Audit Outbound External Emails in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Least Privilege

View-Only Recipients Role

Most Privilege

Global Admin

Option 1 Using Windows PowerShell

Connect to the Exchange Online PowerShell module using the below cmdlet.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Run the following cmdlet with the appropriate start date, end date, report title, domain name, and an email address to notify when the historical search is complete.

Windows PowerShell

 Start-HistoricalSearch -StartDate MM/DD/YYYY -EndDate MM/DD/YYYY -ReportTitle "<ReportTitle>" -ReportType MessageTrace -SenderAddress "*<DomainName>" -NotifyAddress "<EmailAddress>"

Once completed, the exported file will be sent to the email address specified in the 'NotifyAddress' parameter, or it can be downloaded from the Downloadable reports section in Message Trace.
The generated report includes all outbound emails. However, you need to filter to get the external emails alone.
You can also use the 'Get-MessageTrace' cmdlet for quicker insight. But, 'Get-MessageTrace' cmdlet can only retrieve message data for the past 10 days.

Option 2 Using Exchange Admin Center

Log in to the Exchange admin center and navigate to Message trace under Mail flow.
Click on Start a trace and specify the Senders using the wildcard format "*<your domain name>". Now choose the desired Time range for the report.
Configure Direction as "Outbound" and select the Report type.
In the following flyout page, preview the applied filters, give the report a title, and click Prepare report.

Once the report is ready, download it from the Downloadable reports section. The generated report includes all outbound emails. To get emails sent to external domains in Microsoft 365, apply a filter to the Recipient Address column in the exported file.

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Required Permission.

StepsUsing AdminDroid

Log in to the AdminDroid Office 365 portal.
Navigate to All Mails Sent to External Domain report under Analytics»Email Analytics»Email Activities.

Retrieve all emails sent from the organization to external domains, including key details such as sender and recipient addresses, the time the email was sent, and the specific external domain involved.

Utilize AdminDroid's built-in charts to get a visual summary of daily outbound external emails by status. This helps admins to detect unusual spikes and swiftly prevent potential data leaks.

Explore a full range of reporting options

Ensure Compliance by Monitoring Outgoing External Emails in Outlook!

Access comprehensive reports on every outbound email sent to external domains with AdminDroid, helping prevent unauthorized data leaks and ensuring your organization remains GDPR-compliant.

Witness the report in action using the

Live Demo

Important Tips

Configure outbound spam policy in Microsoft 365 to ensure only legitimate emails are sent, thereby protecting your organization from being blacklisted.

To prevent unintentional data leaks, block email auto-forwarding to external domains in Exchange Online.

Implement message approval in Exchange Online to review outbound mails and detect potential errors like sharing sensitive data with external domains.

Exchange OnlineSafeguard Sensitive Information by Tracking Emails Sent to External Domains in Microsoft 365

Showing 1 of 2

How to get outbound external messages statistics reports in Exchange Online? How to prevent Microsoft 365 users from sending emails outside the organization?

How to get outbound external messages statistics reports in Exchange Online?

Microsoft 365 offers basic reporting capabilities with message trace. Using the 'Get-MessageTrace' cmdlet you can retrieve emails sent to external domains in your Microsoft 365 environment.

Get-MessageTrace -StartDate MM/DD/YYYY-EndDate MM/DD/YYYY | Where-Object –Property RecipientAddress –NotLike "*<YourDomainName>"

However, 'Get-MessageTrace' is limited to getting message data only for the past 10 days and also requires multiple filtering.

For more comprehensive reporting, AdminDroid offers advanced features that surpass these limitations, providing extensive insights and detailed reports on outbound external emails.

Here are some of the outbound external email statistics reports you can leverage with AdminDroid.

Top Mailboxes Sending Emails to External Domains

Keep track of top mailboxes sending emails to external domains, including the count of emails sent.
This report helps admins pinpoint mailboxes with high external email activity, which could be a sign of a compromised account.

top-mailbox-sending-email-to-external-domains

Summary of Emails Sent to External Domains

Obtain a summary of emails sent to external domains, showing the volume of emails for each domain.
This helps admins spot communications with unauthorized domains and block potentially risky ones.

Top Shared Mailboxes Sending Emails to External Domain

Obtain the list of top shared mailboxes sending emails to external domain.
This helps admins ensure that shared mailboxes are not being misused, given that multiple users have access to them.

By utilizing AdminDroid's email activity reports, you can effectively monitor and manage your organization’s email traffic. This enhanced visibility helps you to address potential security risks and maintain control over external communications. Additionally, AdminDroid offers a variety of mail protection reports, including top spam senders, top phishing senders, top malware senders, and other outbound email activity insights.

How to prevent Microsoft 365 users from sending emails outside the organization?

External collaboration is essential for organizations, but allowing everyone to communicate with external domains can increase the risk of sensitive information leaks. Therefore, it's crucial to implement mail flow rules to block all users from sending emails outside the organization, except for specific groups.

To restrict users from sending emails to external domains, follow the steps below.

