🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Audit Emails Sent to External Domains in Microsoft 365

Worried about your organization's sensitive data being leaked outside your organization? Unmonitored outgoing messages to external domains can lead to data breaches and loss of sensitive information, making regular monitoring crucial. This guide will walk you through the steps to effectively track emails sent to external domains in Exchange Online.

Native Solution

Microsoft 365 Permission Required

High
Least Privilege

View-Only Recipients Role

Highest Privilege

Global Admin

Option 1 Using Windows PowerShell

  • Connect to the Exchange Online PowerShell module using the below cmdlet.
  • Windows PowerShell Windows PowerShell
     Connect-ExchangeOnline
  • Run the following cmdlet with the appropriate start date, end date, report title, domain name, and an email address to notify when the historical search is complete.
  • Windows PowerShell Windows PowerShell
     Start-HistoricalSearch -StartDate MM/DD/YYYY -EndDate MM/DD/YYYY -ReportTitle "<ReportTitle>" -ReportType MessageTrace -SenderAddress "*<DomainName>" -NotifyAddress "<EmailAddress>"
Using Windows PowerShell
  • Once completed, the exported file will be sent to the email address specified in the 'NotifyAddress' parameter, or it can be downloaded from the Downloadable reports section in Message Trace.
  • The generated report includes all outbound emails. However, you need to filter to get the external emails alone.
  • You can also use the 'Get-MessageTrace' cmdlet for quicker insight. But, 'Get-MessageTrace' cmdlet can only retrieve message data for the past 10 days.

Option 2 Using Exchange Admin Center

  • Log in to the Exchange admin center and navigate to Message trace under Mail flow.
  • Click on Start a trace and specify the Senders using the wildcard format "*<your domain name>". Now choose the desired Time range for the report.
  • Configure Direction as "Outbound" and select the Report type.
  • In the following flyout page, preview the applied filters, give the report a title, and click Prepare report.
Using Exchange Admin Center
  • Once the report is ready, download it from the Downloadable reports section. The generated report includes all outbound emails. To get emails sent to external domains in Microsoft 365, apply a filter to the Recipient Address column in the exported file.
AdminDroid Solution
More than 150 reports are under the free edition.

AdminDroid Permission Required

Required Permission.

StepsUsing AdminDroid

ad
  • Log in to the AdminDroid Office 365 portal.
  • Navigate to All Mails Sent to External Domain report under Analytics»Email Analytics»Email Activities.
Using AdminDroid

Retrieve all emails sent from the organization to external domains, including key details such as sender and recipient addresses, the time the email was sent, and the specific external domain involved.

daily-outbound-summary-by-status
  • Utilize AdminDroid's built-in charts to get a visual summary of daily outbound external emails by status. This helps admins to detect unusual spikes and swiftly prevent potential data leaks.

Ensure Compliance by Monitoring Outgoing External Emails in Outlook!

Access comprehensive reports on every outbound email sent to external domains with AdminDroid, helping prevent unauthorized data leaks and ensuring your organization remains GDPR-compliant.

Witness the report in action using the

Exchange OnlineSafeguard Sensitive Information by Tracking Emails Sent to External Domains in Microsoft 365

Showing 1 of 2

How to get outbound external messages statistics reports in Exchange Online?

Microsoft 365 offers basic reporting capabilities with message trace. Using the 'Get-MessageTrace' cmdlet you can retrieve emails sent to external domains in your Microsoft 365 environment.

Get-MessageTrace -StartDate MM/DD/YYYY-EndDate MM/DD/YYYY | Where-Object –Property RecipientAddress –NotLike "*<YourDomainName>"

However, 'Get-MessageTrace' is limited to getting message data only for the past 10 days and also requires multiple filtering.

For more comprehensive reporting, AdminDroid offers advanced features that surpass these limitations, providing extensive insights and detailed reports on outbound external emails.

Here are some of the outbound external email statistics reports you can leverage with AdminDroid.

Top Mailboxes Sending Emails to External Domains

top-mailbox-sending-email-to-external-domains

Summary of Emails Sent to External Domains

summary-emails-to-external-domains

Top Shared Mailboxes Sending Emails to External Domain

top-shared-mailbox-outbound-report

By utilizing AdminDroid's email activity reports, you can effectively monitor and manage your organization’s email traffic. This enhanced visibility helps you to address potential security risks and maintain control over external communications. Additionally, AdminDroid offers a variety of mail protection reports, including top spam senders, top phishing senders, top malware senders, and other outbound email activity insights.

How to prevent Microsoft 365 users from sending emails outside the organization?

External collaboration is essential for organizations, but allowing everyone to communicate with external domains can increase the risk of sensitive information leaks. Therefore, it's crucial to implement mail flow rules to block all users from sending emails outside the organization, except for specific groups.

To restrict users from sending emails to external domains, follow the steps below.

