Created: 9-10-21
Updated: 9-10-21
Below are a few PowerShell commands that Adam Gordon made during an ITPro.tv training video and this was written by him and credit is due accordingly. However this was from a video series that is about to be replaced and I’d like to archive this information for future use. Perhaps this helps someone out!
######################################
# Log into O365 Security & Compliance
######################################
Set-ExecutionPolicy RemoteSigned
$UserCreds = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameCheckingRemove-PSSession $Session
###################################### Enable Auditing for a single mailbox
Set-Mailbox “name of mailbox goes here” -AuditEnabled $True# Enable Audting for all mailboxes
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditEnabled $True#Monitor Unified Audit Logs – Is it Enabled?
Get-AdminAuditLogConfig | FL *unified*
#Want to turn on/off logging?
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $True
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $False
#How about using PowerShell to search the logs?
Search-UnifiedAuditLog -StartDate 8/28/2021 -EndDate 9/23/2021 -UserIds [email protected] -Formatted