Details

Unauthorized or malicious data changes can compromise the integrity and usefulness of the data. Automated attacks or malicious users with elevated privileges have the ability to effect change using the same mechanisms as email administrators.

Auditing any changes to access mechanisms not only supports accountability and nonrepudiation for those authorized to define the environment but also enables investigation of changes made by others who may not be authorized.

Note: This administrator auditing feature audits all exchange changes regardless of the user’s assigned role or permissions.

Solution

Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2016_Y21M07_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-2(4)
• CAT|II
• CCI|CCI-001403
• Rule-ID|SV-228354r612748_rule
• STIG-ID|EX16-MB-000010
• STIG-Legacy|SV-95333
• STIG-Legacy|V-80623
• Vuln-ID|V-228354

Source

• Tenable.com/audits