As a best practice, it is recommend that you don’t configure blanket, persistent access for IT administrators to end user Exchange mailboxes.
The Exchange Analyzer team are happy to release v0.2.1-Beta.5. This release contains several new tests and some bug fixes.
For POP and IMAP access to Exchange Server mailboxes the best practice is to require secure logins.
The servers running Exchange Server in your environment should have unique, complex local administrator passwords that are unknown.
When you configure journaling in an Exchange organization you should also review the configuration of any databases that will be hosting journal mailboxes.