Message tracing or message tracking in office 365 is one of the common tools used by the administrators to monitor the email flow direction. When emails travel through office 365, some of the information about them put away in logs and accessible for regulatory purposes. Regardless of if user delete or cleanse messages, the head can see fundamental data like sent and receive messages.
But this Message tracking does not allow you to look into a message substance. In any case, it can give a considerable amount of information about the emails like:
- Sender & Recipient
- Send & receive dates
- subject and email size
- Message status and event details. There are seven conceivable qualities in the conveyance status field like failed, delivered, pending, spam, expanded, unknown and quarantined.
- Sender IP addresses.
- Message ID is a unique number recognizing a message. In the message trace search, message ID will be common and displayed once for each recipient when there are multiple recipients. But message trace ID will be different for each entry.
The message tracking and message tracing are bit different in office 365.The message tracking log files are text files, so user can copy and access directly, and also it is possible to delete it manually.
Differences between office 365 message tracing & message tracking
| Message Activity | Message Tracking Log | Message Tracing |
|---|---|---|
| Access Message | PowerShell command alternatively a text editor | PowerShell command and EAC(Exchange Admin Center) |
| Message Size Limitation | The message tracking log file default size is 1000 MB | No size limit in the message tracing |
| Age Limitation | Oldest file data are overwritten by default before 30 days. It can be expanded or reduce | Message trace can be easily accessed till 7 days and 90 days for “Historical Search” where results must be seen only on a downloadable CSV file. |
| Message Availability | All information about messages is accessible when they are sent or received. | Messages under 4 hours old may not be accessible |
| Message Delay | Start search immediately | Searching for older than 7 days messages may take few hours |
Message tracking benefits:
- Identify email deliver issues and fix
- Monitor the email flow
- Check your email flow rules and its working
- Message log file
Message Trace Permissions:
Some of the permissions are required for search in message trace
- Admin security permission
- Security Reader permission
- View-Only Recipients Permission
- Permission for Compliance Admin
- Data Loss Prevention
All permissions mentioned above are set by default for “organization management” role group. Office 365 message track have two types, first one is PowerShell command and second one is EAC (Exchange Admin Center) option.
I. Message tracing in office 365 using PowerShell
The PowerShell can be used to search over message tracking logs on on-premises servers and also trace messages on Exchange Online. Even though it looks similar there are few differences. Let’s check those below.
The on-prem Exchange has one cmdlet command to get particular message information:
Get-MessageTrackingLog.
Corresponding Office 365 command for the same is “Get-MessageTrace”.
These cmdlet commands are executed same time, yet while Get-MessageTrackingLog seeks through every current log. You can go back past seven days in Exchange Online counterpart. Separate cmdlet command is there to search older messages which start a “historical search”.
No need of any additional parameters for The Get-MessageTrace command to search. If you’re not adding any additional parameter, you can get past 48 hours message information. Regularly, those furnish you with an excess of information for indicative purposes. You can also find out specific email information, to discover the end result for a particular email, you should limit your inquiry down.
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 20/07/2017 -EndDate 11/14/2017
This cmdlet demonstrates all the mail flow directed to the user address between the specified dates. If you’re not getting all required information, then you can change the result format and indicate the information you require, Like Size vise or FromIP.
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 20/07/2017 -EndDate 11/14/2017| Format-list -Property Received,SenderAddress,Status,MessageTraceId
This list gives adequate information to identify the correct message. You can check the message status like why message delivery failed, for this you can use Get-MessageTraceDetail. Rather than finding and replicating Message Trace ID from the result of the previous cmdlet, try to use it in the pipeline.
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 20/07/2017 -EndDate 11/14/2017 -Status Failed | Get-MessageTraceDetail
Now you can see for what reason message delivery failed – as a result of a mail flow failure. The running message trace will not give last one-week email information directly, you need to run Historical Search. When you’re starting to search message information, first run the Start-HistoricalSearch. The mandatory parameters are StartDate, EndDate, ReportTitle and ReportType (MessageTraceDetail or MessageTrace). Ensure you have likewise indicated the – NotifyAddress field, to get the report when it is prepared. If the – NotifyAddress parameter isn’t defined, the best way to get to the report is by EAC (Exchange Admin Center). Likewise, it is essential to limit the inquiry to incorporate just the information you require, as authentic hunt may take up to a couple of hours.
II. Office 365 Message Tracking using EAC (Exchange Admin Center)
The on-prem Exchange does not allow to message tracking through (EAC) Exchange Admin Center. But in office 365 you can access message tracing via EAC without any issue. After executing “message trace” you can view all the result, and also possible to view specific message details. We will see the step by step execution of message tracking via (EAC) process below.
- Login to your office 365 account.
- Next select the app icon in office 365 in left side, in that select the “Admin”.
- In admin select the “Exchange”
In Exchange admin center click the mail flow next select the message trace.
In this window you can give your input criteria for the information that you excepting. You can search past seven days send and receive email information. First you need to select custom in Date range. Then apply Start date & time and End date & time accordingly. This is an older message tracing like Historical Search. If you want to see past seven days message click the “Search” button. One new window will open, in that window mail information will be there.
If you want more detail of any particular mail just double click on the mail, one popup window will open. This window shows all the details like why message delivered field and message rules also. Then you can see which message rule have problem and you can fix the particular issue.
Go back to main message trace window and click the “View pending or completed trace” And download “CSV” file with your message report. In the csv file each row shows information about single email.
