Understanding and analyzing message traces is a vital skill when you’re working with Microsoft 365 Messaging system, especially if you are preparing to sit for the MS-203 exam. In this article, we aim to explain how you can analyze a message trace efficiently, with practical examples wherever possible.
Understanding Message Trace
The first component to analyze a message trace is to understand what it is. The message traces in the Microsoft 365 Security & Compliance Center are essentially logs that record the life-cycle of an email message as it travels through your organization’s Microsoft 365 messaging infrastructure.
Starting a Message Trace
You can start a new message trace in the mail flow > dashboard in the Microsoft 365 Security & Compliance Center. This can be done by clicking on ‘Start a trace.’ You then need to specify the date range of the trace, setting the sender and recipient addresses, delivery status, and the direction of emails (inbound, outbound, or all).
Interpreting a Message Trace
A completed message trace will generate a table of message events. This table can contain the following elements:
- Date: Date and time the event was logged (displayed in your local time zone).
- Sender: The email address of the sender.
- Recipient: The email address of the recipient(s).
- Subject: The subject line of the email message.
- Status: The delivery status of the email. This status includes Delivered, Pending, Failed, and more.
- To IP: The IP address where the email was delivered.
- From IP: The IP address where the email came from.
Delving Deeper with Extended Reports
For more detailed information, you can download extended reports. These can provide information including Details, Delivery Reports, Message Events, and Route Hops.
Let’s look at an example of using the message event list. Suppose an email hasn’t been delivered and we want to find out why. In a message event list, that might look like the below example:
Event Server Time Detail
Receiving Mailbox1 08:47 The message was received by Mailbox1.
Submitting Mailbox1 08:47 The message was submitted by Mailbox1 after being received from the internet.
Transferring Hub1 08:48 The message was relayed by Hub1.
Fail Filtering2 08:49 Filtering2 rejected the message: ‘The spam filter determined that this is a high-confidence spam message.’
In this example event list, we can see that the email was marked as a high-confidence spam message by the Filtering2 server, causing its delivery to fail.
Keep in mind that to understand detailed reports such as these, you need to be familiar with your organization’s Microsoft 365 messaging infrastructure, including server names, the flow of messages, and how filtering is set up.
Conclusion
Regularly examining message traces in Microsoft 365 Messaging can help to identify and troubleshoot email delivery issues, paving the way for a more efficient and effective messaging system. Understanding how to analyze these traces is a key part of the MS-203 Microsoft 365 Messaging exam, and with practice, anyone can become proficient in this critical skill.
Practice Test
True or False: Message trace in Microsoft 365 is a tool that helps administrators track specific messages as they pass through the mail flow pipeline.
- True
- False
Answer: True
Explanation: The Message trace tool in Microsoft 365 helps you to understand how email is being processed, locate any potential problems, and confirm if a specific email was delivered successfully.
In Microsoft 365, a message trace cannot track emails up to 90 days old.
- True
- False
Answer: False
Explanation: In Microsoft 365, by default, administrators can track emails that are up to 90 days old for their users.
Message tracing in Microsoft 365 can be performed by:
- a) Microsoft 365 administrators
- b) End users
- c) Microsoft Support
- d) All of the above
Answer: a) Microsoft 365 administrators
Explanation: Message tracing is a task performed by Microsoft 365 administrators. End users cannot perform this admin task.
Which type of information can you find out using message trace data?
- a) Message subject
- b) Recipient addresses
- c) Sender IP address
- d) All of the above
Answer: d) All of the above
Explanation: The message trace gives a detailed report about an email message, including the message subject, recipient addresses, and the sender IP address.
True or False: Message trace in Microsoft 365 can be used to determine the reason a particular message was sent to the junk email folder.
- True
- False
Answer: True
Explanation: Message trace in Microsoft 365 provides delivery reports that show why a message was sent to the junk email folder.
