🎉 Our Microsoft 365 Reporting & Management Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Get Exchange Online Email Attachment Report

In every organization, email attachments play a crucial role in collaboration and file sharing. However, they can also introduce risks, as attachments often serve as entry points for phishing, malware, or accidental data leaks. Regularly monitoring email attachments in Exchange Online helps organizations track data movement and prevent the exposure of sensitive information. This guide explains how to export Exchange Online email attachment report to strengthen data security within your Microsoft 365 email environment.

Solution 1
Solution 2
Important Tips
Errors and Resolution Steps
FAQs

Check Exchange Email Attachment Report Using PowerShell

Microsoft Graph Permission Required
User.Read.All, Mail.Read Least Privilege
Directory.ReadWrite.All, Mail.ReadWrite Most Privilege
  • Connect to Microsoft Graph PowerShell using a certificate by replacing <ClientID>, <TenantID>, and <CertThumbprint> with the appropriate values in the following cmdlet.

    • Note: Since a mailbox owner can access only their own email data, application authentication is required to access other users’ mail data. Ensure the app has the required minimum privileges.

  • Windows PowerShell Windows PowerShell 
     Connect-MgGraph -ClientID “<ClientID>” -TenantId “<TenantID>” -CertificateThumbprint “<CertThumbprint>”
  • Then, run the below script, replacing <RespectiveMailboxUPN> with the desired mailbox UPN and <OutputPath> with the path where the Exchange Online attachment report should be exported as a CSV file.
  • Windows PowerShell Windows PowerShell 
     $user = "<RespectiveMailboxUPN>"
$report = @()
$uri = "https://graph.microsoft.com/v1.0/users/$user/messages?\$filter=hasAttachments eq true"
while ($uri) {
    $response = Invoke-MgGraphRequest -Uri $uri -Method GET
    foreach ($msg in $response.value) {
        $attachments = Get-MgUserMessageAttachment -UserId $user -MessageId $msg.Id
        $status = if ($msg.Sender.EmailAddress.Address -eq $user) { "Sent" } else { "Received" }
        $recipients = ($msg.ToRecipients + $msg.CcRecipients + $msg.BccRecipients | ForEach-Object { $_.EmailAddress.Address }) -join "; "
      $eventTime = ([datetime]$msg.($status -eq "Sent" ? "SentDateTime" : "ReceivedDateTime")).ToLocalTime()
        foreach ($attach in $attachments) {
            $report += [PSCustomObject]@{
                EventTime        = $eventTime
                MailboxSMTPAddress      = $user
                SenderAddress    = $msg.Sender.EmailAddress.Address
                RecipientAddresses       = $recipients
                AttachmentName   = $attach.Name
                AttachmentType   = $attach.ContentType
                AttachmentSize(KB) = [math]::Round($attach.Size / 1024, 2)
                AttachmentStatus = $status
            }
        }
    }
    $uri = $response.'@odata.nextLink'
}$report | Export-Csv "<OutputPath>" -NoTypeInformation
  • The exported CSV file includes detailed attachment information, such as mailbox SMTP address, event time, sender address, recipient addresses, attachment name, attachment type, and size.
Check Exchange Email Attachment Report Using PowerShell
AdminDroid Exchange Online Reporter

Achieve Complete Email Attachment Oversight in Exchange Online!

AdminDroid’s Microsoft 365 email monitoring tool makes it easy to view all email attachment details in your Exchange Online environment. With centralized dashboards and exportable reports, it allows administrators to uncover trends and pinpoint potential threats in email attachment activity.

Examine Outlook Emails with Multiple Attachments

Use the multi-attachment emails report to gain deeper insights into messages containing the highest number of attachments and detect abnormal file-sharing behavior.

Uncover All Historical Email Attachments in M365

Gain complete visibility into historical email attachments within a chosen timeframe, covering both primary and Recoverable Items folders, to assist with organizational audits and internal investigations.

Identify Top Exchange Mailboxes Based on Attachment Activity

Trace the mailboxes with the highest attachment counts to identify users who frequently exchange large numbers of files using Outlook.

Inspect All Email Attachments in Recoverable Items Folder

Identify email attachments in the Recoverable Items folder, along with their content information, to help users determine whether they can be recovered after accidental deletion.

Review Exchange Attachment Summary by Size Range

Analyze the count of email attachments by size range to understand how users handle attachments and adjust the attachment size limit accordingly.

Monitor Exchange Online Attachment Interactions Across Domains

Track attachment interactions with each domain to identify mailboxes that often send or receive attachments with other domains and detect untrusted sharing activity.

Overall, AdminDroid’s Exchange Online management tool enables precise tracking and control of email attachments. Its actionable reports allow Microsoft 365 administrators to efficiently manage and optimize mailboxes in Exchange Online.

