The advanced archiving features of Office 365 have several native Auditing Reports, listed here:
Non-owner mailbox access report
Description: Search mailbox audit logs for mailboxes that have been accessed or changed by someone other than the owner.
Mailbox audit log
Description: Search for and export information about non-owner access to a mailbox during a specific time period.
Litigation hold report
Description: Search the administrator audit log for users who've had litigation hold enabled or disabled for their mailbox.
Administrator audit log
Description: Search for and export information about configuration changes made in your organization. Learn more...
Administrator role group report
Description: Search the administrator audit log for changes made to role groups, which are used to assign administrative permissions to users. Learn more...
In addition to these native Office 365 reports PowerShell has the ability to customize and schedule reports, sending them periodically to the requestor.
Exchange Hosted Archive (EHA) natively contained several pre-defined reports as well. Office 365 does not natively contain these same reports. The ability to customize and schedule these reports
did not exist in EHA. Microsoft is researching and creating examples of PowerShell scripts that can be used to mimic native EHA reports. Our target is to have these examples in place, here, by the end of September 2012. This will be a set of PowerShell scripts,
where possible, that align with the most used EHA reports.
The following is a list of native EHA reports:
* Only criteria is "Date Range".
** Only criteria is "Date Range" and "People Picker" (filter by user).
- Activity Summary*
The Activity Summary report provides an overview of how many internal and external messages were sent and received for e-mail, instant messages, and other files and documents. This report
also provides the overall and average size for each category of messages. This report counts real messages and removes embedded messages.
- Audit Events**
Additional Criteria: 58 checkbox filters representing various categories of log events.
Description: The Audit Event report gives details of all the user related granular actions which they have performed. These activities include Viewing email messages, export /restore messages,
Log in/Log out of users. This report can provide overall and for each category individually.
- Email Summary**
This report generates a summary for all users or individuals. Statistics include summaries of internal and external messages sent and received, size, and average size, along with totals.
- SEC 17a-4
The SEC 17 a-4 report demonstrates evidence of complete, serialized, and archived e-mail for your organization. It identifies the first message archived and the most recent message archived,
as well as Date, Time, To, From, Subject, and the Message ID number for serialization.
This report also includes the number of messages captured, messages certifiably destroyed, messages on destruction hold, and voided message IDs. In the event that an ID number is not issued
sequentially, it will not be used at all (these are voided IDs).
- Un-provisioned Users*
The Un-provisioned Users report displays a list of users in the company which have not been provisioned.
- Archive Summary*
The Archive Summary report displays archive statistics for the organization. Statistics are included for e-mail messages, instant messages, and other files and documents that include Bloomberg
reports, faxes, and uploaded documents. Statistical breakdowns include count, basic sizes, sizes of attachments, total sizes, and average sizes. Totals are given for all data categories.
- Daily Statistics*
The Daily Statistics report shows the daily statistics for all messages (e-mail, instant messages, and other files and documents) archived for a particular set of days. Totals and size
are given for all data columns.
- Employee Roster
The Employee Roster report displays a complete list of users who have archive accounts, as well as what roles they have been assigned, who is their supervisor, dates of their last logon,
an individual’s retention period settings, last sent messages, and last received messages. Totals are included for all data columns, as well as a breakdown of totals by assigned roles.
- Supervisory Review Evidentiary**
Other Criteria included enabling highlighting for users subject to 3010 and message details.
The Supervisory Review Evidentiary report is useful for audits. It not only provides compliance managers with the numbers and percentages of communications being reviewed for FINRA 3010
compliance, but also provides the same metrics for those subordinates who are having mail reviewed for general purposes.
A compliance manager can determine who to include in the report. One or both of these options can be selected: FINRA 3010 Individuals and Individuals Who Require Review. If just the FINRA
3010 Individuals option is selected, the report title appears as FINRA 3010 Evidentiary Report. With any other combination, the report title is Supervisory Review Evidentiary Report.
When you select the FINRA 3010 Individuals and Individuals Who Require Review options, names of FINRA 3010 subordinates are displayed in bold red type.
To ensure that individuals in the Supervisor role are performing their supervisory duties, the compliance manager should run this report on a regular basis. Run it from the Reports page
or go to the Supervise drawer and click Supervisory Review Evidentiary Report on the Review Messages page.
The Supervisory Review Evidentiary report is broken down by supervisor and shows how many messages have been captured and reviewed for each subordinate.
The Message Review Recap report provides an overview of the harvested messages (with their current review status) for a given date range. It also renders if those messages were internal or external, sender and recipient email, sent date, captured date, listed
supervisor email, who reviewed the message etc.
- Attachment Summary*
The Attachment Summary report presents the data in a table and in a three-dimensional column chart, showing top attachment types found in the archived message traffic. Data includes file
extension, document type, quantity, total size, and average size.
The Destruction report validates and lists messages that have been destroyed because of the retention period expiration date. Details about each individual message include Date Destroyed,
Date Sent/Received, Age When Destroyed, From, To, and Subject.
Messages older than their retention period are destroyed in all data centers (production and disaster recovery) once a day starting at 6:00 p.m. PST. If a message is on destruction hold,
the message will not be destroyed.
Any e-mail message, instant message, Bloomberg transcript, or uploaded document is destroyed when the retention period expires. The header information of a message is kept, but bodies of
messages or attachments are destroyed.
- Privileged Roles
The Privileged Roles report includes a category for each role with privileges — Compliance Manager, Compliance Operator, External Compliance Auditor, HR Manager, Monitor, Monitor Operator,
Role Manager, Supervisor, Technical Administrator, and Technical Operator. In each category, the users with that role are listed, as well as the date the role was assigned to them. Totals are given for each category.
- System Statistics*
The System Statistics report provides a view of the complete system for the date range that you specify. Statistics cover the number of mailboxes, recipients, senders, volume, and archive
statistics. Data breakdown includes quantity, size, average size, and totals for all data categories.
* Only criteria is "Date Range"
** Only criteria is "Date Range" and "People Picker" (filter by user).