Hi,
Welcome to Microsoft Q&A community.
Checking Mailbox Access Audit Logs
To check audit logs for mailbox access, you can use both the GUI (Security & Compliance Center) and PowerShell commands. Here’s how you can do it:
Using the GUI (Security & Compliance Center)
Access the Security & Compliance Center:
Go to the Microsoft 365 Security & Compliance Center.
Sign in with your admin credentials.
Navigate to Audit Log Search:
In the left pane, select Audit.
Click on Audit log search.
Search for Mailbox Access:
In the search box, enter the email address [email protected].
Set the date range to cover the period when access was provided.
Under Activities, select Mailbox activities.
Click on Search to view the results.
Review and Export Results:
Review the search results for any mailbox access activities.
You can export the results to a CSV file for further analysis.
Using PowerShell
Connect to Exchange Online:
Connect-ExchangeOnline -UserPrincipalName [email protected]
Search Mailbox Audit Logs:
$StartDate = (Get-Date).AddMonths(-2)
$EndDate = Get-Date
Search-MailboxAuditLog -Identity [email protected] -LogonTypes Admin,Delegate -StartDate $StartDate -EndDate $EndDate -ResultSize 5000 | Export-CSV C:\temp\MailboxAuditLog.csv -NoTypeInformation -Encoding UTF8
Explanation of the PowerShell Command:
Connect-ExchangeOnline: Connects to Exchange Online.
Search-MailboxAuditLog: Searches the mailbox audit logs for the specified mailbox.
-Identity [email protected]: Specifies the mailbox to search.
-LogonTypes Admin,Delegate: Filters the logon types to admin and delegate access.
-StartDate and -EndDate: Defines the date range for the search.
-ResultSize 5000: Limits the number of results to 5000.
Export-CSV: Exports the results to a CSV file.