It seems we have had a security group that has been given a number of read permissions to mailboxes that it shouldnt. We have secured the system now but we are looking to track back how the permissions were put in place. We are compiling a list of user accounts that had the read permission attached to confirm if a patten of OU/Location/Group can be found as currently this seems to be random.
Is there any way we can track back the changes within the accounts to find who assigned the permissions? None of our engineers were remember pushing out such a change and so we want to be 100% that the network is secure.