SOLVED

How to report domains sending email with No TLS?

%3CLINGO-SUB%20id%3D%22lingo-sub-1102412%22%20slang%3D%22en-US%22%3EHow%20to%20report%20domains%20sending%20email%20with%20No%20TLS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1102412%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20Connector%20report%20is%20showing%20up%20to%2010%25%20of%20incoming%20internet%20email%20not%20using%20TLS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20I%20get%20more%20detail%20of%20the%20sending%20domain(s)%20which%20are%20not%20using%20TLS%20to%20encrypt%20email%20being%20send%20to%20Exchange%20Online%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1102412%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1103541%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20report%20domains%20sending%20email%20with%20No%20TLS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1103541%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20built-in%20reports%20wont%20give%20you%20this%20information%2C%20you%20will%20have%20to%20harvest%20the%20message%20trace%20logs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1103599%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20report%20domains%20sending%20email%20with%20No%20TLS%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1103599%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BThanks%2C%20I'm%20no%20PowerShell%20guru%20but%20this%20located%20the%20sending%20domains%20not%20using%20TLS1.2%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3E%24dateStart%20%3D%20(%5Bsystem.DateTime%5D%3A%3ANow.AddDays(-1))%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3E%24dateEnd%20%3D%20(%5Bsystem.DateTime%5D%3A%3ANow)%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3EGet-MessageTrace%20-StartDate%20%24dateStart%20-EndDate%20%24dateEnd%20-PageSize%20512%20%7C%20Where%20%7B%24_.Status%20-eq%20%22Delivered%22%7D%20%7C%20Get-MessageTraceDetail%20%7C%20where%20%7B%24_.Event%20-eq%20%22Receive%22%7D%20%7C%20where%20%7B%24_.Detail%20-notmatch%20%22TLS1.2%22%7D%20%7C%20fl%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

The Connector report is showing up to 10% of incoming internet email not using TLS.

 

How can I get more detail of the sending domain(s) which are not using TLS to encrypt email being send to Exchange Online?

2 Replies
Highlighted
Best Response confirmed by Calum_L1 (Occasional Contributor)
Solution

The built-in reports wont give you this information, you will have to harvest the message trace logs.

Highlighted

@Vasil Michev Thanks, I'm no PowerShell guru but this located the sending domains not using TLS1.2

 

$dateStart = ([system.DateTime]::Now.AddDays(-1))

$dateEnd = ([system.DateTime]::Now)

Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -PageSize 512 | Where {$_.Status -eq "Delivered"} | Get-MessageTraceDetail | where {$_.Event -eq "Receive"} | where {$_.Detail -notmatch "TLS1.2"} | fl