creds  -SmtpServer  $smtp  -DeliveryNotificationOption  never -bodyashtml -usessl -port 587  #Check  from Event Viewertry{     $eventcritea  =  @{logname= ' Application ';id=666}     $Events  =get-winevent -filterhashtable   $eventcritea  -ErrorAction Stop    ForEach  ($Event  in $ Events)  {                          $eventXML  = [xml] $Event. TOXML ()                          $Event  | Add-Member -MemberType NoteProperty -Force -Name   information -value  $eventXML .event.eventdata.data                       $Event .information               }            }catch  [system. exception] {         "Couldn ' t fine any mailbox  auditing logs "}     $events  | select information, id,  Logname, timecreated| out-gridview -title status


Test results


Get the Windows log

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M01/9E/90/wKiom1mShjLBa8dSAAC8P4ocmk8510.jpg "style=" float : none; "title=" AA. JPG "alt=" Wkiom1mshjlba8dsaac8p4ocmk8510.jpg "/>



Notification of incoming mail

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/9E/7E/wKioL1mShjOQQ0OTAAGkn3iYXIs147.jpg "style=" float : none; "title=" BBB. JPG "alt=" Wkiol1mshjoqq0otaagkn3iyxis147.jpg "/>


After 2 days, make sure the status has changed on the Https://securescore.office.com/#!/score!


650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M00/9E/90/wKiom1mShr6BO1iuAACfH_2vTRM821.jpg "title=" CCCC. JPG "alt=" Wkiom1mshr6bo1iuaacfh_2vtrm821.jpg "/>

This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1956406

Office365 PowerShell opens the mailbox Audit feature

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.