[KB] How much time does it take to audit permission changes?
In an ideal world, every employee in an organization would have access only to their own mailbox and not anyone else's. In reality, however, users other than mailbox owners also have access to other mailboxes. These users could be trusted delegates or rogue users. While the former is benign, the latter could wreak havoc on your network.
A rogue user with full access permissions over your CEO's mailbox could result in a lot of negative consequences for your business. To avoid this, you need to be vigilant about changes to mailbox permissions in your organization.
The conventional way to detect permission changes is scripting. A handy PowerShell script to detect permission changes is:
This could take up a lot of your time. Also, scripting requires in-depth PowerShell knowledge and can get complex. Something as simple as a missing comma will make you lose valuable time that can be spent somewhere else.
Search-AdminAuditLog -Cmdlets Add-MailboxFolderPermission,Remove-MailboxPermission -StartDate 09/19/2017 -EndDate 09/24/2017 -IsSuccess $true
How Exchange Reporter Plus helps:
Exchange Reporter Plus has 3 helpful reports using which you can audit changes to send as, full access, and other mailbox permissions. These reports give you details about the:
●Mailbox, domain, and server
●Name of the user who changed the permissions
●Previous and new permissions
●Time of modification
Figure 1: Track mailbox permission changes with Exchange Reporter Plus.
In addition to just reporting on permission changes, you can also configure real-time alerts to be instantly notified when a modification happens.
By comparing the native tools with Exchange Reporter Plus, it is obvious that a simple point and click action gives you granular information in a much more clear cut way than PowerShell scripting. Explore the other reporting, monitoring, and auditing functionalities of Exchange Reporter Plus today!