Exchange Message Tracking Logging must be enabled.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-228362 | SRG-APP-000098 | EX16-MB-000090 | SV-228362r879566_rule | 2023-12-18 | 2 |
Description
A message tracking log provides a detailed log of all message activity as messages are transferred to and from a computer running Exchange.
If events are not recorded, it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.
ℹ️ Check
Open the Exchange Management Shell and enter the following command:
Get-Transportservice | Select Name, MessageTrackingLogEnabled
If the value of MessageTrackingLogEnabled is not set to True, this is a finding.
✔️ Fix
Open the Exchange Management Shell and enter the following command:
Set-Transportservice <IdentityName> -MessageTrackingLogEnabled $true
Note: The <IdentityName> value must be in quotes.