Get-MessageTrace
- Can search up to the last 7 days of message tracking logs in O365/EOL
- If no parameters given, will return the last 48 hours of message logs across the tenant
- For more details about a particular entry, pipe the trace result to
Get-MessageTraceDetail
Start-HistoricalSearch
- Can be used to search the message trace for messages up to 90 days old
- Completes asynchronously and sends a message to a specified email address when finished
- Requires parameters:
StartDate, EndDate, ReportTitle, ReportType (MessageTrace or MessageDetail) - The
NotifyAddressparameter specifies the address to receive an alert once the search is finished - The
Get-HistoricalSearchparameter can be used the retrieve the search status after the search has finished - To see the search results, download the CSV file at the URL given in the FileURL property returned by the Get-HistoricalSearch cmdlet
Search-UnifiedAuditLog
- Allows searching the O365 audit log
- Returns pages of results
- The
ResultSizeorSessionCommandparams can be used to get more entries - To get paginated results, use the
SessionIdparameter (can be any value of your choosing) and call the cmdlet multiple times with the same session ID