# Ensure ImportExcel module is installed if (-not (Get-Module -ListAvailable -Name ImportExcel)) { Write-Host "๐Ÿ“ฆ ImportExcel module not found. Installing..." Install-Module -Name ImportExcel -Scope CurrentUser -Force } else { Write-Host "โœ… ImportExcel module is already installed." } # Ensure ExchangeOnlineManagement module is installed if (-not (Get-Module -ListAvailable -Name ExchangeOnlineManagement)) { Write-Host "๐Ÿ“ฆ ExchangeOnlineManagement module not found. Installing..." Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser -Force } else { Write-Host "โœ… ExchangeOnlineManagement module is already installed." } # Output Excel file path $excelPath = "C:\Temp\AuditLoggingStatus.xlsx" # Ensure output folder exists if (!(Test-Path -Path "C:\Temp")) { New-Item -Path "C:\" -Name "Temp" -ItemType Directory | Out-Null } # Connect to Exchange Online Connect-ExchangeOnline # === 1. Check Unified Audit Logging (UAL) status === Write-Host "`n=== Unified Audit Logging Status ===" $ualStatus = Get-AdminAuditLogConfig $ualResult = [PSCustomObject]@{ Setting = "Unified Audit Log Enabled" Value = $ualStatus.UnifiedAuditLogIngestionEnabled Description = if ($ualStatus.UnifiedAuditLogIngestionEnabled) { "โœ… UAL is ENABLED" } else { "โŒ UAL is DISABLED" } } # === 2. Check mailbox audit logging for each user === Write-Host "`n=== Mailbox Audit Logging Status (per mailbox) ===" $mailboxAuditResults = @() $mailboxes = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox foreach ($mbx in $mailboxes) { try { $audit = Get-Mailbox -Identity $mbx.Identity | Select-Object DisplayName, AuditEnabled, AuditLogAgeLimit $mailboxAuditResults += [PSCustomObject]@{ DisplayName = $audit.DisplayName AuditEnabled = $audit.AuditEnabled AuditLogAgeLimit = $audit.AuditLogAgeLimit Status = if ($audit.AuditEnabled) { "โœ… Enabled" } else { "โŒ Disabled" } } } catch { Write-Warning "Failed to get audit info for $($mbx.DisplayName): $_" } } # === 3. Export both results to Excel === $ualResult | Export-Excel -Path $excelPath -WorksheetName "Unified Audit Log" -AutoSize $mailboxAuditResults | Export-Excel -Path $excelPath -WorksheetName "Mailbox Audit Logging" -AutoSize Write-Host "`nโœ… Report exported to $excelPath" # === 4. Disconnect === Disconnect-ExchangeOnline -Confirm:$false # === 5. Clear cached credentials to force reauthentication next time === Remove-Item "$env:USERPROFILE\.ExchangeOnline\TokenCache" -Force -ErrorAction SilentlyContinue Write-Host "`n๐Ÿงน Cached credentials cleared. Reauthentication will be required on next run."