Recently I had the need to gather some detailed information about an ongoing service degradation.
During a migration to Exchange 2013 several users started complaining about intermediate connectivity issues.
After some investigation I still had no clear picture of the issue. The users had in general no connectivity problems, but they got sometimes errors (e.g.: failed authentication, request could not be completed). And this not in a consistent way.
Some reported issues in Outlook and some on a mobile device using an app. When I heard about the mobile apps, my first thought was maybe an Exchange ActiveSync issue. But the apps on the mobile devices were using EWS.
I just had an incident, where items got deleted. Of course, the affected person was a VIP and so I had to investigate the incident with high priority.
The first issue was that items vanished from a shared mailbox. One day later items in the mailbox of the assistant also disappeared.
Due to all the issues in the past with mobile devices (and I knew they were using a lot of mobile devices), my first thought was those might caused the issue.
The challenge was not to get the items back (thanks to Single Item Recovery!). It was more to clearly identify the client, which deleted the items.
Thank Exchange PG for the CmdLet Get-DatabasEvent!