Message trace retention in O365

There seems to be some misunderstanding about the retention of message trace data in Office 365. To be clear: this data is stored for 90 days. You can find this info on TechNet.

I can see where the confusion comes in, tho. When you run the get-messagetrace cmdlet from Powershell, you only get the information for messages from the last 7 days. If you wish to retrieve data for older messages, you should start a new historical search.

start-historicalsearch -startdate date -enddate date -recipientaddress -senderaddress -reporttitle "John Doe historical search"  -ReportType messagetrace -notifyaddress

This Powershell command starts the search job with the specified criteria. For information on the parameters you can use with the cmdlet, check the documentation. When searching for a large timeframe or in heavily used mailboxes, it can take op to a few hours to collect al the date. If you specify the NotifyAddress parameter in your cmdlet, you will be notified when the report is ready.¬†Results will be sent to the specified address. If you don’t specify an address for the notification, you can revert to the Exchange Online admin portal to retrieve the data. You can find you historical searches on the mailflow -> message trace section of the Exchange Online portal.

It can be wise to discuss the 90 days retention period of Office 365 with your customer. If the organization requires a larger retention, for example because of legal reasons, you may need to implement 3rd party products to achieve this.