Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

[OFFICE 365 - EXCHANGE] Monitor in/out mails senders

Brass Contributor



I am currently trying to establish statistics regarding the email activities on Office 365.

I spent some time trying to figure out how to access the sender / receiver email or account (and other related data). I didn't find anything concluant within the OfficeActivity logs.


Did you try to achieve this ?

Thank you for your answer.

9 Replies

@ClémentB Have you looked at the Office 365 Workbook?  It may not be 100% what you are looking for but it should give you a hint of how to get what you want if it doesn't.

@Gary Bushey Thanks for your answer!
I did look at Office 365 Workbook, but didn't find anything regarding email data. There are only information on the mailbox.

I wonder if sender/receiver (and other data) are actually transmitted from Office 365 to Sentinel through the Office 365 connector. I try to figure out how to do this.

@Gary Bushey Thank you for your answer.I'm I'm also interesting. I think, what we would like it's to collects Message Trace data from Microsoft Office 365 including the following:
To IP Address
From IP Address
Date Received



@thotho : supporting email flow logs is on our roadmap. We hope to address your need soon.



Would be very nice to get Email Message Header information a part of this data.

I'm specific interessted to get the X-Forefront-Antispam-Report Header, so that it's possible to analyze Email SPAM.


Do you have any timeframe on when this exchange online email connector can be available? Q1 2020? Q2 2020? This year? Next year?


Br. Rune

@ClémentB That information is not captured in Sentinel.  Not sure if it would be in the Security Graph or not but you can check that as well.

@Ofer_Shezaf, whats the status of this roadmap item? is there a public ID we can follow? We need to see message tracking in sentinel.

@Ofer_Shezaf   year later, any progress ?

Hello @Heiko Fuhrmann 


Have you seen the methods here?  especially the "Update 3rd June 2020" solution.


Office 365 Email Activity and Data Exfiltration Detection - Microsoft Tech Community