Work with Cloud-based Message Recall
With the new Cloud-based Message Recall, major changes have been made to the way that message recall works in the service. While the process of initiating a recall from the Outlook client remains the same, once the recall is initiated the Message Recall feature agent will intercept the recall messages and then work to delete the original message from the recipient's mailboxes. If the option is chosen to replace the message, the original message is still deleted by recall and Outlook then just sends the new message, which is processed for delivery normally.
There are two settings that administrators relevant to Message Recall can control. First, administrators can decide whether to allow recalling of messages that have already been read. This can be done either from the Exchange Admin Center or from PowerShell.
Via PowerShell:
Set-OrganizationConfig -RecallReadMessagesEnabled $true/false
Note
Null is default, which functions as true. The Outlook message recall dialog box indicates that only unread messages are recalled. This is no longer accurate, but updating the dialog box is up to the Office team.
Administrators can also completely disable the new cloud recall feature via PowerShell:
Set-OrganizationConfig -MessageRecallEnabled $true/false
Note
Null is default, which functions as true.
Via Exchange Admin Center:
This change takes about an hour to take effect and if disabled, reverts to the old recall experience.
The recall request message that is generated by the client has a message class of IPM.Outlook.Recall, and has a subject of "Recall: <Original Subject>". These recall messages are intercepted by the Message Recall feature agent, which attempts to hard-delete the message from the recipient's mailbox. Once the original message has been successfully hard-deleted, the Recall message is dropped by Transport.
When the Recall message is generated, it doesn't show in Sent Items. Instead, it's immediately moved to the Purges folder under Recoverable Items. A Recall Report is also generated. These reports are generated within a few minutes of the recall message being sent and contain a link to check on the recall status. Recall status is normally available for each recipient within a few minutes but could take longer for messages with many recipients. The system continues to recall for up to 24 hours.
Important
Recall reports are sent using the address Office365Reports@microsoft.com. Administrators should take care not to block this address. If recall reports are not delivered, check message trace to see if the recall report email was blocked or quarantined.
Message Trace can be used to verify if recall is successful
Recall reports build their information based on Message trace data. If the recall report isn't received or doesn't update properly, administrators can use Message Trace to verify recall status. Administrators should know that when querying message trace, if the Recall is successful or if the recall fails after 24 hours the Status would show as Failed.
Example:
PS C:\> Get-MessageTrace -SenderAddress user@contoso.com
| Received | Sender Address | Recipient Address | Subject | Status |
|---|---|---|---|---|
| 8/14/2023 9:51:20 PM | user@contoso.com | recipient1@contoso.com | Recall: Testing recall functionality | Failed |
| 8/14/2023 9:51:20 PM | user@contoso.com | recipient2@contoso.com | Recall: Testing recall functionality | Failed |
| 8/14/2023 9:51:20 PM | user@contoso.com | recipient3@contoso.com | Recall: Testing recall functionality | Failed |
This is normal and occurs because the message is dropped once recall is successful or after it times out (24 hours). You would see the same status for any other message that was dropped by Transport. Specific to Message Recall, Message Trace Detail then shows additional information in the Drop event that allows administrators to confirm whether recall was successful or not.
Example:
Get-MessageTrace -SenderAddress user@contoso.com -MessageId "<Message ID of recall message>" | Get-MessageTraceDetail -Event Drop | fl
Note
The Message ID can be obtained from the initial Message Trace results.
Here you can see that the recall process is complete, with a result of Success:
Event : Drop
Action :
Detail : Reason: [Stage: OnPromotedEvent][Agent: Transport Message Recall Agent];Message recall process complete, dropping the recall email. Result:Success
Note
If the Recall fails after 24 hours or for any other reason, as indicated previously Message Trace will also show Failed, but the Drop event will show Result:Failed.
One limitation with Message Trace Detail in PowerShell is that the Sender and Recipient aren't included. The following PowerShell code can be used to take the sender and recipient from Message Trace results and add them to the Message Trace Detail results. The results can either be output to screen or optionally exported to a CSV file.
