Forum Discussion
Exchange Message Trace Reporting and e-Discovery
MicrosoftEmyLoanzon Threat Explorer in the Security Center allows you to search messages by file attachment, but as you know Message Trace does not. Whether or not to include a new capability in Message Trace is based on the scenario: If the scenario is more a security related investigation then it's a better candidate for Threat Explorer; if it's more about troubleshooting mail flow routing or delivery issues then it's a candidate for inclusion in Message Trace. Since all investigations that filter by attachment that we've heard about from customers are for security-related investigations, that capability landed in Threat Explorer.
KevinShaughnessy Thank you. Is Threat Explorer part of the M365 E3 license? Queries for emails with specific file attachments is a basic search queries for email reporting.
- KevinShaughnessy
EmyLoanzon it's not included with E3, but with E5. It's available in ATP Plan 2 which comes with E5. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide#office-365-atp-plan-1-and-plan-2
Can you elaborate on a non-security/threat related scenario where you'd want to trace messages by attachment type or name, where the concern isn't primarily security/threat related? Thanks!
KevinShaughnessy Thanks, Kevin. I am routinely asked to provide reports on how many emails with certain file types (excel, word, PDF files) were sent within the company - to encourage those employees to use OneDrive or SharePoint instead.
For security reports, I have to provide how stats on emails that get compressed files from external sources.
- KevinShaughnessy
EmyLoanzon Thanks so much for the additional info about those reports to encourage folks to use OneDrive or Sharepoint instead. Good to know! I'll share that info with my colleague who owns Message Trace UI / scenarios. Cheers!