Forum Discussion
Microsoft does not consider Security and Compliance Center to be credible
"As message trace in Office 365 Security & Compliance Center is a redesigned tool which focus on making Message Trace more effective and easier for both professional and part-time email admins, it is still in ‘preview’ status.
We don’t ensure this tool is as credible as Message Trace in the Exchange Admin Center (EAC)."
What kind of response is that? And they want to close the ticket. 😂
- Right, so you are confirming my last bit -- that longer term storage doesn't seem to have the most recent bits in your case for some reason. I would normally expect it to have it within 4 hours of the email being sent, but I don't know what the exact SLA is; there could be a service issue in your region. Regardless, I'm confirming: there is an escalation process for looking into this type of issue, and so if it still isn't resolved, it's absolutely something we can look into. I have shared this information with the support team working your issue, so let us know if this doesn't get you unstuck. I apologize for any inconvenience.
10 Replies
Hello Justin, does that message shows up in the normal Message Tracking under EAC?
Yes. This was a report that was ran for management using SCC. It was identified after the fact that an email was sent that did not show up on the report. It appears SCC pulls from some data warehouse that has a delay compared to EAC. My issue is with Microsoft's response that SCC is not credible and the excuse that it's a preview, so that's somehow to be expected. First, it's not preview and went GA on 2/22/18. Second, if the search will not encompass emails sent within a certain period of the report being ran, it would be so easy to detect this and report to the user with a big red flag that the report "may not contain emails sent before [last data warehouse event]."
- Scott Landry
Microsoft
The Message Trace features in SCC and EAC use exactly the same back end query mechanisms. So it is literally impossible for the data to exist in one and not the other. What can happen, however, is that the result could be only one of the two data repositories that both admin experiences use. Specifically:
- short term data storage (7-10 day)
- longer term data store (>10days to 90 days)
Depending on how you structure your query in each experience determines which source is searched - we never search both at the same time. We think we made it much clearer in the new experience, but we also made it smarter at picking the best option vs. requiring an explicit decision. If someone is used to an explicit decision, I can see why they might think the back end has changed.
Now, depending which data store doesn't have the message in question, it could be due to a data ingestion issue for that particular source, and should be troubleshot accordingly and escalated if necessary. We do investigate issues of this nature, though we'll need to figure out which data storage and how long since the message was sent. We do absolutely care about the credibility of Message Trace.
That's probably one of the vendor agents... their priority is closing the tickets, not resolving them :) Let me ping few folks on the Exchange team, see what they think about it.
Ticket #11076270 if they have access to the details. I've gotten nowhere with MS over the past 3 days. Can't say that's not typical. We also have our MS reps looking into this as well.
