Security and Compliance

%3CLINGO-SUB%20id%3D%22lingo-sub-1451048%22%20slang%3D%22en-US%22%3ESecurity%20and%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1451048%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20case%20that%20involves%20sending%20an%20email%20that%20contains%20a%20payment%20document%20attached%2C%20based%20on%20that%20I%20have%20some%20questions%20about%20Exchange%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20When%20creating%20a%20new%20email%20account%20it%20already%20has%20the%20logs%20by%20default%2C%20right%3F%3C%2FP%3E%3CP%3E2)%20How%20long%20are%20these%20logs%20maintained%20for%2090%20days%20or%20more%3F%3C%2FP%3E%3CP%3E3)%20Since%20the%20audit%20is%20not%20enabled%20by%20default%20my%20suggestion%20is%20that%20have%20it%20enabled%20by%20default%2C%20so%20it%20can%20be%20helpful%20to%20identify%20the%20records.%3C%2FP%3E%3CP%3EI%E2%80%99m%20not%20able%20to%20verify%20in%20the%20logs%20or%20the%20message%20flow%20the%20information%20that%20contains%20a%20file%20attached%20to%20the%20message.%3C%2FP%3E%3CP%3EMy%20question%20is%3A%20Is%20there%20this%20information%20in%20the%20email%20flow%20or%20logs%3F%20How%20can%20I%20find%20it%3F%3C%2FP%3E%3CP%3EOne%20final%20question%2C%20is%20there%20a%20list%20of%20IP%20addresses%20(from%20Microsoft)%20that%20show%20that%20the%20email%20was%20sent%20from%20Microsoft's%20servers%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1451153%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20and%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1451153%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F62847%22%20target%3D%22_blank%22%3E%40Andre%20Ruschel%3C%2FA%3E%26nbsp%3Byou%20may%20refer%20to%20Microsoft%20365%20admin%20center%20or%20Microsoft%20365%20Compliance%20Policy%20to%20see%20some%20log%20files%20and%20monitor%20some%20activities%20of%20Exchange%20and%20other%20Microsoft%20365%20services%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fmicrosoft-365-compliance-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fmicrosoft-365-compliance-center%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20you%20will%20have%20to%20define%20policy%20to%20monitor%20or%20prevent%20data%20lose%20and%20enforce%20it%20for%20accounts%20you%20are%20looking%20for%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fprotect-information%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fprotect-information%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20many%20helpful%20information%20there%20and%20I%20recommend%20you%20try%20them%20out%20and%20you%20may%20refer%20to%20documents%20where%20I%20shared%20to%20learn%20more.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1451639%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20and%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1451639%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20already%20checked%20all%20of%20these%20documents.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1453843%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20and%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1453843%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F62847%22%20target%3D%22_blank%22%3E%40Andre%20Ruschel%3C%2FA%3E%26nbsp%3Bto%20answer%20your%20question%2C%20I%20would%20say%20it%20depends%20on%20your%20scenario%2C%20so%20when%20you%20create%20Audit%20or%20monitoring%20%2C%20you%20could%20set%20how%20log%20that%20monitoring%20stay%20on%2C%20while%20for%20other%20log%20files%2C%20there%20is%20no%20limitation%20and%20log%20files%20will%20remain%20forever%20unless%20if%20you%20close%20your%20Microsoft%20365%20or%20request%20for%20removal.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I have a case that involves sending an email that contains a payment document attached, based on that I have some questions about Exchange:

 

1) When creating a new email account it already has the logs by default, right?

2) How long are these logs maintained for 90 days or more?

3) Since the audit is not enabled by default my suggestion is that have it enabled by default, so it can be helpful to identify the records.

I’m not able to verify in the logs or the message flow the information that contains a file attached to the message.

My question is: Is there this information in the email flow or logs? How can I find it?

One final question, is there a list of IP addresses (from Microsoft) that show that the email was sent from Microsoft's servers?

3 Replies

@Andre Ruschel you may refer to Microsoft 365 admin center or Microsoft 365 Compliance Policy to see some log files and monitor some activities of Exchange and other Microsoft 365 services:

https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center 

However, you will have to define policy to monitor or prevent data lose and enforce it for accounts you are looking for:

https://docs.microsoft.com/en-us/microsoft-365/compliance/protect-information 

There are many helpful information there and I recommend you try them out and you may refer to documents where I shared to learn more. 

Thanks @Reza_Ameri-Archived 

I already checked all of these documents.

@Andre Ruschel to answer your question, I would say it depends on your scenario, so when you create Audit or monitoring , you could set how log that monitoring stay on, while for other log files, there is no limitation and log files will remain forever unless if you close your Microsoft 365 or request for removal.