Retrieve Message Tracking Logs from Exchange Online and EOP

Organizations moving from on-premises to Exchange Online sometimes have requirements to retrieve and store message tracking logs for a non-negotiable period of time.

Exchange Online Protection stores logs for upwards of 30 days, but if you need to store them for longer, you can download logs from Exchange Online using PowerShell.

First connect a PowerShell session to Exchange Online using the following commands, entering administrative credentials when prompted:

$cred = Get-Credential$session = New-PSSession -ConfigurationName Microsoft.Exchange -Authentication Basic -ConnectionUri -AllowRedirection:$true -Credential $credImport-PSSession $session

After connecting to the service, we can then download the previous days logs, for example:

Get-MessageTrace -StartDate “09/15/2013 00:00:00” -EndDate “09/16/2013 00:00:00” | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Export-Csv 20130915.csv -NoTypeInformation

If you wish to automate this into a script, you can use the following command which will automatically populate yesterday’s date. You’ll see the following script retrieves the previous days log files with the date fields automatically populated.

Get-MessageTrace -StartDate ([DateTime]::Today.AddDays(-1)) -EndDate ([DateTime]::Today) | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Export-Csv “$((get-date ([DateTime]::Today.AddDays(-1)) -Format yyyyMMdd)).csv” -NoTypeInformation

This will allow you to keep logs on local storage and meet requirements that require you to keep logs for longer than Exchange Online / Exchange Online Protection for Exchange allows.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top