Export Exchange Online Client Access Report

Export Exchange Online Client Access Report

  •  
  •  
  •  
  •  
  •  
  •  

So, imagine this:

The security team comes to you and asks you for a report on how people are accessing Exchange Online services–browser, mobile, Outlook client.  In the olden days of Exchange on-premises, you could look at the IIS logs to check browser traffic.  It’s not quite the same in Exchange Online, since you don’t have access to the IIS logs for every CAS server in Office 365.

What you can do, however, is retrieve that data from the Mailbox Audit Log.

Of course, you need to enable mailbox auditing (a per-mailbox setting) in order for this data to be stored, so if you haven’t done that yet, go do it now and come back in a few weeks and keep going (I say a few weeks so you can capture device turnover or people who are on vacation and don’t access their work mail via mobile clients).

To enable the mailbox auditing we need to run:

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditEnabled $true -AuditOwner UpdateFolderPermissions,MailboxLogin

Note: UpdateFolderPermissions is enabled by default when you enable audit logging.  The -AuditOwner parameter uses an array, so you either need to specify all the values in the cmdlet or use a hash value with the parameter: -AuditOwner @{Add=”MailboxLogin”}

Done?

Great.

Now, to build your report.

$mailboxes = Get-Mailbox -ResultSize Unlimited
Foreach ($mailbox in $mailboxes)
{
$logdata = Search-MailboxAuditLog -StartDate ([system.DateTime]::Now.AddDays(-14)) -EndDate ([system.DateTime]::Now.AddDays(+1)) -Operations MailboxLogin -Identity $mailbox.UserPrincipalName -ShowDetails | Select LogonUserDisplayName,ClientInfoString,LastAccessed,ClientIPAddress
$logdata | export-csv Report.csv -Append -NoTypeInformation
}

You may find it useful to use client-side filtering on the ClientInfoString to locate specific clients types or versions as well.

Be fruitful and reportify!

 

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.