ANAVEM
EnglishFrancais
ANAVEM
Reference
Languagefr
How to Track Email Messages in Exchange Online Microsoft 365

How to Track Email Messages in Exchange Online Microsoft 365

Learn to monitor and trace email messages in Exchange Online using the modern Exchange Admin Center and PowerShell. Track delivery status, troubleshoot mail flow issues, and generate comprehensive email reports.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
March 17, 2026 15 min 6
mediumexchange-online 9 steps 15 min

Why Track Email Messages in Exchange Online?

Email message tracking in Exchange Online has become essential for modern IT administrators managing Microsoft 365 environments. Whether you're troubleshooting delivery issues, investigating security incidents, or generating compliance reports, the ability to trace email messages provides critical visibility into your organization's mail flow.

Microsoft significantly enhanced message tracking capabilities in 2024 with the new Message Trace feature in the modern Exchange Admin Center. This update extended the historical search period from 10 days to 90 days, increased result limits to 10,000 messages, and introduced advanced filtering options including wildcard subject searches and granular delivery status filters.

What Makes Exchange Online Message Tracking Powerful in 2026?

The current message tracking system combines web-based interfaces with PowerShell automation, giving administrators flexibility in how they monitor email flow. The new Get-MessageTraceV2 PowerShell cmdlet provides programmatic access to the same enhanced data available through the web interface, enabling automated reporting and integration with existing monitoring systems.

Key capabilities include tracking messages across multiple delivery statuses (delivered, quarantined, filtered as spam), analyzing message routing through Exchange Online protection layers, and generating comprehensive reports for compliance auditing. The system now handles complex scenarios like distribution list expansion tracking and provides detailed event logs showing each step in a message's journey.

Related: Fix Trusted Platform Module Error 80090016 – Windows 11 2026

Related: Microsoft Investigates Classic Outlook Sync Issues

Related: Microsoft 365 Backup: Granular File and Folder Restoration

Related: Fix Microsoft 365 Error 0x80004005 – Windows 10/11 2026

Implementation Guide

Full Procedure

01

Access the Modern Exchange Admin Center

Navigate to the modern Exchange Admin Center where Microsoft has consolidated all message tracking capabilities. This is your primary interface for email monitoring in 2026.

Open your browser and go to https://admin.exchange.microsoft.com. Sign in with your administrator credentials that have the required permissions.

Pro tip: Bookmark this URL as https://admin.exchange.microsoft.com/#/messagetrace to go directly to the message trace feature.

Once logged in, you'll see the modern Exchange Admin Center dashboard. The interface has been streamlined since the 2024 rollout, making message tracing more accessible than the legacy classic EAC.

Verification: Confirm you can see the left navigation menu with options like "Mail flow", "Recipients", and "Protection". If you see the old classic interface, click "Try the new Exchange admin center" at the top.

02

Navigate to Message Trace Feature

Locate the message trace functionality within the Mail flow section. Microsoft reorganized this in 2024 to make email tracking more intuitive.

In the left navigation pane, click Mail flow, then select Message trace. This takes you to the main message tracking interface.

You'll see the message trace dashboard with options for "Start a trace" and any previous trace results. The new interface supports up to 90 days of historical data, a significant improvement from the previous 10-day limit.

Warning: If you don't see the "Message trace" option under Mail flow, verify your account has the correct permissions. You need Global Administrator, Organization Management, or View-Only Organization Management role.

Verification: You should see a "Start a trace" button and the message "Ready to trace messages" or any existing trace results if you've run traces before.

03

Configure Basic Message Trace Parameters

Set up your first message trace by defining the search criteria. The new message trace feature offers enhanced filtering capabilities compared to previous versions.

Click Start a trace to open the "New message trace" flyout panel. You'll see several fields to configure:

  • Sender: Enter the sender's email address or leave blank for all senders
  • Recipient: Specify recipient email or leave blank for all recipients
  • Date range: Select up to 90 days of historical data
  • Subject: Use wildcards like "*invoice*" to find emails containing specific terms

For your first trace, try searching for messages from the last 24 hours by setting the date range to yesterday through today.

Example search criteria:
Sender: john.doe@company.com
Recipient: (leave blank)
Date range: Last 24 hours
Subject: (leave blank)

Verification: Before clicking Search, ensure your date range doesn't exceed 90 days and that email addresses are properly formatted.

04

Execute the Message Trace and Analyze Results

Run your configured trace and interpret the comprehensive results provided by the modern interface.

Click Search to execute the trace. The system will process your request and display results in batches of 250 messages, with a maximum of 10,000 results per trace.

