There are two types of Exchange non-owners who are authorized to access users' mailboxes for security and maintenance - administrators and delegated users.
Therefore, we cannot say for sure that every non-owner mailbox access in Exchange indicates a security breach. That's why it's essential to validate whether non-owner mailbox activities are in line with the business context to accurately identify anomalies.
This is where Exchange Reporter Plus' reporting and auditing capabilities step in.
What does Exchange Reporter Plus provide?
Exchange Reporter Plus' non-owner activity on mailbox report provides details on who accessed which mailbox and when. It also provides details on the operation performed by the non-owner, the device used to access the mailbox, and more.
Using the search option in the report, you can quickly filter unauthorized non-owners who have accessed the users' mailboxes.
Steps to generate the Non-Owner Activity on Mailbox report
- Go to the Auditing tab.
- Choose Advance Audit Reports form the left pane.
- Select Non-Owner Activity on Mailboxes under the Mailbox Audit Logging category.
You can export the report to PDF, CSV, XLS or HTML formats, and create a scheduler to send the reports to your inbox at regular intervals.
to know more about Exchange Reporter Plus.