Give more detail on the TLS and Connector reports that are available in the Security and Compliance Centre
Allow you to drill down and get more detail on the TLS report. For example, which domains are not using TLS, or which domains are only using TLS 1.0.
1. Click into “details”.
2. Choose “connector report”.
3. Choose “request report”.
4. Answer the questions in the wizard, clicking “Next”, “Next”, and “Save”.
5. Wait for the report to come to the email address specified. It will contain the following fields:
message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher
With the Message_Id value, you can combine this with MessageTrace to get the Subject.
If this does not help, please provide more information as to the scenario and detail that is missing. Thank you for the feedback!
Kevin Howarf commented
This feature to be able to see if TLS is not used ihen sending email is critical to determine if email has the abiitiy to be intercepted by others. If we could search for it in the admin and provide alerts when this happens that would be ideal. Also if the outlook ui and the web version could also indicate this then we can train out users so they can do the right thing
Edward Dickson commented
The solution that you have suggested is inadequate for the situation. The connector report has no functionality to filter emails based on TLS version or protocol, prior to the report being exported and has a small limit on the data that you return.
This means that it isn't possible to export a report of which emails use TLS 1.0 or 1.1 without exporting a list of every single email from that period. If that isn't bad enough, it wouldn't be a single report as there is relatively small limit on the size of the reports.
I full well agree that TLS 1.0 and TLS 1.1 should be depreciated but Microsoft need to provide their customers with the tools to make this happen without incident!
hi @scott landry. as mentioned, i can't seem to find the following fields: message_id, direction, sender_address, recipient_address, connector_name, connector_type, tls_version, tls_cipher in my connector report.
am i missing something? thanks!
Niels N commented
This would give useful insight into TLS versions used. Remote server IP address, mail domain name, and TLS version. TLS 1.2 is a minimum requirement for mail between Danish government agencies as of january 2020.
Christian Kerner commented
Hey, the Idea is great, I also have the problem that if I download the *.csv File I get to the Excel File Limits (customer with 100 k+ Mail Addresses.
Why is it not possible to enter this report via. Powershell or Graph API. It would be great to get this information via. Script and then you can save the information in to an DB and do great stuff with it.
Br Christian Kerner (Technologist @Avanade)
Michael Lin commented
I also need to know email subject to help me understanding which email(funciton/system) still sending email with TLS 1.0/1.1..
I need to be able to track this via something! The report is not helpful
Calum Morrison commented
Same from me; this report is completely useless for tracing the sender of TLS1.0 email - if it only had source IP, recipient or subject line added it would be useful. Just spent a frustrating half hour on the phone with an MS rep who sent me here but clearly nothing has been done in over a year.
if the source IP included into the report that will be great to investigate /trace it
Anthony Cardullo commented
Need a lot more details!!!!!!
Please improve this poor report
I want this also
Jenelle Sujat commented
We need to see the IP address from which users are connecting so we can determine if the TLS 1.0/1.1 requests are coming from corporate machines or not. I am looking at the report that can be downloaded from the Service Trust Portal per the MC171089 announcement in the Message Center.
We need to know specifics about which email addresses or domains other than just count.
I want this also
An insight report would be good detailsing Sender Address, Time and TLS used. - Same here GDPR and Cyber Requirements.
Kim Sørensen commented
This is a much needed feature for all companies who wish to be GDPR compliant, and in Denmark this is a requirement from the 1st of jan 2019 to force TLS.
So we need to know abot the failing mails before so we can do something about this!!!
Norbert BONNAUD commented
We need more informations about the TLS. You claim to be OK with TLS 1.2 on the 31 october but you don't help us about it.
I want this as well.
Povl H. Pedersen commented
We need this as well.
At least for outbound we need a list of recipient domain names, such that we can either make excemptions up front, or contact them.
It is an official legal GDPR requirement to use TLS from January 1st 2019 here in Denmark on all mails containing personal data. So we need to make the step. Right now we have no clue of the impact to business.