Message Trace in Exchange Online helps track the delivery status of email messages within your organization. However, retrieving data beyond 10 days in real-time has been challenging, limiting the ability to investigate extended delivery issues. Searching large datasets was cumbersome, with limited filters and reliance on pagination.

To address these, Microsoft announces the public preview of the New Message Trace in Exchange Online. This update offers extended query ranges, advanced search filters, and more new capabilities! With this new message trace, you can track email delivery more efficiently and resolve issues faster.

So, without any further delay, let’s explore the new changes in Message Trace and understand how they help you!

New Message Trace in Exchange Admin Center

As per Microsoft, the Public Preview of the new message trace in the Exchange Admin Center is expected to be completed by the end of December 2024. You can access the Message Trace as follows,
• Open the Exchange admin center using admin credentials.
• Navigate through Mail flow > Message Trace.

Note: You must have a Microsoft E3/E5/A5 license and the below permissions to access Message Trace.
Permissions: You need to be a global administrator, Exchange admin, or a member of the organization management role group to access and use Message trace.

UI Functionality Changes in the New Message Trace

Note: The new Message Trace will be toggled ‘on’ by default to your tenant. You can also disable the preview by setting it to ‘off’.

Search for Emails Up to 90 Days

The new Message Trace in Exchange Online allows querying up to 90 days of historical data, significantly improving long-term tracking. However, queries are still limited to 10 days of data at a time.
• This means, you can search for up to 10 days of emails at a time. To view the full 90 days of data, you’ll need to run the search multiple times, with smaller chunks. That is, you’ll need to run the trace 9 times to cover the entire 90-day range.
• While this may add some extra effort for broader queries, it is a major improvement over the previous constraints. Initially, 30 days of data will be available, gradually building to the full 90 days.

Filter Emails by Subject

Another great improvement in the new message trace is – the introduction of ‘subject filtering’ functions. It has options like “starts with,” “ends with,” and “contains,” along with support for special characters. So, you can now quickly locate all emails with subject lines containing specific keywords or prefixes.

Improved Delivery Status Filtering

The new Message Trace now includes email delivery statuses such as “Quarantined,” “Filtered as spam,” and “Getting status,” offering a clearer picture of email flow. For example, if an email was flagged as spam, you can now trace these statuses in detail, helping them determine whether the email should be released or remain blocked.

UI Updates in the New Message Trace of Exchange Admin Center

  1. Customizable Columns: You can now tailor your search results by selecting from an expanded list of column options. New columns such as Message ID, To IP, From IP, and Message size are added to enhance the search results.

2. Persistent Column Widths: Admins can now customize the column widths in Message Trace results, and these changes will be saved for your account. This means you won’t have to adjust the columns every time you run a new query. The feature is being rolled out and will be fully available by early February.

3. Wider Flyout for Details: A wider flyout option for viewing Message Trace details has been introduced in the new Message Trace. It improves readability and makes it easier to analyze data in greater depth.

4. Time Zone Alignment: Message Trace queries will now automatically align with the time zone configured in the admin’s Exchange account settings. It ensures accurate and consistent timestamps across all results.

Changes in Get-MessageTrace of ExchangeOnline PowerShell

Not only has Microsoft introduced the new Message Trace in the Exchange admin center, but it has also introduced an equivalent new cmdlet named Get-MessageTraceV2. This latest cmdlet is designed to enhance and simplify the process of retrieving the delivery status of emails in Exchange Online. This updated cmdlet replaces the older Get-MessageTrace and offers improved functionality tailored to modern administrative needs.

Note: Ensure you are using version 3.7.0 or later of the Exchange Online PowerShell V3 module to utilize the Get-MessageTraceV2 cmdlet.

With Get-MessageTraceV2, you can now:
• You can query up to 90 days of historical data. However, each query will only return 10 days of data at a time, so you’ll need to repeat the process to access the full 90 days. Initially, you’ll only have access to 30 days of data for near real-time queries, but this will gradually expand to 90 days over time.
• Use the -Subject parameter for more specific targeted searches. It enables precise filtering based on subject lines with options like “starts with,” “ends with,” or “contains.”
• You can retrieve larger datasets with a default result size of 1,000 records and a maximum of 5,000 records using the -ResultSize parameter.
• Use the -StartingRecipientAddress parameter to seamlessly pull subsequent records while avoiding duplication. This update improves efficiency when working with large datasets.
For example: Imagine you need to query a message trace with more than 5,000 records. After retrieving the first set of 5,000 records, running the query again will only return the same data. Here, you can use the -StartingRecipientAddress parameter with the recipient address from the last record from your previous query. This minimizes duplication by pulling the subsequent data.
• Pagination parameters like Page Number or Page Size will no longer be supported. It reduces system complexity and improves performance for large queries.
Since pagination is not supported, Microsoft suggests you use the -EndTime parameter with the ‘Received’ time from the last record of your previous query. Then, use the -StartingRecipientAddress parameter with the recipient address from the last record to continue your query.

Differences between Message Trace V1 and V2

PropertyGet-MessageTraceGet-MessageTraceV2
Recipient Address Case HandlingThe recipient addresses are normalized to lowercase.The recipient addresses are retained exactly as they appear in the Message Tracking Logs, preserving their original case.
Quarantine StatusDisplays the original status. For instance, if a message was initially quarantined but later released by an admin, V1 will reflect the final status, such as “Quarantined”.Displays the most recent status. For instance, if a message was initially quarantined but later released by an admin, it will reflect the final status, such as “Delivered to Mailbox”.

On-going Updates in Get-MessageTraceV2

  1. Result Ordering: When displaying results, Message Trace V2 first sorts by the Received time in descending order, followed by sorting the RecipientAddress in ascending order (case-insensitive).
  2. Missing FromIp Data: In rare instances, the FromIp field may be missing in Message Trace V2. Microsoft is aware of this issue and is actively working to resolve it.
  3. Handling Large Data Sets: For messages with over 1,000 recipients, you must include the MessageTraceId in both the Exchange Admin Center and PowerShell cmdlet queries to avoid receiving incomplete or partial results.

We hope this post has provided valuable insights into the improvements in Message Trace. We’d love to hear your thoughts and experiences with these updates, so feel free to share them in the comments below.