  • Navigate to the Rules page in the Exchange admin center. Then, click Add a rule and select Create a new rule from the drop-down list.
  • In the new rule creation page, specify a name for the rule. Under Apply this rule if section, select "The recipient" and choose "is external/internal". In the right pane, choose "Outside the organization" and click "Save."
  • In the Do the following section, select "Block the message" and choose "reject the message and include an explanation". Provide a reason for the block, which users will see in the NDR message.
  • You can also choose not to notify anyone and simply delete the message by selecting the delete the message without notifying anyone option.
  • In the Except if section, select "The sender", choose "is a member of this group" and select the group you want to exempt from this rule.

Tip: To delegate more control, click the add condition (+) next to the first condition and select The sender. Here, you can specify a particular user or group to restrict only its members from sending emails outside the organization.

mail-flow-rules-outbound
  • Configure the rule settings as per the requirements and click "Next" to preview the specified conditions. Review and click Finish to complete the mail flow rule setup.

By default, the mail flow rule is disabled once created. To enable it, select the rule from the list and enable the toggle switch.

By implementing this rule, you ensure that only authorized groups can send emails outside the organization, while all other users are restricted. This approach helps maintain control over external communications and reduces the risk of data leaks.

Note: The rule changes may take up to 30 minutes to take effect.

Even minor changes to mail flow rules can cause significant email delivery issues, like redirecting sensitive data or blocking important emails. Therefore, every change to mail flow rules must be regularly monitored.

Monitor critical changes to transport rules with AdminDroid's Transport Rule Changes report!

The transport rule changes report offers detailed insights into changes made to mail flow rules in your organization. By reviewing this report, admins can track how email flow is being managed, ensuring better control over email policies and security.

  • With AdminDroid’s alert functionality, you can easily receive notifications whenever changes to mail flow rules are made.
  • You also have the flexibility to customize the alert message and the conditions that trigger the alert.
transport-rule-alerting

AdminDroid Exchange Online ReporterProactively Monitor Outbound External Emails in Microsoft 365 for Unusual Sending Pattern!

AdminDroid's email monitoring tool provides detailed insights into emails sent to external domains, enabling you to monitor outbound email activity with ease. This robust tracking capability is essential for admins to enforce organizational policies, detect unauthorized data sharing, and ensure compliance.

A Quick Summary

Track Outbound Spam Emails in EXO

Utilize AdminDroid to monitor outgoing spam emails to external domains. This helps to safeguard your organization’s reputation.

Monitor External Email Forwarding in EXO

Keep track of external email forwarding report with AdminDroid to ensure that sensitive information isn’t mistakenly forwarded outside your organization.

Automated Tracking of Outbound External Emails

AdminDroid's scheduling feature can automate the outbound external emails report. This enables daily tracking, making it easier to audit communications and prevent unauthorized data transfers.

Review Shared Mailboxes Sending External Emails

Examine top shared mailboxes by daily external mails sent to ensure that communications from shared mailboxes aren’t misused or lead to data exposure.

Identify Top User Sending External Emails

Track top user mailboxes sending emails to external domains daily and detect unusual spikes in external email activities.

Get User Email Traffic Reports with AdminDroid

Utilize Microsoft 365 email statistics report to track emails sent and received by each user to unauthorized external domains.

In conclusion, AdminDroid's Exchange Online reporting tool provides an effective solution for auditing emails sent to external domains. With detailed reports and automated tracking, it helps ensure compliance and enhances the security of your email environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Common Errors and Resolution Steps While Auditing Emails Sent to External Domains in Microsoft 365

The following are possible errors and troubleshooting hints while exporting outbound external emails report in Exchange Online.

Error: Please provide at least one of the following fields: sender address, recipient address, or message ID.

This error occurs in the Exchange admin center when performing a message trace with a time range exceeding 10 days or when the direction is set to outbound.

Troubleshooting hint :Ensure that you provide at least one of the required fields (sender address, recipient address, or message ID) when using an extended time range or tracing outbound emails to generate the report successfully.

Error: Write-ErrorMessage : |Microsoft.Exchange.Management.Tasks.ValidationException|Invalid StartDate value. The StartDate can't be older than 10 days from today.

This error occurs while executing the 'Get-MessageTrace' cmdlet with StartDate more than 10 days earlier than today's date.

Troubleshooting hint :Ensure the StartDate is within the last 10 days, as the 'Get-MessageTrace' cmdlet can only retrieve data from the past 10 days.

Error: Write-ErrorMessage : Cannot process argument transformation on parameter 'StartDate'. Cannot convert value "dd/mm/yyyy" to type "System.Nullable`1[System.DateTime]". Error: "String 'dd/mm/yyyy' was not recognized as a valid DateTime."

This error occurs when you enter the date in the incorrect format while specifying the start date or end date in Start-HistoricalSearch cmdlet.

Troubleshooting hint :Enter the date in the MM/DD/YYYY format while executing 'Start-HistoricalSearch' cmdlet in Exchange Online PowerShell.

Error: Start-HistoricalSearch : The term 'Start-HistoricalSearch' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you execute the 'Start-HistoricalSearch' cmdlet without connecting to the Exchange Online module.

Troubleshooting hint :First connect to the Exchange Online PowerShell module before running the 'Start-HistoricalSearch' command.

Connect-ExchangeOnline