You deploy Office 365. All the members of a team named Sales have full access to a shared mailbox
named Sales. You enable auditing for all shared mailboxes. From the Sales mailbox, an email
message that contains inappropriate content is sent. You need to identify which user sent the
message.
What should you do?
A.
From the Exchange Control Panel, run an administrator role group report.
B.
From Windows PowerShell, run the Get-SharingPolicy cmdlet.
C.
From Windows PowerShell, run the Write-AdminAuditLog cmdlet.
D.
From Windows PowerShell, run the New-MailboxAuditLogSearch cmdlet.
New-MailboxAuditLogSearch.
i think it is D
Use the Get-SharingPolicy cmdlet to view existing sharing policies that control how users inside your organization can share free/busy and contact information with users outside your organization.
Use the New-MailboxAuditLogSearch cmdlet to search mailbox audit logs and have search results sent via email to specified recipients.
Guess D is correct
The answer is D
https://technet.microsoft.com/en-us/library/ff522362(v=exchg.160).aspx
D should be the correct answer
D
To search mailbox audits and to identify email sent to specific recipient, we need to use the cmdlet New-MailboxAuditLogSearch
Answer is D
To identify which user sent the message, you need to run New-MailboxAuditLogSearch because the question says that you enable auditing for the mailboxes