🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Audit Emails Sent to External Domains in Microsoft 365

Worried about your organization's sensitive data being leaked outside your organization? Unmonitored outgoing messages to external domains can lead to data breaches and loss of sensitive information, making regular monitoring crucial. This guide will walk you through the steps to effectively track emails sent to external domains in Exchange Online.

Option 1
Option 2
Option 3
Important Tips
Errors and Resolution Steps
FAQs

Using Windows PowerShell

Microsoft 365 Permission Required
View-Only Recipients Role Least Privilege
Global Admin Most Privilege
  • Connect to the Exchange Online PowerShell module using the below cmdlet.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • Run the following cmdlet with the appropriate start date, end date, report title, domain name, and an email address to notify when the historical search is complete.
  • Windows PowerShell Windows PowerShell 
     Start-HistoricalSearch -StartDate MM/DD/YYYY -EndDate MM/DD/YYYY -ReportTitle "<ReportTitle>" -ReportType MessageTrace -SenderAddress "*<DomainName>" -NotifyAddress "<EmailAddress>"
Using Windows PowerShell
  • Once completed, the exported file will be sent to the email address specified in the 'NotifyAddress' parameter, or it can be downloaded from the Downloadable reports section in Message Trace.
  • The generated report includes all outbound emails. However, you need to filter to get the external emails alone.
  • You can also use the 'Get-MessageTrace' cmdlet for quicker insight. But, 'Get-MessageTrace' cmdlet can only retrieve message data for the past 10 days.

Using Exchange Admin Center

Microsoft 365 Permission Required
View-Only Recipients Role Least Privilege
Global Admin Most Privilege
  • Log in to the Exchange admin center and navigate to Message trace under Mail flow.
  • Click on Start a trace and specify the Senders using the wildcard format "*<your domain name>". Now choose the desired Time range for the report.
  • Configure Direction as "Outbound" and select the Report type.
  • In the following flyout page, preview the applied filters, give the report a title, and click Prepare report.
Using Exchange Admin Center
  • Once the report is ready, download it from the Downloadable reports section. The generated report includes all outbound emails. To get emails sent to external domains in Microsoft 365, apply a filter to the Recipient Address column in the exported file.
AdminDroid Exchange Online Reporter

Proactively Monitor Outbound External Emails in Microsoft 365 for Unusual Sending Pattern!

AdminDroid's email monitoring tool provides detailed insights into emails sent to external domains, enabling you to monitor outbound email activity with ease. This robust tracking capability is essential for admins to enforce organizational policies, detect unauthorized data sharing, and ensure compliance.

Track Outbound Spam Emails in EXO

Utilize AdminDroid to monitor outgoing spam emails to external domains. This helps to safeguard your organization’s reputation.

Monitor External Email Forwarding in EXO

Keep track of external email forwarding report with AdminDroid to ensure that sensitive information isn’t mistakenly forwarded outside your organization.

Automated Tracking of Outbound External Emails

AdminDroid's scheduling feature can automate the outbound external emails report. This enables daily tracking, making it easier to audit communications and prevent unauthorized data transfers.

Review Shared Mailboxes Sending External Emails

Examine top shared mailboxes by daily external mails sent to ensure that communications from shared mailboxes aren’t misused or lead to data exposure.

Identify Top User Sending External Emails

Track top user mailboxes sending emails to external domains daily and detect unusual spikes in external email activities.

Get User Email Traffic Reports with AdminDroid

Utilize Microsoft 365 email statistics report to track emails sent and received by each user to unauthorized external domains.

In conclusion, AdminDroid's Exchange Online reporting tool provides an effective solution for auditing emails sent to external domains. With detailed reports and automated tracking, it helps ensure compliance and enhances the security of your email environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Configure outbound spam policy in Microsoft 365 to ensure only legitimate emails are sent, thereby protecting your organization from being blacklisted.

To prevent unintentional data leaks, block email auto-forwarding to external domains in Exchange Online.

Implement message approval in Exchange Online to review outbound mails and detect potential errors like sharing sensitive data with external domains.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints while exporting outbound external emails report in Exchange Online.

Error Please provide at least one of the following fields: sender address, recipient address, or message ID.

This error occurs in the Exchange admin center when performing a message trace with a time range exceeding 10 days or when the direction is set to outbound.

Fix Ensure that you provide at least one of the required fields (sender address, recipient address, or message ID) when using an extended time range or tracing outbound emails to generate the report successfully.

Error Write-ErrorMessage : |Microsoft.Exchange.Management.Tasks.ValidationException|Invalid StartDate value. The StartDate can't be older than 10 days from today.

This error occurs while executing the 'Get-MessageTrace' cmdlet with StartDate more than 10 days earlier than today's date.

Fix Ensure the StartDate is within the last 10 days, as the 'Get-MessageTrace' cmdlet can only retrieve data from the past 10 days.

