SOLVED

Identify Messages received without TLS

%3CLINGO-SUB%20id%3D%22lingo-sub-303918%22%20slang%3D%22en-US%22%3EIdentify%20Messages%20received%20without%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-303918%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Guys%2C%3C%2FP%3E%3CP%3EI%20see%20a%20report%20in%20my%20Office%20365%20suite%20that%20this%20week%20we%20received%204%20messages%20without%20any%20TLS%20encryption.%20Now%20I%20would%20like%20to%20understand%20who%20sent%20them%20to%20us.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20aware%20of%20a%20possibility%20to%20do%20this%20in%20Office%20365%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3EAdrian%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-307439%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20Messages%20received%20without%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307439%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20don't%20need%20the%20extended%20reports%2C%20the%20detailed%20message%20trace%20also%20gives%20you%20the%20version%20and%20cipher%20used.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-307418%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20Messages%20received%20without%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307418%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20you%20perform%20a%20message%20trace%20with%20extended%20details%20you%20have%20a%20property%20called%20%22Custom_Data%22.%26nbsp%3B%26nbsp%3B%20That%20column%20reflects%20the%20type%20of%20connection%20that%20was%20used%20and%20which%20version%20of%20the%20protocol%20was%20used.%26nbsp%3B%26nbsp%3B%20You%20have%20to%26nbsp%3B%20wait%20for%20the%20report%20to%20build%20for%20a%20few%20minutes%2C%20but%20in%20there%20you'll%20have%20the%20information.%26nbsp%3B%26nbsp%3B%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheck%20the%20screenshot%20for%20an%20example%20of%20the%20output.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%20you%20out%20...%26nbsp%3B%26nbsp%3B%20and%20if%20so%20mark%20the%20reply.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3EDavid%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-304570%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20Messages%20received%20without%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-304570%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20go%20to%20Security%20%26amp%3B%20Compliance%20center%20-%26gt%3B%26nbsp%3B%20click%20reports%20section%2C%20there%20is%20a%20dashboard%20mentioning%26nbsp%3B%20TLS%201.0%201.1%201.2%26nbsp%3B%20mail%20flows.%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Both%20for%20incoming%20and%20outgoing%20emails.%26nbsp%3B%26nbsp%3B%20These%20are%20interactive%2C%20so%20you%20can%20drill-down%20on%20the%20sections%20by%20clicking%20on%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20see%20list%20of%20individual%20mails%2C%20you%20can%20trace%20them%20from%20the%20section%20%22Mail%20Flow%22%20and%20the%20information%20should%20be%20included%20in%20an%20extended%20trace%20report.%26nbsp%3B%20It's%20not%20available%20in%20the%20default%20summary%20report.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20have%20four%20mails%20only%20without%20TLS%2C%20it's%20usually%20something%20like%20scan%20to%20mailbox%20solution%20on%20a%20multifunctional%20printer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-304265%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20Messages%20received%20without%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-304265%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don't%20think%20there%20is%20a%20way%20to%20get%20this%20information%20from%20the%20dashboard%2Fwidget.%20The%20only%20way%20I%20can%20think%20of%20is%20querying%20the%20message%20trace%20details%2C%20for%20each%20individual%20message%2C%20and%20checking%20the%20TLS%20value%20there.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi Guys,

I see a report in my Office 365 suite that this week we received 4 messages without any TLS encryption. Now I would like to understand who sent them to us. 

 

Are you aware of a possibility to do this in Office 365?

 

Thanks!

Adrian

4 Replies
best response confirmed by Deleted
Solution

I don't think there is a way to get this information from the dashboard/widget. The only way I can think of is querying the message trace details, for each individual message, and checking the TLS value there.

Hello

 

If you go to Security & Compliance center ->  click reports section, there is a dashboard mentioning  TLS 1.0 1.1 1.2  mail flows.    Both for incoming and outgoing emails.   These are interactive, so you can drill-down on the sections by clicking on them.

 

If you want to see list of individual mails, you can trace them from the section "Mail Flow" and the information should be included in an extended trace report.  It's not available in the default summary report.

 

If you have four mails only without TLS, it's usually something like scan to mailbox solution on a multifunctional printer.

 

Cheers

Hi

 

When you perform a message trace with extended details you have a property called "Custom_Data".   That column reflects the type of connection that was used and which version of the protocol was used.   You have to  wait for the report to build for a few minutes, but in there you'll have the information.   :)

 

Check the screenshot for an example of the output.

 

Hope this helps you out ...   and if so mark the reply.  

 

Cheers

David

 

 

You don't need the extended reports, the detailed message trace also gives you the version and cipher used.