According to the Microsoft 365 message trace default settings, how many days of message history can be traced?
- a) 30 days
- b) 60 days
- c) 90 days
- d) 120 days
Answer: c) 90 days
Explanation: The default settings of the message trace in Microsoft 365’s security & compliance center allow tracing of emails that are up to 90 days old.
True or False: With the help of a message trace, the administrator can analyze the status of a particular mail, whether it’s failed, pending, or delivered.
- True
- False
Answer: True
Explanation: By using a message trace in Microsoft 365, the administrators can trace the status of a particular email whether it is delivered, pending, or it failed to deliver.
Message trace in Microsoft 365, can provide the delivery details of a specific email for how long?
- a) 2 weeks
- b) 1 month
- c) 6 months
- d) 1 year
Answer: d) 1 year
Explanation: In Microsoft 365, delivery details for a specific email can be found up to 1 year.
Message trace in Microsoft 365 does not provide which of the following features?
- a) Track delivery details
- b) Trace old messages
- c) Trace incoming messages
- d) Predict future messages
Answer: d) Predict future messages
Explanation: A message trace provides details about email delivery, allows tracing of old and incoming messages, but it cannot predict future messages.
Is it possible to run a trace for all messages sent or received by your organization within a specified date range in Microsoft 365?
- True
- False
Answer: True
Explanation: In Microsoft 365, the administrators can run a trace for all messages sent or received by the organization within a specific date range.
Interview Questions
What is the purpose of message trace in Microsoft 365?
Message trace in Microsoft 365 allows administrators to determine the status of email messages that have been sent or received, providing records of each step taken by the message in the system, thus helping to identify potential issues.
How long does the Microsoft 365 system keep message trace data?
Microsoft 365 keeps message trace data for up to 90 days.
What are the primary steps involved in performing a message trace in Microsoft 365?
The primary steps in performing a message trace are: navigate to the Exchange admin center, go to Mail flow > Message trace, define the parameters for the trace and start the trace.
What information is included in the detailed view of a message?
The detailed view of a message includes information such as the sender, recipient, subject, date and time of the message, the message’s current status, and the actions taken on the message during processing.
What can you learn from the status of a message in a message trace?
The status of a message in a message trace can reveal whether the message was delivered, rejected, deferred, or failed, which can help determine if there are issues in the mail flow.
Can I perform a message trace on behalf of other users in my organization?
Yes, administrators can perform a message trace on behalf of other users in the organization.
What does the “Delivery Reports” option provide in message trace?
When using Delivery Reports in message trace, admins can search for delivery information about specific messages that a user has sent or received within the past week.
How can “Extended Reports” be used in message trace?
Extended Reports can be used in message trace to generate more detailed reports about messages, including data on spam, malware, rules, DLP, and more.
Can you export the results of a message trace to a CSV file?
Yes, you can export the results of a message trace to a CSV file for extended scrutiny or for record-keeping purposes.
How can you use the message trace tool to investigate spam or malware issues?
The message trace tool can be used to track and investigate messages that have been flagged as potential spam or malware. Administrators can view the status and actions taken on the messages, thereby gaining insight into potential security issues.
How long does it take for the message trace data to be available?
Most message trace data is available within 10 to 60 minutes, but may sometimes take up to 24 hours to appear, depending on the load on the system.
Can you add filters when performing a message trace?
Yes, you can add filters when performing a message trace. This allows you to narrow down the search parameters to specific senders, recipients, or time periods.
What does it mean if a message status in message trace is “Pending”?
If a message status in message trace is “Pending”, it means the message is in the process of being delivered, but has not yet arrived at its final destination.
What types of roles have permissions to do message tracing in Microsoft 365?
The roles that have permissions to do message tracing in Microsoft 365 are Global admins, Security admins, Security readers, and Compliance admins.
How long does the system store message trace extended reports?
Extended reports generated from a message trace are stored for 90 days.
extutorials.com