Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

Make sure that Exchange Online mailboxes are enabled for auditing

The big problem with mailbox auditing – for both Exchange on-premises and Exchange Online – is that you must enable it for mailboxes to start recording audit events. If you do not enable auditing for a mailbox, Exchange assumes that you don’t care about what’s going on and captures nothing. When the time comes to search the Office 365 audit log, you get a big fat blank. Microsoft should either enable all EXO mailboxes for auditing or allow tenants to update mailbox plans to ensure that new mailboxes are enabled upon creation.

373 votes

Vote

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Anonymous shared this idea · Oct 4, 2017 · Flag idea as inappropriate… · Admin →

in the plans · Aug 30, 2018

16 comments

Add a comment…

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Anonymous commented · December 18, 2018 4:24 AM · Flag as inappropriate

Should be enable by Default
Peter Hurst commented · October 12, 2018 9:05 AM · Flag as inappropriate

On large tenancies it's particularly difficult to backfit with the recommended solution as the number of mailboxes exceed the maximum allowed.
Brian T. Grant commented · September 6, 2018 2:20 AM · Flag as inappropriate

even if it gets enabled by default that is only one step as I understand that is only basic auditing.
Owner, Admin & delegate with extended parameters should be applied by you.
Brajesh Panda commented · July 26, 2018 4:54 AM · Flag as inappropriate

Take a look at this: https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Exchange-Mailbox-Auditing-will-be-enabled-by-default/bc-p/219167#M584
Michael Gorn commented · June 20, 2018 9:09 AM · Flag as inappropriate

this should be enabled by default ASAP!
Hasan commented · June 12, 2018 5:20 AM · Flag as inappropriate

By deafult it should be enabled when mailbox created in Office365 or migrated from Onprem to Office365
Anonymous commented · April 26, 2018 12:19 PM · Flag as inappropriate

I agree, that will be great to have the option to enable auditing when creating user account. that will be very useful.
kaveh commented · April 24, 2018 12:17 AM · Flag as inappropriate

noticed Set-MailboxPlan has an '-AuditEnabled' switch already, just that its currently reserved for internal use... c'mon guys!
kaveh commented · April 24, 2018 12:02 AM · Flag as inappropriate

need a tenant wide, or mailbox plan wide setting
kaveh commented · April 24, 2018 12:01 AM · Flag as inappropriate

Yes the issue is we dont use powershell to create users, and need this enabled for new mailboxes that are created.
Matt commented · April 10, 2018 11:52 AM · Flag as inappropriate

How is this not done yet? Having the option to enable/disable auditing by default on the tenant has been being asked for for years now. Cmon MS...
Ryan commented · March 29, 2018 6:49 PM · Flag as inappropriate

Should be enabled by default.
Ryan Pizzi commented · October 18, 2017 6:25 PM · Flag as inappropriate

Very much agreed on this. I'm told that ASM (Now CAS) required mailbox auditing to become useful at all. If this is a requirement, I'm sure we'd all appreciate a method to have mailboxes start out with auditing enabled (and perhaps what to audit).
Richard commented · October 18, 2017 6:01 PM · Flag as inappropriate

There are numerous tickets with varying amounts of votes that are all asking for the same thing:

Give us the ability to enable mailbox auditing by default for every account in AAD.

Even better, let us specify mailbox auditing policies hierarchically, as in GPOs. We should be using AAD as the source of truth on user objects, including mailboxes. I don't get why this is a per-user Powershell-only option right now. Seriously it confounds us.
James Reed commented · October 13, 2017 3:59 PM · Flag as inappropriate

This needs to be done on all mailboxes, inclusive of the underlying O365 Group mailboxes.
This should be the default setting for all, so there would be no reason it randomly disables or certain elements get removed from auditing.
Anonymous commented · October 5, 2017 8:59 PM · Flag as inappropriate

By deafult it should be enabled when mailbox created in Office365 or migrated from Onprem to Office365

Office 365 Security & Compliance: Auditing

Post a new idea…
All ideas
My feedback
Advanced Security Management 200
Auditing 141
Compliance Manager 59
DLP & Transport Rules 147
Malware 49
Message Encryption & Rights Management 77
Message Trace 41
Privacy 5
Reports 69
Service Trust Portal 10
Spam & Phishing 206
eDiscovery 125

Searching…

No results.
Clear search results

Give feedback
- Delve 1,071 ideas
- FastTrack 7 ideas
- General 7,886 ideas
- Microsoft Connections email marketing 48 ideas
- Microsoft Invoicing 138 ideas
- Microsoft Listings online presence 7 ideas
- Office 365 Admin 3,626 ideas
- Office 365 Admin Mobile 1,165 ideas
- Office 365 Business Center 208 ideas
- Office 365 Groups 1,351 ideas
- Office 365 Security & Compliance 1,401 ideas
- Office.com Home Page 184 ideas
Microsoft Office 365

Related Sites