Encrypted message portal activity log by Microsoft Purview Advanced Message Encryption
Article
Access logs are available for encrypted messages through the encrypted message portal that lets your organization determine when messages are read, and forwarded by your external recipients. To ensure logs are available for any external recipients, you should apply a custom branding template to protected emails sent by your organization to external recipients that enforces a portal experience. See Add your organization's brand to your encrypted messages.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Enabling message access audit logs in PowerShell
Access log can be enabled using Exchange Online PowerShell. The EnablePortalTrackingLogs parameter of the Set-IrmConfiguration cmdlet specifies whether to enable the audit logs of accessing the encrypted message portal. Valid values are:
Select the Audit solution card. If the Audit solution card isn't displayed, select View all solutions and then select Audit from the Core section.
Under Search, select the drop-down for Activities and type encrypted message portal activities.
Under encrypted message portal activities, select the event types to use in the search. Set the date range for the search (default is the previous week), you can also optionally add a particular user in your organization for the search. When ready, select Search.
Select an event from the list to view the audit properties.
Complete the following steps to view the events captured in the message access logs:
Under Search, select the drop-down for Activities and type encrypted message portal activities.
Under encrypted message portal activities, select the event types to use in the search. Set the date range for the search (default is the previous week), you can also optionally add a particular user in your organization for the search. When ready, select Search.
Select an event from the list to view the audit properties.
This module introduces Microsoft Purview Message Encryption, an online service that’s built on Microsoft Azure Rights Management and includes encryption, identity, and authorization policies to help organizations secure their email. MS-102
Use Microsoft Purview Advanced Message Encryption to extend your email security by setting an expiration date on emails through a custom branded template.