Microsoft 365 administration – PowerShell to verify the auditing status for our Organization / Tenant

by ·

Executing PowerShell CMDLET - Get-AdminAuditLogConfig - Verifying auditing status for my organization
Executing PowerShell CMDLET - Get-AdminAuditLogConfig - Verifying auditing status for my organization

Hello All,

Greetings.

Today I am sharing small informative article. This article is regarding verifying if an auditing is turned on or not for our organization using PowerShell.

    What is Audit Logging?

    • Microsoft Purview auditing solutions provide an integrated solution to help organizations effectively respond to
      • security events,
      • forensic investigations,
      • internal investigations,
      • and compliance obligations
    • Microsoft Purview Audit provides the ability to log and search for audited activities.
    • It enhances forensic, IT, compliance, and legal investigations.
    • Audit logging is turned on by default for Microsoft 365 organizations.

    In certain scenarios our Organization might not want to retain and record the logs. In this case we need to turn off the auditing.

    Details

    • We will use the Get-AdminAuditLogConfig PowerShell CMDLET
    • Get-AdminAuditLogConfig PowerShell CMDLET is available in Exchange Online PowerShell module
    • Make sure, “Exchange Online PowerShell” module is installed. If it is not installed then install the module using “Install-Module” PowerShell CMDLET as

    Install-Module -Name ExchangeOnlineManagement -Force

    • Once we have successfully installed PowerShell module “ExchangeOnlineManagement“, we are ready to execute the Exchange Online PowerShell CMDLETs
    • We will connect to Exchange Online using “Connect-ExchangeOnline” PowerShell CMDLET
    Connect-ExchangeOnline

    PowerShell window displaying version 7.5.1 and instructions for connecting to Exchange Online using the Connect-ExchangeOnline cmdlet.
    Image: Connecting to Exchange Online
    • As we successfully manage to connect ExchangeOnline, we are ready to execute Exchange Online PowerShell CMDLETs
    • To verify auditing status of our organization, we will execute “Get-AdminAuditLogConfig” PowerShell CMDLET as

    PS C:\Windows\System32> Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabled

UnifiedAuditLogIngestionEnabled : True

PS C:\Windows\System32>

    PowerShell terminal showing commands to connect to Exchange Online and check auditing status with the Get-AdminAuditLogConfig cmdlet.
    Image: Executing PowerShell CMDLET – Get-AdminAuditLogConfig – Verifying auditing status for my organization
    • A value of True for the UnifiedAuditLogIngestionEnabled property indicates that auditing is turned on in our tenant.

    REFERENCES

    Thanks for reading!!!

    HAVE A FANTASTIC TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂

    Tags:

    Prasham Sabadra

    LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

    You may also like...

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Discover more from Microsoft 365

    Subscribe now to keep reading and get access to the full archive.

    Continue reading