Ensure 'AuditBypassEnabled' is not enabled on mailboxes
Why This Matters
If a mailbox audit bypass is enabled for an account, that account can access any mailbox it has permissions to without generating any audit log entries. This means actions like message deletions or unauthorized access go completely unrecorded, making it impossible to detect insider threats or malicious activity. For IT administrators, this creates a blind spot that undermines incident response and forensic investigations.
What Aether365 Checks
Aether365 verifies that the AuditBypassEnabled property is not enabled on any mailbox accounts in your Microsoft 365 organization. This check appears in the Aether365 dashboard under the microsoft-365 section and flags accounts where audit bypass is active.