Exchange Online Message Trace V2 (Public Preview)

Andres Bohren
Exchange Online Message Trace V2 (Public Preview)

Hi All,

A few Days ago, the Exchange Team Blog anouced the Public Preview of the New Message Trace in Exchange Online. It’s now possible to search in the last 90 Days but only for a 10 days period.

Announcing Public Preview of the New Message Trace in Exchange Online

PowerShell

After you connect to Exchange Online, the Commands are exported to a tmpEXO_* Module. If you search for a Command with the *V2 ath the End you will find the New Get-MessageTraceV2 and Get-MessageTraceDetailV2 Commands.

Connect-ExchangeOnline -ShowBanner:$false
Get-Module
Get-Command -Module tmpEXO_nmqsgzkd.dbx *V2

Key cmdlet changes from Get-MessageTrace:

  • Extended Query Range: Ability to query up to 90 days of historical data. However, please note that you will only be able to query 10 days’ worth of data per query. Please note that you will initially only have 30 days of historical data for near real-time query, and this will build over time to 90 days of historical data.
  • Subject Parameter: The addition of a subject parameter allowing for more specific Message Trace queries. No Page number or Page size parameter: There will not be pagination support in the new Message Trace cmdlet. Result size parameter: The new Message Trace will support a default value of 1000 results and a maximum of 5000 results (set via the -ResultSize parameter), which is a significant increase. This change is to ensure fair use of our resources, as pagination can create performance issues for our system.
  • StartingRecipientAddress parameter: This parameter’s main use is to assist in pulling subsequent data while minimizing duplication.

As you can see with the old Get-MessageTrace Command you can only go back 10 Days. With the new Get-MessageTraceV2 you can go back up to 90 days but can only select a 10 Days period.

Get-MessageTrace -StartDate 12/01/2024 -EndDate 12/10/2024 -RecipientAddress info@icewolf.ch
Get-MessageTraceV2 -StartDate 12/01/2024 -EndDate 12/10/2024 -RecipientAddress info@icewolf.ch

If you want to see the Details of a Get-MessageTraceV2 Query, you must also use the Get-MessageTraceDetailV2 command

Get-MessageTraceV2 -StartDate 12/01/2024 -EndDate 12/10/2024 -RecipientAddress info@icewolf.ch | Get-MessageTraceDetailV2

Don’t know what this is for

Get-SupervisoryReviewPolicyV2

Exchange Admin Center

Exchange admin center > Message trace

In the old Exerience you can only search in the last 10 days

In the new Message Trace GUI you can search up to 90 Days

Key UI functionality changes:

  • Extended Query Range: You can now query up to 90 days of historical data for near real-time queries. However, please note that you can only query 10 days’ worth of data at a time. Please note that you will initially only have 30 days of historical data for near real-time query, and this will build over time to 90 days of historical data.
  • Subject Filter: The subject filter for Message Trace queries is now available, supporting “starts with”, “ends with”, and “contains” functions. This filter also supports special characters.
  • Delivery Status Filter: The delivery status filter will now support searches for “Quarantined”, “Filtered as spam”, and “Getting status” statuses.

Additional UI updates based on feedback:

  • Customizable Columns: For your search results, we’ve introduced customizable columns and added additional column options that you can select from. Please refer to the image below for the new columns that have been added. Persistent Column Widths: You will be able to customize your column-widths, and these changes will be sticky per logged-on admin account, so they will not have to be reset every time you run a new message trace query. This change is currently in progress and will be made available in early February.
  • Wider Flyout Option: An option for a wider flyout for the Message Trace detail is now available.
  • Time Zone Consistency: Message Trace will now default to the time zone set in the Exchange account settings of the logged-on admin.

Results Page

As you can see here - the info Address is a Distribution Group and the Mail has expanded the Distribution List for the Recipients but marked the Message as Spam and therefore dropped teh Message

Summary

It’s a welcome change to have more flexibility without the need to use the Start-HistoricalSearch Commandlet and wait for the Results.

Regards
Andres Bohren

Exchange Logo