Error Write-ErrorMessage : Cannot process argument transformation on parameter 'StartDate'. Cannot convert value "dd/mm/yyyy" to type "System.Nullable`1[System.DateTime]". Error: "String 'dd/mm/yyyy' was not recognized as a valid DateTime."

This error occurs when you enter the date in the incorrect format while specifying the start date or end date in Start-HistoricalSearch cmdlet.

Fix Enter the date in the MM/DD/YYYY format while executing 'Start-HistoricalSearch' cmdlet in Exchange Online PowerShell.

Error Start-HistoricalSearch : The term 'Start-HistoricalSearch' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you execute the 'Start-HistoricalSearch' cmdlet without connecting to the Exchange Online module.

Fix First connect to the Exchange Online PowerShell module before running the 'Start-HistoricalSearch' command. 
Connect-ExchangeOnline
Exchange Online

Frequently Asked Questions

Safeguard Sensitive Information by Tracking Emails Sent to External Domains in Microsoft 365

How to get outbound external messages statistics reports in Exchange Online?

How to get outbound external messages statistics reports in Exchange Online? +

Microsoft 365 offers basic reporting capabilities with message trace. Using the 'Get-MessageTrace' cmdlet you can retrieve emails sent to external domains in your Microsoft 365 environment.

Get-MessageTrace -StartDate MM/DD/YYYY-EndDate MM/DD/YYYY | Where-Object –Property RecipientAddress –NotLike "*<YourDomainName>"

However, 'Get-MessageTrace' is limited to getting message data only for the past 10 days and also requires multiple filtering.

For more comprehensive reporting, AdminDroid offers advanced features that surpass these limitations, providing extensive insights and detailed reports on outbound external emails.

Here are some of the outbound external email statistics reports you can leverage with AdminDroid.

Top Mailboxes Sending Emails to External Domains

top-mailbox-sending-email-to-external-domains

Summary of Emails Sent to External Domains

summary-emails-to-external-domains

Top Shared Mailboxes Sending Emails to External Domain

top-shared-mailbox-outbound-report

By utilizing AdminDroid's email activity reports, you can effectively monitor and manage your organization’s email traffic. This enhanced visibility helps you to address potential security risks and maintain control over external communications. Additionally, AdminDroid offers a variety of mail protection reports, including top spam senders, top phishing senders, top malware senders, and other outbound email activity insights.

How to prevent Microsoft 365 users from sending emails outside the organization?

How to prevent Microsoft 365 users from sending emails outside the organization? +

External collaboration is essential for organizations, but allowing everyone to communicate with external domains can increase the risk of sensitive information leaks. Therefore, it's crucial to implement mail flow rules to block all users from sending emails outside the organization, except for specific groups.

To restrict users from sending emails to external domains, follow the steps below.

  • Navigate to the Rules page in the Exchange admin center. Then, click Add a rule and select Create a new rule from the drop-down list.
  • In the new rule creation page, specify a name for the rule. Under Apply this rule if section, select "The recipient" and choose "is external/internal". In the right pane, choose "Outside the organization" and click "Save."
  • In the Do the following section, select "Block the message" and choose "reject the message and include an explanation". Provide a reason for the block, which users will see in the NDR message.
  • You can also choose not to notify anyone and simply delete the message by selecting the delete the message without notifying anyone option.
  • In the Except if section, select "The sender", choose "is a member of this group" and select the group you want to exempt from this rule.

Tip: To delegate more control, click the add condition (+) next to the first condition and select The sender. Here, you can specify a particular user or group to restrict only its members from sending emails outside the organization.

mail-flow-rules-outbound
  • Configure the rule settings as per the requirements and click "Next" to preview the specified conditions. Review and click Finish to complete the mail flow rule setup.

By default, the mail flow rule is disabled once created. To enable it, select the rule from the list and enable the toggle switch.

By implementing this rule, you ensure that only authorized groups can send emails outside the organization, while all other users are restricted. This approach helps maintain control over external communications and reduces the risk of data leaks.

Note: The rule changes may take up to 30 minutes to take effect.

Even minor changes to mail flow rules can cause significant email delivery issues, like redirecting sensitive data or blocking important emails. Therefore, every change to mail flow rules must be regularly monitored.

Monitor critical changes to transport rules with AdminDroid's Transport Rule Changes report!

The transport rule changes report offers detailed insights into changes made to mail flow rules in your organization. By reviewing this report, admins can track how email flow is being managed, ensuring better control over email policies and security.

  • With AdminDroid’s alert functionality, you can easily receive notifications whenever changes to mail flow rules are made.
  • You also have the flexibility to customize the alert message and the conditions that trigger the alert.
transport-rule-alerting
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Audit Emails Sent to External Domains in Microsoft 365
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo