Login IP address for any Exchange mailbox

Is there any solution that can log all the IP address accessing to a particular Exchange mailbox ? Can the latest version of Exchange log these types of traffic ?

Thx
AXISHKAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
Are you referring to all IP addresses used to login to a mailbox via OWA, Outlook, phone or all?  I don't know if there is a tool to log all.

For phone connection you may want to check ActiveSync logging.

https://blogs.technet.microsoft.com/jasonsla/2013/03/19/exchange-activesync-mailbox-logging/

As for OWA, IIS logs is your best bet to determine the IP used for OWA connections.

https://portal.smartertools.com/kb/a2487/where-are-my-iis-log-files-stored.aspx

Another link that may help you (older Exchange example): http://msexchangeguru.com/2012/12/06/find-device-ip/

Finally for Outlook clients you can use the Get-MailboxStatistics cmdlet  (older Exchange example but should work with Exchange 2016 as well)

https://exchangepedia.com/2008/07/where-are-mailbox-last-logon-client-ip-address-and-other-details-in-exchange-2007.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
We need to keep which IP is accessing a mailbox at particular time.

Alternatively, can we configure Exchange such that if the mailbox is not accessed through office workstation or company phone, the administrator or the user will be warned ?

Thx
0
Wayne88Commented:
As mentioned above, depending on how the mailbox is accessed then you will have to refer to their respective log.

In exchange 2013/2016 you can disable activesync and imap/mapi/pop while allowing for owa access.  This can be done via the mailbox features option.
0
AXISHKAuthor Commented:
It would be great if there is a centralized log for which IP has been access a mailbox at particular time. Is there any 3rd party solution that can integrate with Exchange to serve this purpose ?
0
Vidit BhardwajAdminCommented:
You can check the frontend IIS logs for that user mailbox, based on the protocol used you can filter if it is RPC or MAPI, other logonstatistics can be one thing you can try, else there is no specific logs which logs the IP address of the client machine because most of time clients connection are handled by LB and you just see LB's IP in connections
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.