o365 send/receive logs on smtp level / audit logs

New Contributor



we are trying to grab/download the send and receive logs on smtp level from o365. so we can track  mailbox send/recv as audit.


May i know how we can automate and download the logs from python/powershell except from the UI.


Is there any better way to pull this info? Please advise!


4 Replies

Nope afaik. You can automate requesting the logs, but the URL from which you can download them is behind an auth wall, and doesn't seem to accept any of the standard methods to authenticate (including via Graph).

@Vasil MichevThanks, May i know what the API endpoint will to get the  SMTP send/recv logs?


we do have account for 0365 and can automate, if we know the correct Endpoint/some method.


From the GUI, we see the "mail flow" logs, but not sure how we get over the  correct API/endpoint.


we see we can get from the powershell as well/GUI, but somehow we want to automate this using API endpoint:





would be great  if you/someone can help to point the correct API endpoint.

That's the issue, we simply don't know. Microsoft never published any details about it, and the only supported way for getting the CSV files is via the browser.


Now if you are only interested in the "regular" message trace, that can be easily automated, here's a sample script: https://gallery.technet.microsoft.com/scriptcenter/Office-365-Mail-Traffic-afa37da1#content

If I can add to this. it seems that the logs only show SMTP successes and not failures. When I asked Microsoft they said they do not keep the smtp failures and it is up to the client system to capture the logs for failures. that seems like a very odd response or at least on that has never dealt with a MFD device before.

does anyone know how to get SMTP failure info?