Nov 25 2019 09:14 AM
Hello,
I am currently trying to establish statistics regarding the email activities on Office 365.
I spent some time trying to figure out how to access the sender / receiver email or account (and other related data). I didn't find anything concluant within the OfficeActivity logs.
Did you try to achieve this ?
Thank you for your answer.
Nov 25 2019 10:44 AM
@ClementBonnet Have you looked at the Office 365 Workbook? It may not be 100% what you are looking for but it should give you a hint of how to get what you want if it doesn't.
Nov 26 2019 02:09 AM
@Gary Bushey Thanks for your answer!
I did look at Office 365 Workbook, but didn't find anything regarding email data. There are only information on the mailbox.
I wonder if sender/receiver (and other data) are actually transmitted from Office 365 to Sentinel through the Office 365 connector. I try to figure out how to do this.
Nov 26 2019 09:04 AM
@Gary Bushey Thank you for your answer.I'm I'm also interesting. I think, what we would like it's to collects Message Trace data from Microsoft Office 365 including the following:
Sender
Recipient
Subject
To IP Address
From IP Address
Size
Date Received
Regards
Dec 01 2019 06:08 AM
@thotho : supporting email flow logs is on our roadmap. We hope to address your need soon.
Jan 16 2020 12:54 AM
Would be very nice to get Email Message Header information a part of this data.
I'm specific interessted to get the X-Forefront-Antispam-Report Header, so that it's possible to analyze Email SPAM.
Do you have any timeframe on when this exchange online email connector can be available? Q1 2020? Q2 2020? This year? Next year?
Br. Rune
Jan 16 2020 06:01 AM
@ClementBonnet That information is not captured in Sentinel. Not sure if it would be in the Security Graph or not but you can check that as well.
Aug 21 2020 10:18 AM
@Ofer_Shezaf, whats the status of this roadmap item? is there a public ID we can follow? We need to see message tracking in sentinel.
Dec 14 2020 10:08 PM
@Ofer_Shezaf year later, any progress ?
Dec 16 2020 11:24 AM
Hello @Heiko Fuhrmann
Have you seen the methods here? especially the "Update 3rd June 2020" solution.
Office 365 Email Activity and Data Exfiltration Detection - Microsoft Tech Community
Thanks