PowerShell ยป Microsoft 365 Message tracing

PowerShell scripts for Microsoft 365

Get-MessageTrace and Get-MessageTraceDetail: Track Exchange Online mail status using PowerShell script

Cmdlet: Get-MessageTrace

Description: Use this cmdlet to trace messages as they are sent and received through Exchange Online. You can determine if a message was received, rejected, deferred, or delivered by the service. It also shows what actions were taken on the message before it reached its final status.

  1.  Get-MessageTrace
  2.   [-EndDate <DateTime>]
  3.   [-Expression <Expression>]
  4.  [-FromIP <String>]
  5.  [-MessageId <MultiValuedProperty>]
  6.   [-MessageTraceId <Guid>]
  7.   [-Page <Int32>]
  8.   [-PageSize <Int32>]
  9.   [-ProbeTag <String>]
  10.  [-RecipientAddress <MultiValuedProperty>]
  11.   [-SenderAddress <MultiValuedProperty>]
  12.  [-StartDate <DateTime>]
  13.   [-Status <MultiValuedProperty>]
  14.   [-ToIP <String>]
  15.   [<CommonParameters>]

You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned. If you enter a time period that's older than 10 days, you won't receive an error, but the command will return no results.

Example 1:

1  Get-MessageTrace -SenderAddress john@example.com -StartDate 05/03/2020 -EndDate 05/25/2020

This script retrieves the trace information for messages sent by john@example.com between May 03, 2020 and May 13, 2020.

Cmdlet: Get-MessageTraceDetail

Description: Use this cmdlet to view the trace details for a specific message.

  1.  Get-MessageTraceDetail
  2.   [-Action <MultiValuedProperty>]
  3.  [-EndDate <DateTime>]
  4.   [-Event <MultiValuedProperty>]
  5.   [-Expression <Expression>]
  6.   [-MessageId <String>]
  7.   [-MessageTraceId <Guid>]
  8.   [-Page <Int32>]
  9.   [-PageSize <Int32>]
  10.   [-ProbeTag <String>]
  11.   [-RecipientAddress <String>]
  12.   [-SenderAddress <String>]
  13.   [-StartDate <DateTime>]
  14.   [<CommonParameters>]

You can use this cmdlet to retrieve the message trace details as old as 30 days. If you enter a time period that's older than 30 days, the command will return no results.

Example 1:

1  Get-MessageTrace -MessageTraceId 2bbad36aa4674c7ba82f4b307fff549f -SenderAddress john@example.com -StartDate 06/13/2020 -EndDate 06/15/2020 | Get-MessageTraceDetail

This script retrieves the trace information for messages with the specified Exchange Network Message ID, sent by john@example.com between June 13, 2020 and June 15, 2020.

Message tracing with M365 Manager Plus

Depending on the intricacy of the data you need, the cmdlet varies. Why struggle with complex scripts and parameters when you can fetch the details in a single click? While the PowerShell scripts takes time to pull all the relevant records, M365 Manager Plus' audit reports provide you near real-time data instantly.

Message Tracing With M365 Manager Plus

If the default audit profiles do not fit your needs, you can,

  1. Create your own audit profiles.
  2. Create your own audit report views.

 

Audit Profile Configuration

Advantages of M365 Manager Plus over native Microsoft 365:

  • Long-term historical data:  In native Microsoft 365, there are limits to the period up to which you can retrieve historical data based on the data being audited. M365 Manager Plus stores audit data indefinitely to maintain complete records.
  • Real-time auditing: Instead of gathering the associated data for audit reports each time, M365 Manager Plus keeps audit reports updated in real time.
  • Profile-based auditing: Instead of having to peruse the entire list of audit reports to find the right one (as is required in Microsoft 365), M365 Manager Plus lets you create your own profiles so you can view only those audit details you need to see.
  • Group-based auditing:  While auditing Azure Active Directory, M365 Manager Plus lets you generate reports for user activities based on group membership. Native Microsoft 365 tools won't be able to audit based on group membership.
  • Advanced filtering: In native Microsoft 365, you can only filter logs based on certain attribute values. With M365 Manager Plus, filter your logs based on any attribute and perform multi-valued searches as needed.
  • Custom views:  While Microsoft 365 doesn't support custom views, M365 Manager Plus you can create your own custom views to see filtered data, summarized data or summarized data that is filtered.[Learn more]
  • Business hours auditing: Microsoft 365 doesn't support restricted time frame auditing, but M365 Manager Plus lets you retrieve audit details based on business hours or a specific period of time. [Learn more]
  • Export data: In native Microsoft 365, you can only export data to CSV. But in M365 Manager Plus, you can export audit data to PDF, XLS, HTML, or CSV.