Do you ever wish you could monitor every activity in your inbox and intercept security threats? That would certainly be wonderful, but as a business owner, you’re busy enough as it is. You barely have enough time for your main responsibilities, so how can you be expected to stay on top of security, too?
Fortunately, you can with Office Protect‘s ‘Mailbox Audit Logs Always On’ setting. It allows you to keep a close eye on all important mailbox activities without having to do so manually.
What’s being logged?
First, let’s talk about what exactly these mailbox logs are keeping track of and why they’re important.
Emails sent to external sources. If a hacker tries to access an employee email account and actively send spam from it, you’ll be the first to know. This is something that could irreversibly damage your company’s reputation if left unattended. If anyone in your organization sends out emails that are flagged as spam, they’ll be logged by Office Protect and you’ll be alerted.
Email impersonation. Office Protect’s mailbox logs will also flag any emails that appear to have been sent by hackers impersonating someone else, such as a high-level manager.
Deleted email accounts. You’ll be alerted whenever an email account is deleted. This could prevent accidental or intentional deletion of important email accounts and any subsequent loss of data.
Unusual sign-ins. Unusual device or location sign-ins will trigger an alert from Office Protect. This will let you know if the login session is just one of your employees working remotely or a hacker trying to access your network. You will also be alerted of an unusual number of sign-ins in a short amount of time, which could indicate a distributed denial-of-service (DDoS) attack.
Missing or deleted emails. The accidental or intentional removal of emails from a user inbox will be logged. This helps ensure that users or hackers are not doing things like sending important documents outside the organization and then promptly deleting those messages. You could even set this log to trigger an alert for certain instances.
Inbox rules not created by an administrator. Office Protect will also log and alert you if inbox rules appear that were not created by an administrator. This prevents hackers from setting rules that could make it easier for them to infiltrate your system.
Unusual signatures. Unusual signatures that don’t comply with your company policy will be logged and will issue an alert. This could catch a hacker in the process of email impersonation or someone using your company’s email account to send out spam.
Office Protect gives you security visibility
Office Protect mailbox audit logs also help ensure you have the right visibility into the overall security health of your organization.
Simply logging into your Office Protect account gives you a summary of how things are going in your organization. See a digest of all the events and alerts that have occurred since the last review. You can also see protected users, an update schedule and the next digest delivery.
Having mailbox audit logs on is what allows you to collect all this information. If nothing is logged, nothing is reported, and you won’t be able to keep track of many of the important security-related events in your environment.
Office Protect works hard to give you a bird’s-eye view of everything happening in your organization. Its dashboard and reports show you how your security environment is performing and whether there is anything that needs to be addressed, all in a user-friendly, at-a-glance format. These reports can be exported into a PDF or CSV file for further analysis.
Audit log search
An overview is great for managing your security settings in day-to-day life, but you sometimes need to dig deeper into a particular incident or search for a specific event that you want to know more about. Having mailbox audit logs always on enables you to do just that in a few easy steps:
- Log in to your Microsoft 365 account
- In the left-hand pane of the Security & Compliance Center, click on “Audit Log Search”
- Choose the activities and dates you want to view, as well as any specific users, files, folders, or sites you want to filter
- Click “Search”
- Click on a specific event to open the “Details” page
- Filter or export the results
Note that a maximum of 5,000 events can be shown at a time, so pay special attention to step three, where you choose which filters you want to apply.
How to enable mailbox audits
Now that you know how important mailbox audit logs are, how do you turn them on?
Simply access this feature from your Office Protect dashboard settings. You’ll see the toggle menu there with the option for on/off. You’ll also see the security impact (medium) and the user impact (none).
Even if the mailbox log settings are turned off, either by mistake or a rogue administrator through either the Microsoft 365 portal or PowerShell, they will be automatically turned back on. That way, nothing slips through your fingers.
Ensuring that Office Protect is set to Mailbox Audit Logs Always On is the electronic equivalent of making it impossible for criminals to disable your security cameras. With clear benefits for organizational security and a minimal impact on your users, it’s one of the many ways Office Protect can help make your Microsoft 365 tenants safer.