An Organization uses Exchange Online. You enable mailbox audit logging for all mailboxes.
User1 reports that her mailbox has been accessed by someone else.
You need to determine whether someone other than the mailbox owner has accessed the mailbox.
What should you do?
A.
Run the following Windows PowerShell command: Search-MailboxAuditLog-Identity User1-LogonTypes
Admin, Delegate, External-ShowDetails
B.
In the Exchange Admin Center, navigate to the Auditing section of the Protection page. Run a non-owner
mailbox access report.
C.
In the Exchange Admin Center, navigate to the In-place eDiscovery & Hold section of the Compliance
Management page. Run a non-owner mailbox access report.
D.
Run the following Windows PowerShell command: New-AdminAuditLogSearch-Identity User1-LogonTypes
Admin, Delegate, External-ShowDetails
Explanation:
The Non-Owner Mailbox Access Report in the Exchange Administration Center (EAC) lists the mailboxes thathave been accessed by someone other than the person who owns the mailbox.
Run a non-owner mailbox access report
In the EAC, navigate to Compliance Management > Auditing.
Click Run a non-owner mailbox access report.
By default, Microsoft Exchange runs the report for non-owner access to any mailboxes in the organization
over the past two weeks. The mailboxes listed in the search results have been enabled for mailbox audit
logging.
To view non-owner access for a specific mailbox, select the mailbox from the list of mailboxes. View the
search results in the details pane.
Note: When a mailbox is accessed by a non-owner, Microsoft Exchange logs information about this action in a
mailbox audit log that’s stored as an email message in a hidden folder in the mailbox being audited. Entries
from this log are displayed as search results and include a list of mailboxes accessed by a non-owner, who
accessed the mailbox and when, the actions performed by the non-owner, and whether the action was
successful.
https://technet.microsoft.com/en-us/library/jj150575(v=exchg.150).aspx
In the EAC, navigate to Compliance Management > Auditing.
Indeed, my guess is that the previous location was somewhere else in the EAC, but they changed it to compliance management > Auditing like you said.
now it is Reports > Security & Compliance > Auditing > Mailbox access by non-owners
Hope not to get this question on the exam as it is outdated.
you can get the report also in the exchange admin center>Compliance management>auditing>run a non-owner mailbox access report