PowerShell Cmdlets for Reporting and Monitoring Emails in Office 365

2025-12-17 16:35:19 +00:00 · 2021-10-06 17:45:09 +05:30 · 2021-10-06 17:45:09 +05:30 · 697dd80ff3
commit 697dd80ff3
1 changed files with 102 additions and 0 deletions
--- a/PowerShell-Cmdlets-for-Reporting-and-Monitoring-Emails-in-Office-365.md
+++ b/PowerShell-Cmdlets-for-Reporting-and-Monitoring-Emails-in-Office-365.md
@ -0,0 +1,102 @@
+Exchange Online provides many different reports to monitor email activities and audit emails to aid with compliance requirements. As an Exchange admin, you need to monitor  
+
+* Employee’s emails,  
+* Inbound/outbound mail traffic 
+* Number of spams and malwares detected,  
+* Number of emails sent and received by a specific user, 
+* Emails that matched with rules, policies, etc. 
+
+If you use Microsoft 365 Admin portal to view the above information, you might suffer in searching the right portal. Also, you need to navigate to multiple admin portals like Microsoft 365 admin center, Exchange admin center, Security and Compliance center, etc. So, most admins prefer PowerShell or Microsoft 365 monitoring tool to track email activities. 
+
+This blog lists the top 10 Exchange Online PowerShell cmdlets that help in monitoring and reporting employees’ email activity. With these cmdlets, you can generate the following Office 365 email reports. 
+
+* Email traffic report 
+* Inbound and Outbound email traffic report 
+* Mail flow status report 
+* Sent and received email count by users 
+* Office 365 spam reports 
+* Office 365 malware reports 
+* Identify which transport rule was applied on a mail 
+* Identify emails that were redirected to another email address 
+* Emails detected by DLP policy 
+* Top senders and recipient report 
+* Microsoft 365 message tracing report  
+
+ 
+
+
+### Email Traffic Report: 
+Email traffic reports help you to analyze an organization’s email traffic such as the number of emails sent and received, number of spams received and sent, malware emails, spoof emails, etc. 
+
+`Get-MailTrafficReport `
+
+By default, the cmdlet retrieves email traffic for the last 7 days. By using –StartDate and –EndDate attributes, you can retrieve max of the past 90 days email statistics report. 
+I have also included more use-cases for this cmdlet below. 
+
+ 
+
+
+### Inbound and Outbound Email Traffic Report: 
+
+To get incoming and outgoing email traffic separately, run the cmdlet with Direction param. 
+
+`Get-MailTrafficReport –Direction Inbound –StartDate 6/13/21 -EndDate 6/20/21` 
+
+The above cmdlet retrieves inbound email traffic statistics from June 13, 20021 to June 20, 2021. 
+
+To view outbound email traffic, 
+
+`Get-MailTrafficReport –Direction Outbound `
+
+The result shows outgoing email traffic data for the past 90 days. 
+
+_EventType_ values help to analyze what happened to messages when they were filtered by the service. 
+To view good mail received in the last month, 
+
+`Get-MailTrafficReport –Direction Inbound –EventType GoodMail –StartDate 5/1/21 -EndDate 5/31/21 `
+
+To know messages that were marked as spoofed by anti-spoofing protection. 
+
+`Get-MailTrafficReport –EventType SpoofMail `
+
+### Exchange Sent and Received Mail Report: 
+
+Often, admins want to know how many emails were sent and received by users. To view these email statistics, you can use the Get-MailTrafficTopReport cmdlet. 
+
+`Get-MailTrafficTopReport -EventType TopMailUser` 
+
+The above cmdlet shows the number of emails sent and received by users for the past 7 days. 
+
+To view sent mail count by users, 
+
+`Get-MailTrafficTopReport -EventType TopMailUser –Direction Outbound` 
+
+To view received mail count by users for the custom period, 
+
+`Get-MailTrafficTopReport -EventType TopMailUser –Direction Inbound –StartDate 6/15/21 -EndDate 6/20/21 `   
+
+
+ 
+
+ 
+
+
+
+### Office 365 Mail Flow Status Report: 
+
+Mail flow status report shows information about incoming and outgoing emails along with the emails blocked by edge protection. 
+
+`Get-MailFlowStatusReport | ft Date,EventType,MessageCount `
+
+The above cmdlet returns message counts for a specific date range organized by the final disposition of the message. By default, the cmdlet shows the last 7 days’ data. You can get a mail flow status report for up to 90 days by specifying StartDate and EndDate.  
+ 
+
+ 
+
+ 
+
+### Generate Email Protection Reports: 
+
+Email protection reports help you to identify spams and malware detected by Exchange Online Protection (EOP) and emails that match rules such as mail flow rules, DLP rules, etc. 
+
+For more info: [https://o365reports.com/2021/10/06/top-10-powershell-cmdlets-for-reporting-monitoring-emails-in-office-365](https://o365reports.com/2021/10/06/top-10-powershell-cmdlets-for-reporting-monitoring-emails-in-office-365/?src=Github)