$results = Get-MessageTrace -MessageID "<message ID of recall message>" -StartDate <date> -EndDate <date>
$detail = foreach ($result in $results) {Get-MessageTraceDetail -RecipientAddress $result.recipientaddress -MessageTraceId $result.messagetraceid | select organization, messageid, messagetraceid, date, event, action, detail, data, @{n='SenderAddress';e={$result.senderaddress}}, @{n='RecipientAddress';e={$result.recipientaddress}}}
$detail | Export-Csv msgtraceBrid.csv -Append -NoTypeInformation
Limitations
- The new message recall feature only works within the confines of a tenant. You can't recall messages over the internet, or across tenants. For hybrid customers, you also can't recall messages sent to on-premises from cloud mailboxes.
- Message Recall can only be triggered using the Outlook for Windows client. We're working on an API that other email clients can adopt to submit recall requests for Exchange Online recipients.
- Recall supports triggering a recall from a shared mailbox or a delegated mailbox. However, there are some limitations. See the FAQ section for more detail related to shared and delegated mailboxes.
- Recall supports triggering a recall for messages sent on behalf of a distribution list. However, the recall report message is sent to all users of the distribution list. No recipients of the report are able to view the recall status report at this time as doing so requires login credentials, which the DL (distribution list) doesn't have. We expect to address this issue later this year.
Frequently Asked Questions
Recall for Shared/Delegated mailboxes
Messages sent to shared or delegated mailboxes can be recalled successfully by the sender.
There are two known issues with recall and shared mailboxes:
- Messages sent from shared or delegated mailboxes can also be recalled. However, the report won't be viewable by the user connected to the shared/delegated mailbox. The report is only visible in a browser, and as the report requires authentication by the owning mailbox, and you can't log in as the shared account - logging in as the user that has rights on the mailbox doesn't work. We expect to address this issue later this year.
- Messages sent via shared or delegated mailboxes in Outlook Win32 are stored in the Sent Items of the authenticated user that generated the email. In this situation, Recall initiated from the message resting within the Sent Items folder of the authenticated user would be successful (the same status report issue would exist).
On the other hand, messages sent via shared or delegated mailboxes opened from within Outlook Web Access (Open another mailbox) are stored in the Sent Items of the shared mailbox and not the Sent items of the authenticated user. In this scenario, if the shared mailbox is accessed within the same Outlook profile as the authenticated user either via automapping or via "Open these additional mailboxes", when recall is attempted from the Sent Items of the shared mailbox the Recall option is greyed out. The workaround is to open the Shared Mailbox in its own Outlook profile.
Do recalls show up for eDiscovery?
For users/mailboxes that have a Litigation or an In-Place Hold, the recalled message shows up in eDiscovery.
Do recalls show up in the mailbox audit logs?
No, not at this time. We plan to address this in a future update.
Do forwarded messages get recalled?
Messages automatically forwarded by a recipient to another mailbox within the same organization can be recalled. Messages that are automatically forwarded outside of the organization can't be recalled. Messages forwarded manually by the recipient can't be recalled. Additionally, messages forwarded by Inbox Rule (either forward or redirect) can't be recalled.
Does recall work for encrypted email?
Message Recall is not available for messages encrypted with OME or using MIP labels. When attempting to recall these messages, the recall option will be greyed out and unavailable. This is a client-side limitation and is by design.
I use a third party product that requires routing all email (including Internal) through them. Does recall still work?
As mentioned in the limitations, recall only works within the confines of the tenant. Any configuration that requires email being sent externally to a third party may encounter issues with recall. For example, it's possible that the recall itself may be successful but the recall report indicates Failed in this scenario because Message Trace shows a SEND EXTERNAL event.
Recommended articles
Recall or replace an email message that you sent - Microsoft Support
Cloud-based Message Recall in Exchange Online - Microsoft Community Hub