MC1126353: Retirement of Search-MailboxAuditLog and New-MailboxAuditLogSearch Cmdlets by End of 2025

Introduction

As part of our ongoing efforts to modernize and streamline audit logging in Exchange Online, we are retiring the Search-MailboxAuditLog and New-MailboxAuditLogSearch cmdlet. Organizations should transition to the Search-UnifiedAuditLogcmdlet for long-term audit log access and compliance.

When this will happen

• March 1, 2025: New audit log data will no longer be written to individual mailboxes.
• June 2025: Migration tools and documentation will be available to support transition.
• End of December 2025: The Search-MailboxAuditLog and New-MailboxAuditLogSearch cmdlets will be fully retired.

How this affects your organization

After March 1, 2025, mailbox audit log data will become static and read-only. While existing data will remain accessible for historical review, no new data will be written to mailbox audit logs. By the end of 2025, the legacy cmdlets will no longer be available, and any scripts or tools relying on them will fail.

Organizations should ensure they are using the Search-UnifiedAuditLog cmdlet for audit log access going forward. This change supports improved scalability, centralized access, and long-term retention of audit data.

What you can do to prepare

To ensure a smooth transition:

• Review your current usage of Search-MailboxAuditLog and New-MailboxAuditLogSearch to identify dependencies in scripts, tools, or workflows.
• Engage with your legal and compliance teams to ensure regulatory requirements are met.
• Confirm that auditing is enabled for your tenant.
• Use the documentation (available June 2025) to transition to Search-UnifiedAuditLog.

Learn more: Microsoft Exchange Online: Search-MailboxAuditLog and New-MailboxAuditLogSearch will retire

Compliance considerations