A blog for random cybersecurity. networking. infrastructure. notes.
Twitter Linkedin

How to view an email header from Microsoft 365 Defender portal

How to view an email header from Microsoft 365 Defender portal

 

The Problem

Sometimes we need to view Exchange Online (EXO) email header content from emails without accessing the end user’s Outlook or email client for troubleshooting items such as Exchange Online Protection’s Anti-spam message scores. Below, I am going to show you one way I achieve such analysis of the the message header leveraging the GUI. Let’s see how to view email header content from within Microsoft 365 Defender portal.

Access Microsoft 365 Defender website

  1. Send your browser to Microsoft’s 365 Defender portal at https://security.microsoft.com
  2. Select Explore in the Email and collaboration sub-menu
  3. Search for the particular email you wish to target the header analysis. Now we need to Open the email entity, and there are two ways to go about it.
    1. Select the expand icon (small rectangle with the arrow in the upper right corner) in the Subject column
    2. Select the email Subject, then select Open email entity

With the email entity open, you’ll see two blades of information; email details in the left, and four detail options in the right blade. We want to view the Analysis option.

From here, you have the ability to collect the header information you seek, and you have multiple options for doing so. I prefer using Microsoft’s own Message Header Analyzer, because it displays content from the Exchange Online hosted email that some of the other analyzers fail to display. If you wish to use Microsoft’s Message Header Analyzer, you have two ways to go about leveraging the tool.

  1. Select Copy message header link from the right blade
  2. Select the Microsoft Message Header Analyzer link from the far right blade
  3. Head over to https://mha.azurewebsites.net

copy message header

Analyze the email header content

Simply paste the contents we copied from the previous step, and select the Analyze headers button

Anti-Spam message analysis

If you are looking to execute further investigations regarding anti-spam, you can read more here https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide for a breakdown of the various fields within Microsoft’s Header Analyzer.

Other Header Analyzers

There are a few other message header analyzers which you ca leverage, but as I mentioned previously, I prefer Microsoft’s own. Here are a few others I have used in the past.

MXToolbox Email Header Analyzer https://mxtoolbox.com/EmailHeaders.aspx
Google’s Messageheader https://toolbox.googleapps.com/apps/messageheader/
DNSchecker’s Email Header Analyzer https://dnschecker.org/email-header-analyzer.php

Conclusion

You learned one way to collect a message header directly from Microsoft 365 Defender, without the need to access the end user’s email client. I hope you find this helpful.

Do you have a favorite route to collect message header content? Leave a comment below to share with others.

Also, if you found this post helpful, please consider buying a stranger a cup of coffee the next time you are at the cafe

Related Articles

Table of Contents

Categories