Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu
Topic Last Modified: 2011-03-19
When an administrator changes a role group, Microsoft Exchange logs information about this action in the administrator audit log. When you run the Administrator Role Group report, entries form this log are displayed as search results and include the role groups that have been changed, who changed them and when, and what changes were made. Use this report to monitor changes to the administrative permissions assigned to users in your organization.
Administrator role groups are used to assign administrative permissions to users, which allow users to perform administrative tasks in your organization, such as resetting passwords, creating or modifying mailboxes, and assigning administrative permissions to other users. For more information, see Administrator Role Groups in Exchange Online.
The administrator role group report logs the following types of changes:
-
Creating, copying, and deleting a role group
-
Adding and removing members
Run an administrator role group report
-
Select Manage My Organization > Roles & Auditing > Auditing.
-
Click Run an administrator role group report.
Microsoft Exchange runs the report for changes made to administrator role groups in the past two weeks.
-
To view the changes for a specific role group, under Search Results, select the role group. View the search results in the details pane.
Want to narrow the search results?
Select the start date, end date, or both, and select specific role groups to search. Click Search to re-run the report.
Note To access and run any of the reports on the Auditing Reports tab in the Exchange Control Panel, a user has to be assigned the necessary permissions. For more information, see the "Give users access to Auditing Reports" section of Use Auditing Reports in Exchange Online.
Monitor changes to role group membership
When members are added or removed from a role group, the search results displayed in the details pane indicate that the role group membership was updated and lists the current members. The results don't explicitly state which user was added or removed.
To determine if a user was added or removed, you have to compare two separate entries in the report. For example, let's look at the following log entries for the Discovery Management role group:
4/27/2010 4:43 PM
Administrator
Updated members:
Administrator;annb,florencef;pilarp
5/06/2010 10:09 AM
Administrator
Updated members:
Administrator;annb;florencef;pilarp;tonip
5/19/2010 2:12 PM
Administrator
Updated members:
Administrator;annb;florencef;tonip
In this example, the Administrator user account made the following changes:
-
On 5/06/2010, it added the user tonip.
-
On 5/19/2010, it removed the user pilarp.
