Download presentation
1
Message Trace Office 365 May 2013
2
Message Trace Office 365 Mark Bauer Sujata Tamang Microsoft Office365
4/20/2017 Message Trace Office 365 Mark Bauer Sujata Tamang © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3
Agenda What is message trace? How does it help us?
Microsoft Security Strategy Briefing NDA - Microsoft Confidential Agenda What is message trace? How does it help us? Difference between Message Trace and Delivery Reports. Different methods of message tracing. Mail flow and message tracing.
4
Microsoft Security Strategy Briefing
NDA - Microsoft Confidential What is Message Trace? The message trace feature enables administrator to follow messages as they pass through Exchange Online or Exchange Online Protection service. It helps to determine whether a targeted message was: Received Rejected Deferred Delivered Failed Shows what actions have occurred to the message before reaching its final status.
5
Microsoft Office365 4/20/2017 How does it help us? It helps us obtain detailed information about a specific message that lets us efficiently: Answer user’s questions Troubleshoot mail flow issues Validate policy changes Alleviate the need to contact technical support for assistance © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
6
Difference between message trace and delivery reports
Microsoft Security Strategy Briefing NDA - Microsoft Confidential Difference between message trace and delivery reports Message Trace Delivery Reports Message trace enables administrators to search for specific messages using basic information such as : sender, recipient, date and message ID to obtain the status of the message Delivery reports allow end users to track delivery of messages The status will help us determine if the message was received by the EOP filtering service; whether it was scanned, blocked, deleted or delivered successfully within the last 7days. Delivery Reports help us discover answers to questions such as: why was a message not delivered, where is the message now, who received the message, why the message was delivered to a particular folder, etc. These reports are only retained for 14 days.
7
Message Trace - Admin UI: Delivery Reports - Admin UI:
Microsoft Office365 4/20/2017 Message Trace - Admin UI: Delivery Reports - Admin UI: Message trace Permissions required Organization Management Compliance Management Help Desk © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
8
Message Trace: Overview
Message trace results are available to administrators for the last 7 days and outline the status of a message: Delivered: The message was successfully delivered to the intended destination. Failed: The message was not delivered. Either it was attempted and failed or it was not delivered as a result of actions taken by the filtering service. For example, if the message was determined to contain malware. Pending: Delivery of the message is being attempted or re-attempted. Expanded: The message was sent to a distribution list and was expanded to the recipients of the distribution list. Unknown: The message delivery status is unknown at this time. When the results of the query are listed, the delivery details fields will not contain any information. Message Tracing in Office 365 is very similar to the message tracing capabilities of Wave 14 with a number of improvements. The biggest improvement is the ability to use the following wildcard conditions for either the sender or recipient or both: or blank
9
Message Trace: Considerations/Limitations
At this time we know of the following issues for message trace: Include a Message ID string that contains opening and closing angle brackets (<>) . Show only results for messages that have been scanned/processed by EOP. Message trace cannot be performed a on a message that was Edge-blocked. Messages blocked by reputation block lists will be included in the spam data for real time reports. Redirect to address are not traceable in a single search. Need to provide new recipients. The message trace tool uses the MAIL FROM value presented at the initiation of the SMTP conversation as the Sender in a search, regardless of what the DATA section of the message shows. When a message matches a transport rule, the ID is stored in the message trace and real time reporting databases. If you trace one of these messages, or drill down on rule details in a report, the message trace and real time reporting user interfaces dynamically pull the current rule information from the hosted services network based on the rule ID in the reporting database. If the rule is changed at a later time the rule ID remains the same. You can then use the auditing report feature in order to determine when the rule was changed and the properties that were changed.
10
Message Trace: UI Microsoft Office365 4/20/2017
By double clicking on a message in the search results you can see additional details of the message. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11
Additional Details:
12
Message Trace through Office 365 Remote PowerShell.
In addition to tracking messages via the Exchange Admin Center UI administrators can also track messages through Office 365 Remote PowerShell. >>Get-MessageTrace >>Get-MessageTraceDetails These cmdlets are available only in the cloud-based service. We use the Get-MessageTrace cmdlet to trace messages as they pass through the cloud-based organization.
