Forum Discussion
Exchange Message Trace Reporting and e-Discovery
MicrosoftEmyLoanzon Threat Explorer in the Security Center allows you to search messages by file attachment, but as you know Message Trace does not. Whether or not to include a new capability in Message Trace is based on the scenario: If the scenario is more a security related investigation then it's a better candidate for Threat Explorer; if it's more about troubleshooting mail flow routing or delivery issues then it's a candidate for inclusion in Message Trace. Since all investigations that filter by attachment that we've heard about from customers are for security-related investigations, that capability landed in Threat Explorer.
KevinShaughnessy Thank you. Is Threat Explorer part of the M365 E3 license? Queries for emails with specific file attachments is a basic search queries for email reporting.
- KevinShaughnessy
EmyLoanzon it's not included with E3, but with E5. It's available in ATP Plan 2 which comes with E5. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide#office-365-atp-plan-1-and-plan-2
Can you elaborate on a non-security/threat related scenario where you'd want to trace messages by attachment type or name, where the concern isn't primarily security/threat related? Thanks!
KevinShaughnessy Thanks, Kevin. I am routinely asked to provide reports on how many emails with certain file types (excel, word, PDF files) were sent within the company - to encourage those employees to use OneDrive or SharePoint instead.
For security reports, I have to provide how stats on emails that get compressed files from external sources.
