Login IP address for any Exchange mailbox

Is there any solution that can log all the IP address accessing to a particular Exchange mailbox ? Can the latest version of Exchange log these types of traffic ?

Thx
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
Wayne88Commented:
Are you referring to all IP addresses used to login to a mailbox via OWA, Outlook, phone or all?  I don't know if there is a tool to log all.

For phone connection you may want to check ActiveSync logging.

https://blogs.technet.microsoft.com/jasonsla/2013/03/19/exchange-activesync-mailbox-logging/

As for OWA, IIS logs is your best bet to determine the IP used for OWA connections.

https://portal.smartertools.com/kb/a2487/where-are-my-iis-log-files-stored.aspx

Another link that may help you (older Exchange example): http://msexchangeguru.com/2012/12/06/find-device-ip/

Finally for Outlook clients you can use the Get-MailboxStatistics cmdlet  (older Exchange example but should work with Exchange 2016 as well)

https://exchangepedia.com/2008/07/where-are-mailbox-last-logon-client-ip-address-and-other-details-in-exchange-2007.html
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
AXISHKAuthor Commented:
We need to keep which IP is accessing a mailbox at particular time.

Alternatively, can we configure Exchange such that if the mailbox is not accessed through office workstation or company phone, the administrator or the user will be warned ?

Thx
0
 
Wayne88Commented:
As mentioned above, depending on how the mailbox is accessed then you will have to refer to their respective log.

In exchange 2013/2016 you can disable activesync and imap/mapi/pop while allowing for owa access.  This can be done via the mailbox features option.
0
 
AXISHKAuthor Commented:
It would be great if there is a centralized log for which IP has been access a mailbox at particular time. Is there any 3rd party solution that can integrate with Exchange to serve this purpose ?
0
 
Vidit BhardwajAdminCommented:
You can check the frontend IIS logs for that user mailbox, based on the protocol used you can filter if it is RPC or MAPI, other logonstatistics can be one thing you can try, else there is no specific logs which logs the IP address of the client machine because most of time clients connection are handled by LB and you just see LB's IP in connections
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.