MS-203 Microsoft 365 Messaging – Troubleshoot Mail Flow Problem

1. Examining Message Trace in Exchange Online

We’re now going to take a look at something called message Trace in Exchange Online. Now Message Trace is a feature that is going to allow us to see email that’s been flowing within our Exchange Online organization, okay? They’ve made this really simple to use, real easy to use. And I think it’s a very powerful tool in just making sure we know what you emails flowing back and forth in our organization. And we can see if email has failed or what’s been going on in our environment as far as who’s sending email the most and receiving email and what kind of problems might have risen through loads of email coming in and all that.

So I want to show you where to go to do this. So we’re going to start here in the admin Microsoft. com, also known as Portal Microsoft. com, and we’re going to drop down the show all ellipse and we’re going to open up Exchange Online by clicking the exchange option here. So we’re going to look in Exchange Online now and we’re going to take a look right here on this mail flow blade, all right. And then once we go to Mail Flow, we’re going to click on Message Trace.

Now I want to point something out right out of the gates here. You’ll notice this little yellow message up here at the top. It says we’ve added a new and improved message trace in the security and compliance center. While we’re continuing to make message trace available in ESC for the foreseeable future, we think you’ll find the new message trace is simpler. So basically what they’re saying is there’s a newer way to go about doing this as opposed to this method. Okay? So I’m going to show you how to do it this way in this little lecture here. And then in another lecture I’ll show you how to use the newer way of doing it, okay? But again, all in all, this is pretty easy.

If you look here, it tells you you can create a new message trace here. You can review the status of one that’s been running so you can actually perform one immediately. But if you then decide you want to go back and look at an older, like let’s say you want to go back and look at all the emails that have happened in the last month or whatever, then what will happen is it’ll become pending. The trace will get performed. It will take time, it’ll become pending and then you’ll be able to actually click on view pending or completed traces. So here are some of the default options for looking at messages. So I’ve got date range here. It says past 48 hours. I could do past 24 hours, past 48 hours, past seven days, or a custom range. I’ll start with past seven days. Okay.

And then down here I can specify what kind of delivery status was it delivered, failed, pending. You can look at things that are filtered by spam or if it was quarantined by the Exchange Online protection. You can put in a messaged ID here. You can specify who the sender was, you can specify who the recipient was. You also have the ability when you use some of these objects like message ID, that you can actually be very specific about things, or you can be very broad on what you type as far as message ranges. And then when it comes to senders and recipients, you also can use wildcards. So I could say, show me every email that’s going to@gmail. com or@examlabpractice. com, or something like that. I can be very broad about what I’m searching on that if I want. Okay, so right now I’m just going to do a real simple one. I’m going to do past seven days, and then I’m just going to hit search and you’re going to be able to see the emails that have happened over the last seven days. Okay, so here is everything that’s happened over the last seven days in my Exchange Online environment.

So a lot of this is coming from Azure, a lot of announcements. Here’s an email. Now also if you’ll notice, here is an email Jc@examlabpractice. com going to test user@examlabpractice. com. And this was an NDR test and noticed that this email was sent, it was fired off. I double click on, it tells you it was sent, but it was not delivered. Okay, so it says Office 365 received the message that you specified but couldn’t deliver to the recipient due to the following problem. The recipient is not found. So it was an NDR message. Okay, so giving you some advice on how to fix it, it shows you the message events as they occurred here. So it gives you some real good information in regards to just seeing what’s going on with some of your different messages.

Okay? Of course, I can also look at the messages that have been successfully delivered and just by double clicking on those and you can see this is delivered. It says the message was delivered. It tells you the sender, the recipient. So you can kind of just see where things are coming from, where things are going and all that using this tool. Really easy tool to utilize. Okay, this message here was basically from Exchange saying to Jc@examlabaction. com that that NDR test email did not go through. However, the message from Exchange to that user actually is showing up. Okay, so you could jump over to the Outlook for this user, log on to outlook for this user, and you can see that that message is coming in from Microsoft right here. You’ll see it right here coming through that it’s telling me that it wasn’t delivered, but this message was successfully received from Office 365. Just basically saying, hey, we tried sending your email, it didn’t go through.

Okay, so real simple there to use. Now let’s do a custom range here. So click custom we can choose our time zone. We can choose the date. Let’s go back to April 1 and April 1 until June 4, and then from there we can specify some custom details. Here we’ll say the sender. Actually, let’s do recipient. The recipient was Jc@examlabpractice. com. All right. I could do specify directions inbound outbound. I could say include message events and routing details. That’s going to give me all the routing details of the message. I could specify original client IP address if I wanted. I have notification email address. Can you watch this? I’m going to hit search and this is going to process through and notice what it says. It says your message trace has been submitted.