The results table includes these key columns:

  • Date: When the message was processed
  • Sender/Recipient: Email addresses involved
  • Subject: First 256 characters of the subject line
  • Status: Delivery status (Delivered, Failed, Quarantined, etc.)
  • Message size: Size in KB or MB
  • From/To IP: Source and destination IP addresses (when available)
Pro tip: Messages typically appear in traces 2-5 minutes after being sent. If you don't see recent messages, wait a few minutes and refresh.

Click on any message row to see detailed information including message events, routing details, and any actions taken by security policies.

Verification: Scroll through results to confirm they match your search criteria. The status column should show expected values like "Delivered" for successful messages.

05

View Detailed Message Events and Troubleshoot Issues

Examine individual message details to understand the complete email journey and identify any delivery problems.

Select a specific message from your trace results and click View details. This opens a detailed view showing the message's complete path through Exchange Online.

The details panel displays message events in chronological order:

  • Receive: Message accepted by Exchange Online
  • Send: Message forwarded to next hop
  • Deliver: Message delivered to recipient's mailbox
  • Fail: Delivery failure occurred
  • Expand: Distribution list expanded

Pay attention to status codes and error messages. Common statuses include:

  • Delivered: Successfully delivered
  • Quarantined: Held by security policies
  • Filtered as spam: Blocked by anti-spam
  • Getting status: Still processing
Warning: The new Message Trace V2 shows the latest status. If a quarantined message was later released by an admin, it shows "Delivered" rather than "Quarantined" like the legacy version.

Verification: For delivered messages, you should see a final "Deliver" event. For failed messages, look for "Fail" events with specific error codes.

06

Install and Configure Exchange Online PowerShell for Advanced Tracing

Set up PowerShell access for automated message tracing and advanced queries that exceed the web interface limitations.

Open PowerShell as an administrator and install the latest Exchange Online Management module:

Install-Module -Name ExchangeOnlineManagement -Force
Update-Module -Name ExchangeOnlineManagement

Verify you have version 3.7.0 or later, which includes the new Get-MessageTraceV2 cmdlet:

Get-Module -Name ExchangeOnlineManagement -ListAvailable | Select-Object Version

Connect to Exchange Online using your administrator credentials:

Connect-ExchangeOnline -UserPrincipalName admin@yourdomain.com

The connection will prompt for authentication. Use modern authentication (OAuth) which is the default and most secure method.

Pro tip: Use Connect-ExchangeOnline -ShowProgress $true to see connection progress, especially useful for slower connections.

Verification: Run Get-OrganizationConfig | Select-Object Name to confirm you're connected and can query Exchange Online data.

07

Execute Advanced PowerShell Message Traces

Use the new Get-MessageTraceV2 cmdlet to perform advanced message tracing with greater flexibility than the web interface.

Run a basic trace for messages from a specific sender in the last 7 days:

Get-MessageTraceV2 -SenderAddress "john.doe@company.com" -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) -Status Delivered | Format-Table Received, SenderAddress, RecipientAddress, Status, Subject, TotalBytes

For more complex queries, use multiple parameters:

# Trace quarantined messages with subject filtering
Get-MessageTraceV2 -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) -Status Quarantined -Subject "*invoice*" | Select-Object Received, SenderAddress, RecipientAddress, Subject, Status

To trace a specific message using its Network Message ID:

Get-MessageTraceV2 -MessageTraceId "d9683b4c-127b-413a-ae2e-fa7dfb32c69d@DM3NAM06BG401.Eop-nam06.prod.protection.outlook.com" -StartDate "2026-03-10" -EndDate "2026-03-16"
Warning: For queries involving more than 1000 recipients, you must include the MessageTraceId parameter to get complete results.

Verification: Successful queries return message objects with properties like Received, SenderAddress, RecipientAddress, and Status. Empty results may indicate no messages match your criteria or the time range is outside the 90-day limit.

08

Generate and Export Email Flow Reports

Create comprehensive email flow reports for compliance, auditing, and analysis purposes using both web interface and PowerShell methods.

Web Interface Export:

In the Exchange Admin Center message trace results, click Download results to export your trace data as a CSV file. This includes all visible columns and respects any filters you've applied.

PowerShell Export:

Export detailed traces directly to CSV files for further analysis:

# Export all delivered messages from last 30 days
Get-MessageTraceV2 -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) -Status Delivered | Export-Csv -Path "C:\EmailReports\DeliveredMessages_$(Get-Date -Format 'yyyyMMdd').csv" -NoTypeInformation

For historical data beyond 90 days, use the Historical Search feature:

# Start a historical search for older data
Start-HistoricalSearch -ReportTitle "Q4_Email_Report" -StartDate "2025-10-01" -EndDate "2025-12-31" -ReportType MessageTraceDetail -NotifyAddress "admin@company.com"

Check the status and retrieve results:

Get-HistoricalSearch -ReportTitle "Q4_Email_Report"
Pro tip: Schedule regular PowerShell scripts using Windows Task Scheduler to automatically generate weekly or monthly email flow reports.

