How to report domains sending email with No TLS?

Occasional Contributor

The Connector report is showing up to 10% of incoming internet email not using TLS.


How can I get more detail of the sending domain(s) which are not using TLS to encrypt email being send to Exchange Online?

2 Replies
best response confirmed by Calum_L1 (Occasional Contributor)

The built-in reports wont give you this information, you will have to harvest the message trace logs.

@Vasil Michev Thanks, I'm no PowerShell guru but this located the sending domains not using TLS1.2


$dateStart = ([system.DateTime]::Now.AddDays(-1))

$dateEnd = ([system.DateTime]::Now)

Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -PageSize 512 | Where {$_.Status -eq "Delivered"} | Get-MessageTraceDetail | where {$_.Event -eq "Receive"} | where {$_.Detail -notmatch "TLS1.2"} | fl