An email message will be sent to you when it’s available. You can also check under the pending and completed trace to see the progress. So I can come back up here and I’ve got this view pending or completed traces. I can click on that and that’s going to show me my completed message. As you can see, it did go through successfully. So at that point, the pending process is going through and it’s now going to eventually run this report and I’ll be able to go and view the report whenever it’s done. Okay, so very straightforward. As you can see, message trace is a valuable little tool for us to see the inbound outbound mail flow in our environment and get a feel for who’s sending lots of email, who’s receiving lots of email. Do we have any issues? Are we having lots of NDRs? What’s affecting our exchange environment? All right. But all in all, hopefully that makes a lot of sense to you guys. Pretty straightforward. So I definitely encourage you to log on exchange online and try it out.

2. Examining Message Trace in O365 Security and Compliance

I’m now going to show you how we can do a message trace with our Exchange Office 365 services using the Security and Compliance Center. So one of the things that Microsoft has been doing recently is they’ve been moving a lot of common procedures that we might have to go to specific tools in order to accomplish. They’ve been moving those in centralizing those into the Security and Compliance Center of your Office 365 environment. Okay? Microsoft 365, Office 365. So I want to look and see where the message trace is going to be done through this. So traditionally we would do it directly through Exchange, but Microsoft has been adding these new tools now into the Security Compliance Center. And it’s important for us to understand how to use the new tools because eventually they tend to deprecate the old way of doing things and focus more on the new way of doing things.

So what I’m going to do is I’m here on Admin Microsoft. com, or also known as Portal Microsoft. com, and we’re going to click the Show Ellipse symbol here, show all lip symbol, all right? And then we’re going to click right here under Admin Centers. We’re going to click on Security. This is going to bring us into the Security and Compliance Center. You can get there also by typing Protection Office. So when you get in here there is a drop down called Mail Flow. So I’m going to click on this Mail Flow drop down and we’re going to go to Message Trace. All right, so this is a pretty user friendly interface, pretty easy to use. It tells you up here it says run a message trace to track the flow of email messages in your organization.

This can help you troubleshoot mail flow issues by determining if messages were received, rejected, deferred, delivered and more. So what we’re going to do is click on start a Trace and then at this point we can choose how we want to customize this trace. So it says by these people, I could put in specific recipients here if I wanted to. All right? And then I could say to these people, so in other words, from and to. Right. So I could say which recipients do I want to focus on here? And I’ll do this. John christopher yourjc at exam labpractice. com. All right? And then I can specify within a certain date range here. So if I wanted to, I could take this back to the last 90 days if I want, or if I want to just focus on the last two days or ten days. So you have some flexibility here on what you go with. All right, so I’m just going to do, let’s do the last five days or seven days. We’ll do the last seven days. So at that point I can drop this down. It says more search options.

I can look at delivery statuses here, delivered pending, you can look at spam filtered by spam or quarantine. So it’s going to show the exchange online protection capabilities. If it’s blocked your message for some reason, you can specify the message ID. You can specify the flow of the mail, whether it’s inbound or outbound. You can specify IP address here. You can drop down, choose report. You can say, give me a summary, okay, give me an enhanced report. This is going to put it in a CSV file so you could pull it in like a spreadsheet if you needed to. Very handy. If you needed to provide a report to your boss or something on what’s going on on mail flow, you could do an extended report that’s going to give you even more details on what’s happening in regards to things like IP addresses and the mail flow itself. So I’m going to go ahead and hit search, and it’s going to give me this little report. Here is my messages that I’ve got. So as you can see, shows me the date, time, shows me the sender, the recipient, the subject, okay? And then the subject of the email that is, and it says all of those have went through and been delivered successfully.

So I can click on that too, and I can bring up the status of that information. Look at the message event, okay? And this message is saying that there was an email that says this is an NDR test that wasn’t able to be delivered, and it’s trying to give me some information on performing that. Okay? So I can actually search here, and we’ll just do another search for just everybody without a specific recipient. And this time because I didn’t put in the recipient as JC, you’re going to notice there’s a recipient here, test user@examlabpractice. com it failed to send to that person because guess what, that person doesn’t exist.

The goal there was to basically show an NDR test, okay? So I can click that and it says that it was not delivered. It gives me a nice little status message and tries to tell me how I can fix it. I can look at the message events as they happen step by step, and I’ve got more information. Shows me message ID I can see from IP address. Okay, so lots of good information in this.

And if you’re familiar with the older message trace with exchange and you’ve seen me demonstrate that, then you probably can tell this is really easy to use. It’s not real difficult, and it definitely gives you some pretty valuable information. So all in all, this is definitely something that I think is a valuable tool in our exchange organization. And for sure you should, I encourage you to go check it out if you’ve not used it before.

• Category: Uncategorized