Give more detail on the TLS and Connector reports that are available in the Security and Compliance Centre
Allow you to drill down and get more detail on the TLS report. For example, which domains are not using TLS, or which domains are only using TLS 1.0.
1. Click into “details”.
2. Choose “connector report”.
3. Choose “request report”.
4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
5. Wait for the report to come to the email address specified. It will contain the following fields:
message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher
With the Message_Id value, you can combine this with MessageTrace to get the Subject.
If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!
Roger ODaniel commented
Just ended chat with Microsoft help-desk support. I happen to be a Microsoft Partner since the late 1980's.
Microsoft must clean up their registry during any kind of modification or uninstall. This has been a problem for years. For example:
Had to upgrade from Office 2013 Home and Business to Office 365 Home when Microsoft started shutting down Outlook 2013 on my notebook within 15 seconds after I started it. (If Microsoft wants to avoid payment for some tort lawyer's new Jetstream, I suggest you folks stop doing that. Also, the EU loves to get into deep pockets. To err is human; to love is divine. But forgiveness is not corporate policy. Just sayin.).
I bought Office 365 home and installed it on a machine that had no prior Office installation. It worked as advertised. After I installed my e-mail address, it picked up the correct virtual server ports for Comcast's IMAP and SMTP servers and did its thing. Next, I copied the pst file on my notebook to a place where Microsoft Office 365 couldn't find it and then did a full uninstall of Office 2013. Found out later that it left lint in the registry. I installed Office 365 Home and it could not find either of Comcast's servers. I drilled down into Outlook 365's server settings and found it had the wrong virtual ports for the smtp server. Contacted Comcast, escalated the chat to someone who knew what an IMAP and SMTP server was, and received the incorrect virtual port for the smtp server. Put that in and pressed the "next" button. It upgraded it and told me something was wrong. I looked at the Comcast server settings in the screamer PC that worked. Found out the settings: IMAP = 993 and SMTP is 465. When I plugged that in to my notebook via Outlook's object, it told me something was wrong and would not correct it. Finally, I did a deep dive into the registry with regedit and fixed the problem. Did a warm boot and opened Office 365 Outlook. It worked.
Messing with the registry is a bit above the pay grade for a typical end-user, dontcha think?
Just received word that Comcast is changing the User ID on its login to the end-user's e-mail address to access the IMAP server. They already did it for the smtp server. Will Comcast inform Microsoft of the change and its timing? Probably not. Oh well, nobody's perfect.
Michael Lin commented
I also need to know email subject to help me understanding which email(funciton/system) still sending email with TLS 1.0/1.1..
I need to be able to track this via something! The report is not helpful
Calum Morrison commented
Same from me; this report is completely useless for tracing the sender of TLS1.0 email - if it only had source IP, recipient or subject line added it would be useful. Just spent a frustrating half hour on the phone with an MS rep who sent me here but clearly nothing has been done in over a year.
if the source IP included into the report that will be great to investigate /trace it
Anthony Cardullo commented
Need a lot more details!!!!!!
Please improve this poor report
I want this also
Jenelle Sujat commented
We need to see the IP address from which users are connecting so we can determine if the TLS 1.0/1.1 requests are coming from corporate machines or not. I am looking at the report that can be downloaded from the Service Trust Portal per the MC171089 announcement in the Message Center.
We need to know specifics about which email addresses or domains other than just count.
I want this also
An insight report would be good detailsing Sender Address, Time and TLS used. - Same here GDPR and Cyber Requirements.
Kim Sørensen commented
This is a much needed feature for all companies who wish to be GDPR compliant, and in Denmark this is a requirement from the 1st of jan 2019 to force TLS.
So we need to know abot the failing mails before so we can do something about this!!!
Norbert BONNAUD commented
We need more informations about the TLS. You claim to be OK with TLS 1.2 on the 31 october but you don't help us about it.
I want this as well.
Povl H. Pedersen commented
We need this as well.
At least for outbound we need a list of recipient domain names, such that we can either make excemptions up front, or contact them.
It is an official legal GDPR requirement to use TLS from January 1st 2019 here in Denmark on all mails containing personal data. So we need to make the step. Right now we have no clue of the impact to business.
Agreed. At least give us a message ID we could search. When you have copiers, servers, phone system sending emails, it's a task to find out which ones are sending as TLS 1.x.
John Harrison commented
Need more detail in TLS and Connector reports so admins can drill down to examine dates, times and message IDs. This will help in identifying sources of outbound non-TLS and out-of-date TLS connections.