An organization uses Exchange Online. You enable mailbox audit logging for all mailboxes.
User1 reports that her mailbox has been accessed by someone else.
You need to determine whether someone other than the mailbox owner has accessed the mailbox.
What should you do?
A.
Run the following Windows PowerShell command:
Search-MailboxAuditLog -Identity User1 -LogonTypes Owner -ShowDetails
B.
In the Exchange Admin Center, navigate to the Auditing section of the Protection page.
Run a non-owner mailbox access report
C.
Run the following Windows PowerShell command:
New-AdminAuditLogSearch -Identity User1 -LogonTypes Owner -ShowDetails
D.
In the Exchange Admin Center, navigate to the Auditing section of the Compliance Management
page. Run a non-owner mailbox access report.
Looking in my Portal the answer now would be:
Security & Compliance page
Search & Investigation section
Audit log search
then select ‘user signed into mailbox’ as the activity to search for.
The powershell command:
The LogonTypes parameter specifies the type of logons. Valid values include:
• Admin Audit log entries for mailbox access by administrator logons are returned.
• Delegate Audit log entries for mailbox access by delegates are returned, including access by users with Full Mailbox Access permission.
• External For Exchange Online mailboxes, audit log entries for mailbox access by Microsoft datacenter administrators are returned.
• Owner Audit log entries for mailbox access by the primary mailbox owner are returned. This value is available only in Exchange 2016 and also requires the ShowDetails switch.
https://technet.microsoft.com/en-us/library/ff522360(v=exchg.160).aspx
Correct.