Today, we are excited to announce enhancements to the Outbound Messages in Transit Security report that help you track and optimize the security of your outbound email.
To help you identify and reduce the number of emails that are sent in plain text, we have added two new elements to the outbound messages in transit report: a new field in the Messages Sent section, and a new page called Recipient Domains Not Supporting TLS.
We have split the ‘Opportunistic TLS’ category in the Messages Sent section of the mail flow report into 2 categories: ‘TLS’ and ‘No-TLS’ so there are now 5 security categories.
With the addition of Recipient Domains Not Supporting TLS, the Outbound Messages in Transit Security report now has 3 views:
- The Messages Blocked section compiles data for tenant admins on any SMTP DANE with DNSSEC or MTA-STS issues encountered during attempts to send messages to domains that use these security protocols.
- The Messages Sent section provides time-series data for emails secured by SMTP DANE with DNSSEC, MTA-STS, Both SMTP DANE with DNSSEC and MTA-STS, TLS, or No-TLS.
- Recipient Domains Not Supporting TLS provides time series data for messages that were sent to a destination domain unencrypted (in plain text) because the destination didn't support TLS. Exchange Online always attempts to send using TLS, but if the destination server or domain doesn’t support it then the default behavior is to send the email.
How to access the new features
These updates are available right now! To access the report, go to the Exchange admin center, and then click Reports > Mail flow. Once the page loads, select Outbound Messages in Transit Security report.
To learn more about the report, visit Outbound messages in Transit Security report in the Exchange Admin Center for Exchange Online | Microsoft Learn
How to use the data to improve your email security
The data in the Outbound Messages in Transit Security report can help you monitor and improve email security in several ways. Here are some examples of how you can use the data:
- If you see a high number of emails sent in plain text to an organization, you can contact the receiving organization and ask them to enable TLS on their email servers.
- If you see a sudden spike in the number of emails experiencing SMTP DANE with DNSSEC or MTA-STS failures, you can alert the destination organization, so they take corrective measures.
- If you see a consistent pattern of emails being blocked or sent in plain text to certain domains, you can consider alternative ways of communicating with those domains. For example, you can use secure file sharing services or secure web portals to exchange information with those domains.
We hope that you will find these enhancements helpful. If you have any feedback or suggestions, please let us know in the comments below!
Microsoft 365 Messaging Team
(Formerly Exchange Online Transport Team)
Microsoft
