Knowledge Base

How to create an extended message trace report in Office 365

Problem:

You would like to generate an extended message trace report in a CSV file, e.g. for diagnostic purposes.

Solution:

There are currently two alternative places where an Office 365 admin can view message traces and generate message trace reports:

Message trace in Office 365 Security & Compliance Center

To access the message trace feature in Office 365, open the Security & Compliance Center and go to Mail flow > Message trace. On the message trace home page (Fig. 1.), you have access to predefined (default) queries, your own saved queries, recent (autosaved) queries, and downloadable message trace reports (including the ones you created in EAC).

660-1a
Fig. 1. The Message trace page in Office 365 Security & Compliance Center.

There are various types of message traces you can run, but for diagnostic purposes you should prepare an extended message trace report because it contains the most comprehensive information about mail flow.

To create a new extended message trace report, click Start a trace, define the trace parameters (such as the date and time range), choose the Extended report type (Fig. 2.), and click Next.

  • To be able to generate a report, you need to narrow down the trace results to at least a sender, a recipient, or a Message ID.
  • The last four hours of message trace data might not be included in the report.

660-2a
Fig. 2. Creating a new extended message trace report.

On the Summary page (Fig. 3.), you can specify the title of your report and who will get a notification message once the report is generated. Click Prepare report and close the confirmation window.

660-3a
Fig. 3. The final step of the message trace report wizard.

You can monitor the progress of the report preparation in the Downloadable reports section (Fig. 4.).

Important

It may take Office 365 up to several hours to generate your message trace report, depending on the number of emails that need to be processed, concurrent traces, etc. The notification will be sent to the email address you specified (see Fig. 3.) once the report becomes available for download.

660-4a
Fig. 4. Monitoring the status of message trace reports.

When the report is done, click it and then click the Download button (Fig. 5.) to save it to a CSV file.

660-5a
Fig. 5. Downloading a completed message trace report.

To learn more about message traces and differences between the available trace types, see this MS Support article.

Message Trace in Exchange Online admin center (EAC)

Exchange Online allows you to view message traces online or generate CSV reports with extended message trace. Extended message traces in the CSV format are particularly useful for diagnostic purposes. To learn how to generate them in Office 365, follow the guidelines below.

  1. Open your Microsoft 365 admin center (Office 365 admin center) and go to Exchange admin center (Fig. 6.).

Accessing Exchange admin center.
Fig. 6. Accessing Exchange admin center.

  1. Select mail flow from the left menu and switch to the message trace tab (Fig. 7.). Here, you can define several criteria to filter emails you would like to include in your trace report.

Tip

If you would like to create a trace report for a specific message, use the Message ID: filter.
Learn how to find the Message-ID of an email

660-2
Fig. 7. Message trace options in EAC.

  1. Expand the Date range field and choose Custom.

    Important

    The time range you select has a direct effect on the resulting type of message trace:

    • If you choose a time period of the last 7 days or less, you will only be able to view a regular message trace online. Learn more about viewing trace results in EAC
    • To get an extended message trace report in CSV, you need to select a start date older than the last 7 days. You can choose any end date: if you want the report to cover your most recent emails, set the end date and time to your current date and time.
  2. Once you select a correct time range for the extended message trace, as described above, additional options are displayed (Fig. 8.).

660-3
Fig. 8. Additional options for extended message trace.

  1. (Optional) If you are planning to send your extended message trace to CodeTwo Support, select the Include message events and routing details with report checkbox.
  2. Type the name for your extended message trace report and provide an email address to which a notification with the report will be sent. If necessary, use the other options to further filter the trace results.
  3. Click search to run your message trace (if you did not provide enough filters, you might be prompted to specify at least one of them to continue).
  4. It might take a while (usually at least an hour) until the extended message trace report is generated. When it's completed, you will receive an email with a download link.

Info

You can track the progress of your traces in a separate window by clicking View pending or completed traces (Fig. 9.). The new window also allows you to download your extended message trace reports. You might need to scroll down to find the download link (highlighted in Fig. 9.).

660-4
Fig. 9. How to monitor and download message traces.

See also

Parsing an extended message trace - a Microsoft blog article on extracting data from an extended message trace

Message Trace FAQ - see this Microsoft article to learn how to run a message trace via PowerShell