Auditing Mailbox Access

Bogart, Humphrey (Maltese Falcon, The)_02

Sooner or later, executives and other users with sensitive information will request some sort of special handling of their mailboxes.  For example, not long ago I was tasked with finding a way of making the mailboxes of senior execs inaccessible (even from an admin point of view) to all except the execs themselves.

Of course, this wasn’t practical and died a quiet death.  But the idea of knowing who (or what process) accesses a mailbox is very practical with Exchange 2010.

This technet article describes the process…

Because mailboxes can potentially contain sensitive, high business impact (HBI) information and personally identifiable information (PII), it’s important that you track who logs on to the mailboxes in your organization and what actions are taken. It’s especially important to track access to mailboxes by users other than the mailbox owner. These users are referred to as delegate users.

By using mailbox audit logging, you can log mailbox access by mailbox owners, administrators, and delegates (including administrators who have full mailbox access permissions). Mailboxes are considered to be accessed by an administrator only in the following scenarios:

[…]

full here…