Auditing for owner logins RRS feed

  • Question

  • Hi!

    I have the following scenario:

    I need to register the IP address that accessed a particular mailbox and the access will be done through an outlook client, so I enabled auditing on the mailbox in question and configured it to register the “MailboxLogin” action for Owner:

    Set-Mailbox -Identity "Ben Smith" -AuditEnabled $true

    Set-Mailbox -Identity "Ben Smith" -AuditOwner MailboxLogin -AuditEnabled $true

    But according to the article below, this configuration does not work for NTLM and Kerberos (which is my case):

    "Auditing for owner logins to a mailbox works only for POP3, IMAP4, or OAuth logins. It doesn't work for NTLM or Kerberos logins to the mailbox."


    So far I have not been able to register the IP that accesses this particular mailbox, this is my goal, so if anyone has any idea how to register this information, please let me know.

    Best regards,


    Thursday, October 29, 2020 8:07 PM


All replies