Microsoft 365 Messaging Administrator Certification Transition (legacy) — Question 14

You have a Microsoft Exchange Server 2019 organization.
You have a user named User1. Multiple users have full access to the mailbox of User1. Some email messages appear to have been read and deleted before
User1 viewed them. You need to track the identity of any user who deleted the email messages of User1 in the future.
Which command should you run?

Answer options

• A. Set-AdminAuditLogConfig ""AdminAuditLogEnabled $true ""AdminAuditLogCmdlets *Mailbox*
• B. Set-Mailbox ""Identity "User1" ""AuditEnabled $true
• C. Set-MailboxFolderPermission ""Identity "User1" ""User[email protected]""AccessRights Owner
• D. Set-Mailbox "User1" ""AuditEnabled $true ""AuditOwner MailboxLogin

Correct answer: B

Explanation

The correct answer is B, as enabling auditing on User1's mailbox will allow tracking of actions taken, including deletions. Options A and D pertain to admin auditing rather than specific mailbox actions, and option C focuses on folder permissions rather than auditing deletions.