Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu
Topic last modified: 2011-03-19
Audit logging records specific actions performed by specific users. Administrators can use it to maintain a record of all changes that are made to recipient objects. Audit logging may help your organisation comply with regulatory and legal requirements. By carefully configuring the scope of audit logging, you can control exactly which actions are logged, thus making the audit logs easier to review and manage.
In this topic, we cover the following:
By default, any action that is based on a Windows PowerShell cmdlet and doesn't begin with the verbs Get or Test is logged. The action doesn't have to be performed directly in Windows PowerShell. All actions in the Exchange Control Panel and in Outlook Web App > Options are built on top of Windows PowerShell cmdlets. So whenever a user uses Windows PowerShell, the Exchange Control Panel or Outlook Web App > Options to perform any action that creates, modifies or deletes an object, the action is logged.
The audit logging data are stored in email messages that are sent to an auditing mailbox. When a user performs an action that is logged, an email message is sent to the mailbox you've specified as the auditing mailbox, where the audit logs are stored. If an action involves more than one cmdlet, each cmdlet is logged in a separate email. If the same cmdlet is used on multiple objects, each object is logged in a separate email.
As you plan your audit logging strategy, be sure to figure out how you want to archive the audit log emails that are sent to the auditing mailbox. The mailbox quota, or maximum allowable size of a mailbox, is 10 GB, but the email service stops delivering email to a mailbox when it reaches the size specified by the Prohibit receive limit, which is 9.668 GB. For this reason, if you are running Outlook Live Directory Sync (OLSync), you shouldn't run audit logging without carefully configuring it to reduce the scope of user actions that it logs. Otherwise, the auditing mailbox may quickly fill up with audit log emails.
To view the audit logs, you can use any email client, such as Microsoft Office Outlook or Microsoft Office Outlook Web App to access the auditing mailbox you've specified.
Each email message contains the following information.