Do you ever wish you could monitor every activity in your inbox and intercept security threats? That would certainly be wonderful, but as a business owner, you’re busy enough as it is. You barely have enough time for your main responsibilities, so how can you be expected to stay on top of security, too?

Fortunately, you can with Office Protect‘s Mailbox Audit Logs Always On setting. This allows you to keep a close eye on all important mailbox activities without having to do so manually.

Want to learn more about reselling Office Protect with SherWeb’s partner program? Read this Sales Deck

What’s Being Logged?

First, let’s talk about what exactly these Mailbox Logs are keeping track of and why they are important.

Emails sent to external sources. If a hacker tries to access an employee email account and actively send spam from it, you’ll be the first to know. This is something that could irreversibly damage your company’s reputation if left unattended. If anyone in your organization sends out emails that are flagged as spam, they will be logged by Office Protect, and you’ll be alerted.

Email impersonation. Office Protect’s mailbox logs will also flag any emails that appear to have been sent by hackers impersonating someone else, such as a high-level manager.

Deleted email accounts. You’ll be alerted whenever an email account is deleted. This could prevent accidental or intentional deletion of important email accounts and any subsequent loss of data.

Unusual sign-ins. Unusual device or location sign-ins will trigger an alert from Office Protect. This will let you know if the login session is just one of your employees working remotely or a hacker trying to access your network. You will also be alerted of an unusual number of sign-ins in a short amount of time, which could indicate a distributed denial-of-service (DDoS) attack.

Missing or deleted emails. The accidental or intentional removal of emails from a user inbox will be logged. This helps ensure that users or hackers are not doing things like sending important documents outside the organization and then promptly deleting those messages. You could even set this log to trigger an alert for certain instances.

Inbox rules not created by an administrator. Office Protect will also log and alert you if inbox rules appear that were not created by an administrator. This prevents hackers from setting rules that could make it easier for them to infiltrate your system.

Unusual signatures. Unusual signatures that don’t comply with your company policy will be logged and will issue an alert. This could catch a hacker in the process of email impersonation or someone using your company’s email account to send out spam.

Security: The Importance of Visibility

Mailbox logs ensure that you have the right visibility into the overall security health of your organization.


Simply logging into your Office Protect account will give you a summary of how things are going in your organization. As soon as you access the account, you will see a summary of all the events and alerts that have occurred since the last digest. Here, you can also see protected users, an update schedule, and the next digest delivery.

Having your mailbox audit logs on is what allows you to see all of this information. If nothing is logged, nothing is reported, and you will not be able to keep track of many of the important security-related events in your environment.


Office Protect works hard to give you a bird’s-eye view of everything happening in your organization. Its dashboard and reports show you how your security environment is performing and whether there is anything that needs to be addressed, all in a user-friendly, at-a-glance format. These reports can be exported into a PDF or CSV file for further analysis.

Audit Log Search

An overview is great for managing your security settings in day-to-day life, but you sometimes need to dig deeper into a particular incident or search for a specific event that you want to know more about. Having your mailbox audit logs always on enables you to do just that in a few easy steps:

  1. Log in to your Office 365 Account
  2. In the left-hand pane of the Security & Compliance Center, click on “Audit Log Search.”
  3. Choose the activities and dates you want to view, as well as any specific users, files, folders, or sites you want to filter.
  4. Click “Search.”
  5. Click on a specific event to open the “Details” page.
  6. Filter or export the results.

Note that a maximum of 5,000 events can be shown at a time, so pay special attention to step #3, where you choose which filters you want to apply.

How to Enable Mailbox Audits

Now that you know how important mailbox audit logs are, how can you turn them on?

Simply access this feature from your Office Protect dashboard settings. You’ll see the toggle menu there with the option for on/off. You’ll also see the security impact (medium) and the user impact (none).

Even if the mailbox log settings are turned off, either by mistake or a rogue administrator through either the Office 365 portal or PowerShell, they will be automatically turned back on. That way, nothing slips through your fingers.

Ensuring that Office Protect is set to Mailbox Audit Logs Always On is the electronic equivalent of making it impossible for criminals to disable your security cameras. And with such an amazing security impact with absolutely no impact on your users, what’s not to love?

Contact SherWeb today to learn how you or your customers can use Office Protect to stay on top of security concerns.

Written by Mathieu Pipe-Rondeau Marketing Communications Specialist @ SherWeb

Mathieu is responsible for SherWeb’s blog content and organic social media. Highly conscious of branding and related communications, he’s constantly on the lookout for new and better ways to showcase SherWeb to the world. Mathieu has ten years of communications and marketing experience, including expertise in knowledge management, process creation and improvement, technical writing and content strategy. When he’s not producing engaging content, Mathieu enjoys cooking, singing and skateboarding with his son.