Email message traces in Office 365

A very common need these days is to do an email message trace. This can be done the old way in the Exchange Online Admin center or the new way via Mail Flow in the Security and Compliance center.

image

You simply enter the details and then run a search.

image

and the output looks like the above, where you can also drill in and get more detail.

image

As with all things Office 365, you can achieve the exact same thing using PowerShell as I have shown above. The code to achieve this is quite straight forward but I have uploaded it to my GitHub repo to save you the trouble:

https://github.com/directorcia/Office365/blob/master/o365-msgtrace.ps1

Where PowerShell comes into its own is when you need to a variety of tasks, perhaps an investigation of a breach. Using PowerShell you can easily dump all the information to CSV for further analysis rather than having to root it out in the web interface.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s