Forensics

Interpreting the Office 365 MailItemsAccessed Audit Event

If you have Office 365 E5 licenses, your mailboxes generate MailItemsAccessed events. These events are stored in the Office 365 audit log and can be used for investigating potentially compromised mailboxes. Useful information is in the audit events, but some processing is needed to extract the full benefit. Here's how to do it with PowerShell.

Last Update: Aug 22, 2023

LATEST