13
Message Trace commands:
Microsoft Office365 4/20/2017 Message Trace commands: >>Get-MessageTrace -SenderAddress -StartDate 06/13/2012 -EndDate 06/15/2012 >>Get-MessageTrace Received Sender Address Recipient Address Subject Status 4/30/2013 5:20:2... Inbound Delivered 4/30/2013 5:19:0... Outbound Delivered Inbound Message: >>Get-MessageTrace -SenderAddress john2contoso.com -RecipientAddress | fl Outbound Message: >>Get-MessageTrace -SenderAddress -RecipientAddress | fl (MessageTraceId and Recipient Address is required for tracing inbound messages) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
14
Inbound Mailflow: Mail flow Scenario: Internet to Exchange Online
15
Get-MessageTrace -SenderAddress tamang. sujata@contoso
Get-MessageTrace -SenderAddress -RecipientAddress | fl Message Trace ID : 67fad3d2-b9e8-48a6-9fce-08d013de20a9 Message ID : .com> Received : 4/30/2013 5:20:21 PM Sender Address : Recipient Address : From IP : To IP : Subject : Inbound Status : Delivered Size : 3548
16
Get-MessageTrace -MessageTraceId 67fad3d2-b9e8-48a6-9fce-08d013de20a9
Microsoft Office365 4/20/2017 Get-MessageTrace -MessageTraceId 67fad3d2-b9e8-48a6-9fce-08d013de20a9 Received Sender Address Recipient Address Subject Status 4/30/2013 5:20:2... Inbound Delivered Get-MessageTraceDetail -MessageTraceId 67fad3d2-b9e8-48a6-9fce-08d013de20a9 -RecipientAddress Message ID (MessageTraceId and Recipient Address is required for tracing inbound messages) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
17
Get-MessageTraceDetail -MessageTraceId 67fad3d2-b9e8-48a6-9fce-08d013de20a9 -RecipientAddress | fl Message Trace ID : 67fad3d2-b9e8-48a6-9fce-08d013de20a9 Message ID : Date : 4/30/2013 5:20:21 PM Event : RECEIVE Action : Detail : Message received by: BN1PR03MB071 Data : <root><MEP Name="ConnectorId" String="BN1PR03MB071\Default BN1PR03MB071"/><MEP Name="ClientIP" String=" "/><MEP Name="ServerHostName" String="BN1PR03MB071"/></root>
18
Message Trace ID : 67fad3d2-b9e8-48a6-9fce-08d013de20a9
Message ID : om> Date : 4/30/2013 5:20:22 PM Event : DELIVER Action : Detail : The message was successfully delivered. Data : <root><MEP Name="SourceContext" String="08D004CCF63B2FF9; T17:20:22.626Z;ClientSubmitTime:"/><MEP Name="MailboxServer" String="BLUPR03MB067"/><MEP Name="MailboxDatabaseName" String="NAMPR03DG005-db011"/><MEP Name="DeliveryPriority" String="Normal"/></root>
19
Outbound Mailflow Mailflow Scenario: Exchange Online to Internet
20
Get-MessageTrace -SenderAddress admin@suz15. onmicrosoft
Get-MessageTrace -SenderAddress -RecipientAddress Received Sender Address Recipient Address Subject Status 4/30/2013 5:19:0... Outbound Delivered
21
Get-MessageTrace -SenderAddress admin@suz15. onmicrosoft
Get-MessageTrace -SenderAddress -RecipientAddress fl Message Trace ID : f8bce35b-bf45-4f20-6d1b-08d013ddf301 Message ID : Received : 4/30/2013 5:19:04 PM Sender Address : Recipient Address : From IP : To IP : 2607:f8b0:4003:c02::1b Subject : Outbound Status : Delivered Size : 6510
22
Get-MessageTraceDetail -MessageTraceId f8bce35b-bf45-4f20-6d1b-08d013ddf301 - RecipientAddress Message ID
23
Get-MessageTraceDetail -MessageTraceId f8bce35b-bf45-4f20-6d1b-08d013ddf301 -RecipientAddress | fl Message Trace ID : f8bce35b-bf45-4f20-6d1b-08d013ddf301 Message ID : Date : 4/30/2013 5:19:04 PM Event : RECEIVE Action : Detail : Message received by: BLUPR03MB067 Data : <root><MEP Name="ClientIP" String=" "/><MEP Name="ServerHostName" String="BLUPR03MB067"/></root>
24
Message Trace ID : f8bce35b-bf45-4f20-6d1b-08d013ddf301
Message ID : ook.com> Date : 4/30/2013 5:19:27 PM Event : SUBMIT Action : Detail : The message is awaiting submission to the mailbox store. Data :
25
Message Trace ID : f8bce35b-bf45-4f20-6d1b-08d013ddf301
Message ID : Date : 4/30/2013 5:19:27 PM Event : RECEIVE Action : Detail : Message received by: BLUPR03MB068 Data : <root><MEP Name="ConnectorId" String="BLUPR03MB068\Default BLUPR03MB068"/><MEP Name="ClientIP" String=" "/><MEP Name="ServerHostName" String="BLUPR03MB068"/></root>
26
Message Trace ID : f8bce35b-bf45-4f20-6d1b-08d013ddf301
Message ID : look.com> Date : 4/30/2013 5:19:28 PM Event : SEND Action : Detail : Message transferred from: To_DefaultOpportunisticTLS Data : <root><MEP Name="ConnectorId" String="To_DefaultOpportunisticTLS"/><MEP Name="ServerIP" String="2607:f8b0:4003:c02::1b"/></root>
27
Resources Message Trace:
Run a Message Trace and View Results: Message Trace FAQ: 27
28
Questions?
29
4/20/2017 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.