Explore a full range of reporting options
Download Live Demo

Important tips

Set up Safe Attachments in Defender for Microsoft 365 to run a secondary inspection of email attachments and ensure they are safe before reaching recipients.

Automatically save attachments from shared mailboxes to SharePoint Online using a Power Automate flow to free up storage in high-traffic mailboxes.

Use zero-hour auto purge to quarantine emails with malicious attachments that slip into user mailboxes and stop undetected threats.

Common Errors and Resolution Steps

Here are some common errors and troubleshooting tips while managing email attachments in Microsoft 365.

Error Invoke-MgGraphRequest: Authentication needed. Please call Connect-MgGraph.

This error occurs in PowerShell when you run the ‘Invoke-MgGraphRequest’ cmdlet before connecting to the Microsoft Graph module.

Fix To overcome this error, first connect to the Microsoft Graph PowerShell module using the cmdlet below, and then execute the ‘Invoke-MgGraphRequest’ cmdlet to retrieve the email attachment report. 
Connect-MgGraph -ClientID “<ClientID>” -TenantId “<TenantID>” -CertificateThumbprint “<CertThumbprint>”

Error Set-Mailbox: The term 'Set-Mailbox' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you run the ‘Set-Mailbox’ cmdlet without connecting to Exchange Online.

Fix To resolve this, install and connect to the Exchange Online module using the cmdlet below before running the 'Set-Mailbox' cmdlet. 
Connect-ExchangeOnline

Error Set-Mailbox: ||The operation couldn't be performed because object '<MailboxUPN>' couldn't be found on 'DS0PR10A08DC004.NAMPR10A008.PROD.OUTLOOK.COM'.

This error occurs in PowerShell when running the ‘Set-Mailbox’ cmdlet because the specified User Principal Name (UPN) does not exist in the Microsoft 365 tenant. 

Fix To resolve this, verify that the User Principal Name is correct and ensure that the user has an active mailbox in your organization.

Error Set-Mailbox: ||The operation on mailbox "<GUID>" failed because it's out of the current user's write scope. The value of property 'MaxReceiveSize' cannot exceed the limit of 150 MB.

This error occurs in PowerShell when trying to set a mailbox’s send or receive message size limit value greater than 150 MB, as 150 MB is the maximum allowed. 

Fix Set the value to 150 MB or lower to comply with Exchange Online limits.

Error The following files couldn't be attached: <FileName>. Please try again later.

This error occurs when you try to attach files larger than the maximum size limit in Outlook. By default, the message size restriction in Exchange Online is set to 35 MB.  

Fix To resolve this issue, increase the mail attachment size limit to the required size (up to 150 MB) or send the file as a OneDrive attachment.
Exchange Online
Frequently Asked Questions

Configure and Control Email Attachments in Exchange Online!

How to increase email attachment size in Exchange Online?
How to configure message size restriction for new mailboxes in Exchange Online?
How to block specific file attachments in Outlook using Microsoft 365 Defender?
How to use mail flow rules to inspect message attachments in Exchange Online?

1. How to increase email attachment size in Exchange Online?

OneDrive and SharePoint Online serve as file-sharing hubs that enable extensive collaboration. Microsoft Outlook, on the other hand, is intended for professional communication and has a limited message size (35 MB by default) that includes both content and attachments.

However, in situations where external sharing is disabled across SharePoint Online or OneDrive, users often rely on Outlook to share files with external partners, stakeholders, or vendors. In such cases, you may need to increase the mailbox message size limit (up to 150MB) to ensure attachments can be sent successfully.

Configure message size limit for a mailbox in Microsoft 365

  • In the Exchange admin center, navigate to Recipients»Mailboxes, and select the desired mailbox.
  • Go to the Mailbox tab and locate Mail flow settings, then click Manage message size restriction under Message size restriction.
  • Enter the value as per your requirement in the Sent messages maximum size (KB) field and the Received messages maximum size (KB) field. 
  • Click Save and wait for 5 minutes to make the changes take effect.
configure-message-size-limit-mailbox-m365

To manage message size restrictions for a user via PowerShell, run the following cmdlet after connecting to Exchange Online.

Set-Mailbox -Identity "<MailboxUPN>" -MaxSendSize "<Size>MB" -MaxReceiveSize "<Size>MB"

Manage message size restriction for multiple Exchange Online mailboxes

  • In the Exchange admin center, navigate to Recipients»Mailboxes, and choose the required mailboxes (all mailboxes if required).
  • Then, click Mailflow setting, and select Message size restriction.
  • Enter the value as per your requirement in the Sent messages maximum size (KB) field and the Received messages maximum size (KB) field. 
  • Click Save to apply the changes.
message-size-restriction-multiple-mailboxes

To configure the message size limit for multiple users using PowerShell, first create a CSV file with the list of mailbox's User Principal Name as shown here.

csv-exchange-online-email-address

Then, replace <InputPath> with the CSV file location and run the following cmdlet to configure message size restrictions for multiple users.

