Configuring Settings for On-Premises Exchange

Enabling Mailbox Auditing for Exchange Server 2016

  1. Start the Windows PowerShell.

  2. Enable mailbox logging and configure auditing of user mailboxes for your on-premises Exchange organization by running the following commands:

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditLogAgeLimit 365 -AuditEnabled $true

    Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * -AdminAuditLogParameters * -AdminAuditLogExcludedCmdlets $null -Force -LogLevel Verbose -TestCmdletLoggingEnabled $true -AdminAuditLogAgeLimit 365

  3. Specify activity to be audited. Run commands:

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditOwner Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, Create, MailboxLogin

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditDelegate Update,Move,Create,MoveToDeletedItems,SoftDelete,HardDelete,FolderBind,SendAs,SendOnBehalf

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditAdmin Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, FolderBind, SendAs, SendOnBehalf, Create,Copy,MessageBind

Enabling Mailbox Auditing for Exchange Server 2019

  1. Start the Windows PowerShell.

  2. Enable mailbox logging and configure auditing of user mailboxes for your on-premises Exchange organization by running the following commands:

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditLogAgeLimit 365 -AuditEnabled $true

    Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * -AdminAuditLogParameters * -AdminAuditLogExcludedCmdlets $null -Force -LogLevel Verbose -TestCmdletLoggingEnabled $true -AdminAuditLogAgeLimit 365

  3. Specify activity to be audited. Run commands:

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditOwner Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, Create, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation, MailboxLogin

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditDelegate Update,Move,Create,MoveToDeletedItems,SoftDelete,HardDelete,FolderBind,SendAs,SendOnBehalf

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditAdmin Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, FolderBind, SendAs, SendOnBehalf, Create, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation,Copy,MessageBind

Granting Permissions

  1. Navigate to Exchange admin center / Permissions.

  2. Assign the Compliance Management and Organization Management admin role groups to the collector account (the one Cygna Auditor can use to collect data from Exchange).

Enabling PowerShell Authentication

  1. Navigate to Exchange admin center / Servers and select Virtual directories.

  2. Configure as follows:

    • Select servers: All servers

    • Select type: PowerShell

  3. Select PowerShell (Default Web Site), proceed to the Authentication tab, and enable Basic authentication.

Continue reading:

On-Premises Exchange