Identify who has accessed another users Mailbox in Office 365
In our previous blog, we identified how to enable Mailbox access Auditing for users in Office 365. You need to have mailbox auditing enabled before anything you read in this post will work.
So now that you have auditing enabled, how do you find out who is accessing other people’s mailboxes?
The new version of Office 365 includes a mailbox access by non-owners report for exactly this purpose. These can be found in the Reports section of your Office 365 administrator portal, under Auditing section. You will need to be signed in as an Administrator or other user that has the Audit Logs role assigned.
Clicking on this Audit Report opens a new window.
Here you can define the parameters which will limit the scope of your search results. You can edit things such as:
- Date/Time of user access
- Which mailboxes have been accessed
- Who accessed the mailboxes – administrators, delegates etc
The search results show you exactly what actions were taken, who they were performed by and the time and date of the access.
Note: Not every type of mailbox action is audited by default, so you may not see every type of mailbox access appearing in this report. More information about what is audited can be found on our blog post explaining how to enable Mailbox access Auditing.