A good news for compliance and security, Exchange Online Mailbox auditing will now be enabled by default.

The schedule is all commercial tenant will be set by end of calendar year.

All mailboxes already set for auditing will continue to be enabled, while all others will then be audited.

A new parameter for the Set-OrganizationConfig cmdlet will also be introduce for Exchange administrator to override (not recommended) this new configuration.

Set-OrganizationConfig –AuditDisabled $true / $false

image

If the value is set to $true then mailbox audit setting will be overridden and ignored.

Also because all mailboxes will be audited with this new configuration, you may want/choose to have some mailboxes excluded from audit; you can do it by using the Set-MailboxAuditBypassAssociation

Set-MailboxAuditBypassAssociation –Identity <mailbox> –AuditBypassEnabled $true