Verification: Open the exported CSV file to confirm it contains the expected data columns and message count matches your trace results.

09

Troubleshoot Common Message Trace Issues

Address frequent problems encountered during message tracing and implement best practices for reliable email monitoring.

Issue: Partial or Missing Results

If you're not seeing expected messages, check these common causes:

  • Time zone differences: Ensure your date range accounts for UTC vs. local time
  • Recent messages: Wait 2-5 minutes after sending before tracing
  • Large recipient lists: Include MessageTraceId for queries with >1000 recipients

Issue: Status Discrepancies

The new Message Trace V2 shows the latest message status, which may differ from the original status:

# Compare V1 and V2 results for the same message
Get-MessageTrace -SenderAddress "sender@domain.com" -StartDate (Get-Date).AddHours(-2) -EndDate (Get-Date)
Get-MessageTraceV2 -SenderAddress "sender@domain.com" -StartDate (Get-Date).AddHours(-2) -EndDate (Get-Date)

Issue: Performance and Limits

Optimize your queries to avoid timeouts and limits:

  • Use specific date ranges instead of maximum 90 days
  • Filter by sender or recipient when possible
  • Break large queries into smaller time windows
Warning: If the new Message Trace feature causes issues, you can temporarily disable it in the trace flyout by toggling the "New message trace" option off, but Microsoft recommends using the new version.

Verification: Test your troubleshooting by running a simple trace for a known recent message, then gradually add complexity to identify where issues occur.

Frequently Asked Questions

How long can I trace email messages in Exchange Online?+
With the new Message Trace feature introduced in 2024, you can trace messages up to 90 days in the past, a significant increase from the previous 10-day limit. For real-time queries within 10 days, results appear almost immediately. For historical data beyond 90 days, you need to use the Historical Search feature which can export data to XML or CSV formats.
What's the difference between Get-MessageTrace and Get-MessageTraceV2 in PowerShell?+
Get-MessageTraceV2 is the newer cmdlet introduced with Exchange Online PowerShell V3 module version 3.7.0. It supports the enhanced 90-day search period, advanced filtering options, and can return up to 10,000 results compared to the legacy cmdlet's limitations. V2 also shows the latest message status rather than the original status, which is important for messages that were quarantined and later released.
Why don't I see recent email messages in my trace results?+
Email messages typically take 2-5 minutes to appear in trace results after being sent or received. This delay is normal as Exchange Online processes and indexes the message data. If you're looking for messages sent within the last few minutes, wait a bit longer and refresh your search. Also ensure your date range includes the current time and accounts for any time zone differences.
What permissions do I need to trace email messages in Exchange Online?+
You need one of these administrative roles: Global Administrator, Organization Management, or View-Only Organization Management in Exchange Online. These roles provide access to the Message Trace feature in the Exchange Admin Center and the PowerShell cmdlets. Regular users cannot trace messages for security and privacy reasons, as this feature provides visibility into organization-wide email flow.
How can I trace emails that were quarantined or blocked by security policies?+
Use the Status filter in the new Message Trace interface to specifically search for 'Quarantined' or 'Filtered as spam' messages. In PowerShell, use Get-MessageTraceV2 with the -Status parameter set to 'Quarantined'. The detailed view will show you which security policy triggered the action, whether it was anti-malware, anti-spam, or safe attachments. Remember that if an admin later released a quarantined message, the V2 trace will show 'Delivered' as the final status.
Emanuel DE ALMEIDA
Written by

Emanuel DE ALMEIDA

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#exchange-online#microsoft-365#email-tracking

Further Intelligence

Deepen your knowledge with related resources

How to Install Office 365 Offline for Enterprise Deployment
tutorial
General

How to Install Office 365 Offline for Enterprise Deployment

Deep Dive
How to Fix Secure Boot Certificate Expiry Error 65000 in Microsoft Intune
tutorial
Cybersecurity

How to Fix Secure Boot Certificate Expiry Error 65000 in Microsoft Intune

Deep Dive
How to Configure Outlook Auto-Login using Microsoft Intune Settings Catalog
tutorial
Cloud Computing

How to Configure Outlook Auto-Login using Microsoft Intune Settings Catalog

Deep Dive

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...