Archive Search Auditing and Alerting

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Jul 19, 2018
Version 3Show Document
  • View in full screen mode

The archive search auditing and alerting features provide additional security and auditing options for administrative archive searches, by enforcing a 'search reason' for each search. When enabled, any administrator attempting to run an archive search is required to enter a search reason before the search is executed. Search reasons are logged in the Message Search Logs, to allow you to audit administrative searches. This ensures they are being carried out in accordance with any company or regulatory policies in your organization.


The message search logs record the:

  • Time the search was executed.
  • Email address of the administrator who executed the search.
  • Search source
  • Description
  • Date filters
  • Search reason


Where are Search Reasons Enforced?


An administrator attempting to run a search or view search results from the following areas is required to provide a search reason:

  • Archive Search
  • Saved Search
  • Smart Tags
  • File Archive tags
  • Lync IM tags
  • Exports of Saved Searches
  • Exports of eDiscovery cases
  • Viewing results of searches within eDiscovery cases


Enabling Search Auditing


This feature is enabled using the “Enforce Archive Search Reason” setting in the Administration Console under the Administration | Account | Account Settings menu and then selecting System Notification Options. This setting is only available to administrators assigned to the Super Administrator role.

If Privileged Access Notifications are enabled, the search reason will also be included in these notifications.

Viewing Message Search Logs


Message Search Logs are accessed in the Administration | Archive | Search Logs menu in the Administration Console.

1 person found this helpful