We have got a very strange request from one of the school principals in our area.
They suspect the IT team is reading their confidential information and would like us to come in and check logs on the server to see where OWA has been accessed from.
Just briefly testing this inhouse on our own Exchange 2010 environment we have been unable to figure out how to gather these logs. Security tab in event viewer has a million audit logs, so how do we achieve this??
Server in question Exchange 2010
Mode of access used is possibly - Outlook or OWA (but it would only be logical to use OWA)
and yes, IT team knows their passwords but we have explained them that even if they didn't, they could access their EMAILS anyway