$mailboxes = Import-csv -Path "<InputPath>"
foreach ($mailbox in $mailboxes) {
    Set-Mailbox -Identity $mailbox.EmailAddress -MaxSendSize "<Size>MB" -MaxReceiveSize "<Size>MB"
}

To configure the message size limit for all existing mailboxes, run the following cmdlet with the appropriate values.

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -MaxSendSize "<Size>MB" -MaxReceiveSize "<Size>MB"

2. How to configure message size restriction for new mailboxes in Exchange Online?

When provisioning new mailboxes, Exchange Online applies a default message size limit. However, these default settings may not fit specific organizations. In such cases, admins can modify these limits using the Exchange admin center or PowerShell.

Modify default message size restrictions for new mailboxes using EAC

  • Navigate to Exchange admin center»Recipients»Mailboxes.
  • Then, click Mailflow setting, and select Message size restriction
  • Enter the value as per your requirement in the Sent messages maximum size (KB) field and the Received messages maximum size (KB) field.
  • Click Save and wait for 5 minutes to make the changes take effect.
default-message-size-restriction-mailboxes

Increase message size limit for new mailboxes using PowerShell

If you want to modify the default message size for new mailboxes using PowerShell, run the below cmdlet after connecting to Exchange Online.

Get-MailboxPlan -ResultSize Unlimited | Set-MailboxPlan -MaxSendSize "<Size>MB” MaxReceiveSize "<Size>MB"

3. How to block specific file attachments in Outlook using Microsoft 365 Defender?

Unsafe email attachments can put your organization at risk by spreading malware and other harmful content. You can make configurations to block risky file types in Exchange Online and automatically quarantine those emails before they reach users. To implement this, you can configure custom file type blocking either through the Microsoft 365 Defender portal.

Create an anti-malware policy to block specific file types in Exchange Online

  • Sign in to the Microsoft 365 Defender portal and navigate to Email & collaboration»Policies & rules»Threat policies»Policies»Anti-malware»Create.
  • Provide a suitable name and an optional description, then click Next
  • On the Users and domains page, specify the users, groups, or domains to include in this policy.
  • Use the Exclude these users, groups, and domains option to exclude specific users, groups, or domains from the policy. Then, click Next.
  • On the Protection settings page, ensure the Enable the common attachments filter option is checked. 
  • Then, click Select file types to add the desired file extensions to the blocklist (by default, 43 extensions are included). 
  • Under When these file types are found option, select one of the following options:
    • Reject the message with a non-delivery report (NDR) – Immediately blocks potentially harmful attachments.
    • Quarantine the message – Holds the email for further review before delivery.
  • Optionally, enable and customize the notifications for admins about undeliverable messages from internal or external senders. Then, click Next.
  • Review your settings, and click Submit to create the anti-malware policy.
block-file-types-exchange-antimalware-policy
review-block-file-types-antimalware-policy

4. How to use mail flow rules to inspect message attachments in Exchange Online?

While the anti-malware policy allows you to block specific file attachments, mail flow rules (transport rules) offer a broader range of actions. These rules help inspect messages to identify attachments and take appropriate actions as needed. Here are some common scenarios where transport rules can help:

  • Password-protected attachments: Forward the message for approval since Exchange Online Protection (EOP) cannot scan it.
  • Large attachments: If an attachment exceeds a set size, prepend the subject with custom text to help track large emails at any time and optimize storage.
  • Unscannable attachments: Add a disclaimer to let the recipient know the content could not be inspected.
  • Confidential content: If the attachment contains specific confidential words, encrypt the message or apply a 'Do Not Forward' restriction.

Create mailflow rule to inspect email attachment in Exchange Online

  • Navigate to Exchange admin center»Mail flow »Rules.
  • Click + Add a rule and select Create a new rule and provide a name for the rule. 
  • Under the Apply this rule if dropdown, select Any attachment. Then, choose the appropriate option from the dropdown that appears next to it based on your need. 
  • Under Do the following, select the option depending on how you want to handle attachments that meet the above condition. Then click Next.
  • Apply the rule mode, severity, etc., as needed, and click Next
  • Review the settings, click Finish to save the rule, and then click Done to close the page. 
  • Next, select the rule you created and turn the Enable or Disable Rule toggle to Enabled.
create-mailflow-rule-email-attachment-exchange
set-rule-exchange-email-attachment

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Get Exchange Online Email Attachment Report
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo