O365: Enable Mailbox Auditing on all Mailboxes

There is a slight annoyance with O365 with how to enable mailbox auditing for all mailboxes.  Setting mailbox auditing is required as by default mailbox auditing in O365 isn’t turned on by default, and as such will not appear in the search results when you search the O365 audit log for mailbox activity.  I also like to do this, as it counts towards the secure score within O365!

It would be really nice if Microsoft could allow this to be turned on at a tenancy level so that it could filter down to every new mailbox as it gets created – but Microsoft being Microsoft requires an O365 administrator to turn it on for each individual mailbox.  Now, this isn’t too difficult as long as you are OK with PowerShell!  I have created a script, which will basically enable Mailbox Auditing for those mailboxes that do not have it turned on.  It would log out to the screen the number of mailboxes requiring to be auditing enabled, and the name of the mailbox.

I have uploaded this script to the TechNet gallery, so all the latest changes will be located on this page: https://gallery.technet.microsoft.com/Enable-Mailbox-Auditing-on-6a4be1fe?redir=0.  But below is also a version of the script:

    <#
.SYNOPSIS
    Script to enable Mailbox auditing on O365
.DESCRIPTION
    Script to enable Mailbox auditing on O365

.NOTES
    Author: Robert Milner
    Version: 1.1
    Date Released: 23/02/2018
    PowerShell Versions Tested: v5
    O/S Versions Tested: Windows 10

CHANGE LOG:
1.1 Initial Script Creation
#>

#...................................
# Variables
#...................................

$myDir = Split-Path -Parent $MyInvocation.MyCommand.Path

$logfile = "$myDir\Enable Mailbox Auditing.log"

#...................................
# Functions
#...................................

#This function is used to write the log file
Function Write-Logfile()
{
	param( $logentry )
	$timestamp = Get-Date -DisplayHint Time
	"$timestamp $logentry" | Out-File $logfile -Append
}

#...................................
# Script
#...................................

try
{
    # Get list of all mailboxes that do not have auditing enabled:
    Write-Host "******* Getting list of all Mailboxes without auditing enabled"
    Write-Logfile "******* Getting list of all Mailboxes without auditing enabled"
    $MBAudit = Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"}| ? {$_.AuditEnabled -eq $false}

    Write-Host "Enabling Auditing on" $MBAudit.count "mailboxes"

    # Loop through each Mailbox and enable auditing
    foreach ($mailbox in $MBAudit)
    {
        #Write the current email address for the mailbox to the log file
        Write-Logfile ""
        Write-Logfile "Current E-Mail addresses:"
        
        $addresses = @($mailbox | Select -Expand UserPrincipalName)

        foreach ($address in $addresses)
        {
            Write-Logfile $address  
        }

        Write-Host "Setting mailbox $mailbox to have auditing enabled"
        Write-Logfile "Setting mailbox $mailbox to have auditing enabled"

        Set-Mailbox -identity $mailbox.UserPrincipalName -AuditEnabled $true -AuditLogAgeLimit 365 -AuditOwner Create,HardDelete,MailboxLogin,MoveToDeletedItems,SoftDelete,Update
        Write-Logfile ""
        $check = Get-MailBox -identity $mailbox.UserPrincipalName | Select Name,AuditEnabled,AuditLogAgeLimit
        Write-Logfile $check
    }
}
catch
{
    Write-Logfile $_.exception.message
}