• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 53
  • Last Modified:

Can I find out who sent a message from Exchange Online logs

They want me to find out who sent a message outside of the organization they believe was BCC'd but the only information I have is the subject. Can we find out who sent it to an outside address? I've looked through the Exchange Mst trace logs, Security and Compliance etc I cannot find a way of querying this information is it possible?
0
Jason Komendat
Asked:
Jason Komendat
  • 3
  • 2
  • 2
3 Solutions
 
Vasil Michev (MVP)Commented:
There is no subject-based search in ExO, you will have to at least specify a date range and get the full message trace logs, then filter the output and search for the subject. Do you at least have the recipient address?
0
 
Jason KomendatAuthor Commented:
No of course not that would be too easy, I thought of that searching for all messages and just sorting through but when I try that I specify the date range it opens a windows with just some of 1 day and thats it. The windows even after I hit show all results at the bottom doesn't show all for that date range. It like it limits it to 1000 messages and we get close to 50,000 a day
0
 
Vasil Michev (MVP)Commented:
Yes, you have to use pagination to get the full result for the data range, and it can take a while in large environments. Here's a sample script that you can modify to get the full list of messages: https://gallery.technet.microsoft.com/office/Office-365-Mail-Traffic-afa37da1
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Jason KomendatAuthor Commented:
This script says it gives Office 365 Mail Traffic Statistics by User. I need to search outgoing messages and find one by a specific subject that went BCC'd to external addresses. I need to find out which local user sent that message. I don't think this script is what I need
0
 
Vasil Michev (MVP)Commented:
The point was that you can use it as an example on how to get all the messages. The script does exactly that, for all recipients in your tenant. But you will have to modify the output to give you jsut the ones with the subject you care about.
0
 
Ajit SinghCommented:
Try PowerShell something like:

Get-MessageTrace -SenderAddress $email -StartDate "11/01/2017 6:00" -EndDate "11/15/2017 6:00" | 
Export-csv C:\export.csv

Open in new window


Message Trace, the PowerShell Way

Message Tracking by Subject

Office 365 – Script to Perform Message Trace By Subject

User Login History, Statistics and Activity Reports in the Office 365

Hope this helps!
0
 
Ajit SinghCommented:
Please post back if you need further assistance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now