Chat with us, powered by LiveChat

Blog

Back

Identify who has accessed another users Mailbox in Office 365

28 Jun 2013 by Emma Robinson

In our previous blog, we identified how to enable Mailbox access Auditing for users in Office 365. You need to have mailbox auditing enabled before anything you read in this post will work.

So now that you have auditing enabled, how do you find out who is accessing other people’s mailboxes?

The new version of Office 365 includes a mailbox access by non-owners report for exactly this purpose. These can be found in the Reports section of your Office 365 administrator portal, under Auditing section. You will need to be signed in as an Administrator or other user that has the Audit Logs role assigned.

Audit Reports in Office 365

Audit Reports in Office 365

Clicking on this Audit Report opens a new window.

Read more Optimizing PowerShell for large Office 365 tenants

Mailbox Access Audit Search

Mailbox Access Audit Search

Here you can define the parameters which will limit the scope of your search results. You can edit things such as:

  • Date/Time of user access
  • Which mailboxes have been accessed
  • Who accessed the mailboxes – administrators, delegates etc
Mailbox Access Audit Search Results

Mailbox Access Audit Search Results

The search results show you exactly what actions were taken, who they were performed by and the time and date of the access.

Note: Not every type of mailbox action is audited by default, so you may not see every type of mailbox access appearing in this report. More information about what is audited can be found on our blog post explaining how to enable Mailbox access Auditing.