0

We have some clients who work with government contracts, and some of their requests has been to being able to audit accounts and seeing where they logged in from based on IP.

Is there a way to do this?

I am attempting the following via powershell but I am not sure if this is the way to go.

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true

And for viewing:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditOwner MailboxLogin

Am I going about this the right way to view IPs with time stamps and when they logged in and with what devices?

Jason
  • 3,931
  • 19
  • 66
  • 107

1 Answers1

2

If you have Azure subscription, you have access to these details.

To examine the devices and applications from which a specific user connected to a mailbox in Office 365:

  1. In the Security & Compliance Center, choose Reports > View reports.
  2. Under Auditing, choose Azure AD reports.
  3. In the Azure management portal, on the Active Directory tab, choose the name of your organization.
  4. Under your organization name, choose Users. Locate the user you want to investigate and choose the username.
  5. On the user page, choose Devices.
  6. In the View drop-down list, select Devices and applications from which the user has signed in. This will provide details, such as the version of client used to sign in, and the last sign-in time, IP address, and location of the user.

For more details, you may check this Microsoft TechNet article.

Sue.J
  • 376
  • 3
  • 12