Here they are some command lines that works fine on Exchange 2016:
Set-Mailbox
Get-Mailbox |fl name,AuditEnabled
To view log retention:
Get-Mailbox
If you want to change log retention (default 90 days)
Set-Mailbox -Identity
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditLogAgeLimit 180
If you want to enable logging on all mailboxes:
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true
Disable Mailbox logging
Set-Mailbox
Consider that Mailbox Owner activities are not logged, to enable it you must consider that we will have plenty of auditings:
Set-Mailbox
Get-Mailbox |fl name,AuditEnabled
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true
Disable the mailbox audit logging:
Set-Mailbox
Here they are whtat we log with these changes
Original Technet Article
https://technet.microsoft.com/it-it/library/ff459237(v=exchg.160).aspx
| Action | Description | Admin | Delegate*** | Owner |
| Copy | An item is copied to another folder. | Yes | No | No |
| Create | An item is created in the mailbox. (For example, a message is sent or received.) Note that folder creation isn't audited. | Yes* | Yes* | Yes |
| FolderBind | A mailbox folder is accessed. | Yes* | Yes** | No |
| HardDelete | An item is deleted permanently from the Recoverable Items folder. | Yes* | Yes* | Yes |
| MailboxLogin | The user signed in to their mailbox. | No | No | Yes |
| MessageBind | An item is accessed in the reading pane or opened. | Yes | No | No |
| Move | An item is moved to another folder. | Yes* | Yes | Yes |
| MoveToDeletedItems | An item is moved to the Deleted Items folder. | Yes* | Yes | Yes |
| SendAs | A message is sent using Send As permissions. | Yes* | Yes* | No |
| SendOnBehalf | A message is sent using Send on Behalf permissions. | Yes* | Yes | No |
| SoftDelete | An item is deleted from the Deleted Items folder. | Yes* | Yes* | Yes |
| Update | An item's properties are updated. | Yes* | Yes* | Yes |
You can get reporting here:
more details :
Microsoft - Enable or disable mailbox audit logging for a mailbox on Exchange 2016
https://technet.microsoft.com/it-it/library/ff461937(v=exchg.160).aspx
Microsoft - Mailbox audit logging in Exchange 2016
https://technet.microsoft.com/it-it/library/ff459237(v=exchg.160).aspx
Microsoft - Mailbox Audit Logging on Exchange 2010
https://technet.microsoft.com/en-us/library/ff459232(v=exchg.141).aspx
Microsoft - Mailbox Audit Logging on Exchange 2013
https://technet.microsoft.com/en-us/library/ff461939(v=exchg.150).aspx
