Ensure 'AuditDisabled' organizationally is set to 'False'
Why This Matters
If mailbox auditing is disabled at the organizational level, your security team loses visibility into critical mailbox activities such as inbox rule creation, folder access, or message tampering. Without these audit logs, incident responders and forensic investigators cannot trace malicious actions like data exfiltration or privilege escalation executed through compromised mailboxes. Enforcing auditing ensures default mailbox actions are always logged, providing essential evidence for detecting and investigating security incidents.
What Aether365 Checks
Aether365 verifies that the AuditDisabled property on the organization’s Exchange Online configuration is set to False. This check appears in your Aether365 dashboard under the Microsoft 365 security checks section.