In every organization, there are always mailboxes with sensitive information. These might be the mailboxes of the CEO, directors, users from the HR or Payroll departments, or simply mailboxes for which you have to perform discovery actions to demonstrate compliance with regulatory or legal requirements. Although normally administrators are not concerned with the content of user’s mailboxes, there might be someone less honest that attempts to access someone’s mailbox in order to obtain information of value for their own benefit.
Previous versions of Microsoft Exchange did not provide a full range of compliance capabilities. Managed Folders or Journaling simply were not enough to perform basic audits or to be fully compliant with legislation such as the Sarbanes-Oxley Act. Exchange 2010 introduces some welcomed new features, including Retention and Litigation Hold, Single Item Recovery or Archiving.
In the following article, we will explore yet another new feature introduced in SP1 known as Auditing Mailbox Access, which allows us to record operations on a mailbox such as the deletion or copy of e-mails: Auditing Mailbox Access on MSExchange.org