Navigate to the Rules page in the Exchange admin center. Then, click Add a rule and select Create a new rule from the drop-down list.
In the new rule creation page, specify a name for the rule. Under Apply this rule if section, select "The recipient" and choose "is external/internal". In the right pane, choose "Outside the organization" and click "Save."
In the Do the following section, select "Block the message" and choose "reject the message and include an explanation". Provide a reason for the block, which users will see in the NDR message.
You can also choose not to notify anyone and simply delete the message by selecting the delete the message without notifying anyone option.
In the Except if section, select "The sender", choose "is a member of this group" and select the group you want to exempt from this rule.

Tip: To delegate more control, click the add condition (+) next to the first condition and select The sender. Here, you can specify a particular user or group to restrict only its members from sending emails outside the organization.

Configure the rule settings as per the requirements and click "Next" to preview the specified conditions. Review and click Finish to complete the mail flow rule setup.

By default, the mail flow rule is disabled once created. To enable it, select the rule from the list and enable the toggle switch.

By implementing this rule, you ensure that only authorized groups can send emails outside the organization, while all other users are restricted. This approach helps maintain control over external communications and reduces the risk of data leaks.

Note: The rule changes may take up to 30 minutes to take effect.

Even minor changes to mail flow rules can cause significant email delivery issues, like redirecting sensitive data or blocking important emails. Therefore, every change to mail flow rules must be regularly monitored.

Monitor critical changes to transport rules with AdminDroid's Transport Rule Changes report!

The transport rule changes report offers detailed insights into changes made to mail flow rules in your organization. By reviewing this report, admins can track how email flow is being managed, ensuring better control over email policies and security.

With AdminDroid’s alert functionality, you can easily receive notifications whenever changes to mail flow rules are made.
You also have the flexibility to customize the alert message and the conditions that trigger the alert.

AdminDroid Exchange Online ReporterProactively Monitor Outbound External Emails in Microsoft 365 for Unusual Sending Pattern!

AdminDroid's email monitoring tool provides detailed insights into emails sent to external domains, enabling you to monitor outbound email activity with ease. This robust tracking capability is essential for admins to enforce organizational policies, detect unauthorized data sharing, and ensure compliance.

A Quick Summary

Track Outbound Spam Emails in EXO

Utilize AdminDroid to monitor outgoing spam emails to external domains. This helps to safeguard your organization’s reputation.

Monitor External Email Forwarding in EXO

Keep track of external email forwarding report with AdminDroid to ensure that sensitive information isn’t mistakenly forwarded outside your organization.

Automated Tracking of Outbound External Emails

AdminDroid's scheduling feature can automate the outbound external emails report. This enables daily tracking, making it easier to audit communications and prevent unauthorized data transfers.

Review Shared Mailboxes Sending External Emails

Examine top shared mailboxes by daily external mails sent to ensure that communications from shared mailboxes aren’t misused or lead to data exposure.

Identify Top User Sending External Emails

Track top user mailboxes sending emails to external domains daily and detect unusual spikes in external email activities.

Get User Email Traffic Reports with AdminDroid

Utilize Microsoft 365 email statistics report to track emails sent and received by each user to unauthorized external domains.

In conclusion, AdminDroid's Exchange Online reporting tool provides an effective solution for auditing emails sent to external domains. With detailed reports and automated tracking, it helps ensure compliance and enhances the security of your email environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps While Auditing Emails Sent to External Domains in Microsoft 365

The following are possible errors and troubleshooting hints while exporting outbound external emails report in Exchange Online.

Error: Please provide at least one of the following fields: sender address, recipient address, or message ID.

This error occurs in the Exchange admin center when performing a message trace with a time range exceeding 10 days or when the direction is set to outbound.

Troubleshooting hint :Ensure that you provide at least one of the required fields (sender address, recipient address, or message ID) when using an extended time range or tracing outbound emails to generate the report successfully.

Error: Write-ErrorMessage : |Microsoft.Exchange.Management.Tasks.ValidationException|Invalid StartDate value. The StartDate can't be older than 10 days from today.

This error occurs while executing the 'Get-MessageTrace' cmdlet with StartDate more than 10 days earlier than today's date.

Troubleshooting hint :Ensure the StartDate is within the last 10 days, as the 'Get-MessageTrace' cmdlet can only retrieve data from the past 10 days.

Error: Write-ErrorMessage : Cannot process argument transformation on parameter 'StartDate'. Cannot convert value "dd/mm/yyyy" to type "System.Nullable`1[System.DateTime]". Error: "String 'dd/mm/yyyy' was not recognized as a valid DateTime."

This error occurs when you enter the date in the incorrect format while specifying the start date or end date in Start-HistoricalSearch cmdlet.

Troubleshooting hint :Enter the date in the MM/DD/YYYY format while executing 'Start-HistoricalSearch' cmdlet in Exchange Online PowerShell.

Error: Start-HistoricalSearch : The term 'Start-HistoricalSearch' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you execute the 'Start-HistoricalSearch' cmdlet without connecting to the Exchange Online module.

Troubleshooting hint :First connect to the Exchange Online PowerShell module before running the 'Start-HistoricalSearch' command.

Connect-ExchangeOnline

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Audit Emails Sent to External Domains in Microsoft 365