How to Use Get-MailTrafficSummaryReport in PowerShell

James Futhey

5 min read
How to Use Get-MailTrafficSummaryReport in PowerShell

In Microsoft Exchange, monitoring and analyzing message traffic is essential for maintaining the health and security of your email environment. The Get-MailTrafficSummaryReport cmdlet provides administrators with summary information about message traffic in your organization for the last 90 days. This report is invaluable for identifying trends, spotting issues, and ensuring compliance with organizational policies.

With the rise of email-based threats such as spam and malware, understanding message traffic can help administrators take proactive measures to protect their users.

Whether it’s tracking the top spam recipients or analyzing the effectiveness of transport rules, the Get-MailTrafficSummaryReport cmdlet serves as a vital tool for Exchange Online administrators.

What is the Get-MailTrafficSummaryReport Cmdlet?

The Get-MailTrafficSummaryReport cmdlet is a specialized command used in Exchange Online PowerShell to view summary information about message traffic for your organization for the last 90 days.

The cmdlet can generate reports that focus on various categories of message traffic, allowing administrators to filter results based on specific criteria.

When you run this cmdlet, you can obtain data on different types of message traffic, including spam, malware, and compliance-related activities. The data returned by this cmdlet is structured in a way that helps administrators quickly assess the state of email traffic within their organization.

Syntax

Here is the official syntax as per Microsoft documentation:


Get-MailTrafficSummaryReport
[-Category <String>]
[-DlpPolicy <MultiValuedProperty>]
[-Domain <MultiValuedProperty>]
[-EndDate <DateTime>]
[-Page <Int32>]
[-PageSize <Int32>]
[-ProbeTag <String>]
[-StartDate <DateTime>]
[-TransportRule <MultiValuedProperty>]
[<CommonParameters>]

Parameters

  • Category - Filters the report by category. Valid values are (copied from Microsoft docs):
  • InboundDLPHits
  • OutboundDLPHits
  • InboundTransportRuleHits
  • OutboundTransportRuleHits
  • InboundDLPPolicyRuleHits
  • OutboundDLPPolicyRuleHits
  • TopSpamRecipient
  • TopMailSender
  • TopMailRecipient
  • TopMalwareRecipient
  • TopMalwareAtpRecipient
  • TopMalware
  • TopPhishRecipient
  • TopPhishAtpRecipient
  • TopIntraOrgRecipient
  • TopIntraOrgSender
  • TopIntraOrgSpamRecipient
  • TopIntraOrgMalwareRecipient
  • TopIntraOrgPhishRecipient
  • TopIntraOrgPhishAtpRecipient
  • TopIntraOrgMalwareAtpRecipient
  • TopComplianceTagActivityCount
  • TopComplianceTagActivityCountByDay.
  • DlpPolicy - Filters the report by the name of the data loss prevention (DLP) policy. You can specify multiple values separated by commas; if a value contains spaces, quote it.
  • Domain - Filters the results by an accepted domain in the cloud-based organization.
  • EndDate - Specifies the end date of the date range for the report.
  • Page - Specifies the page number of the results you want to view.
  • PageSize - Specifies the maximum number of entries per page in the report.
  • ProbeTag - Reserved for internal Microsoft use.
  • StartDate - Specifies the start date of the date range for the report.
  • TransportRule - Filters the report by the name of the transport rule. You can specify multiple values separated by commas; quote values that contain spaces.

Key Differences

The Get-MailTrafficSummaryReport cmdlet stands out from other reporting cmdlets in Exchange Online due to its focus on message traffic over a defined period.

While cmdlets like Get-MailFlowStatusReport may provide insights into the current state of mail flow, Get-MailTrafficSummaryReport offers historical summary data, making it useful for trend analysis and high-level investigations.

The command is available only in the cloud service (Exchange Online / Exchange Online Protection).

Practical Uses

1. Identifying Top Spam Recipients

Understanding who receives the most spam can help administrators take necessary actions to protect users. By running the Get-MailTrafficSummaryReport cmdlet with the TopSpamRecipient category, you can quickly identify the recipients who are targeted most frequently by spam emails.

This information can be used to reinforce spam filters or educate users about avoiding suspicious emails.

2. Monitoring Malware Incidents

Malware poses a significant threat to organizations. By using the cmdlet with the TopMalware category, you can pinpoint which malware types are most frequently detected within your mail flow. This can help in adjusting security measures and ensuring appropriate defenses are in place, such as updating antivirus definitions or modifying filtering rules.

3. Evaluating Transport Rules Effectiveness

Transport rules are essential for enforcing organizational policies regarding email. By examining the InboundTransportRuleHits and OutboundTransportRuleHits categories, administrators can assess how often specific rules are triggered.

This insight allows for adjustments to be made to improve compliance and security measures.

Prerequisites

Before using the Get-MailTrafficSummaryReport cmdlet, ensure the following conditions are satisfied:

  • Service scope: This cmdlet is available only in Exchange Online / Exchange Online Protection (cloud‑based).
  • Permissions / Role: You must be assigned sufficient Exchange role-based access control (RBAC) permissions to run the cmdlet. According to permission‑explorer references, roles that can run Get‑MailTrafficSummaryReport include:
  • View-Only Organization Management
  • Security Reader
  • Compliance Management
  • Other role‑groups may also grant this cmdlet, depending on your tenant’s customization. Use Microsoft’s Find the permissions required to run any Exchange cmdlet to confirm which roles / management role entries your environment uses.
  • PowerShell connectivity: You need to connect to Exchange Online PowerShell with a module that supports the cmdlet (e.g. ExchangeOnlineManagement module).
  • Account context: Use an account with proper Exchange Online Admin privileges or assigned to a role group mentioned above; running with insufficient permissions may result in missing parameters or failures.

How to Use Get-MailTrafficSummaryReport: 6 Practical Uses

The following examples demonstrate how to effectively use the Get-MailTrafficSummaryReport cmdlet in various scenarios. Each example highlights practical applications that can enhance email security and compliance within your organization.

1. View Top Spam Recipients

Command:

Get-MailTrafficSummaryReport -Category TopSpamRecipient -StartDate "01/01/2023" -EndDate "01/31/2023"

This command retrieves statistics for the top spam recipients between January 1 and January 31, 2023. By analyzing this data, administrators can identify users who may need additional training on recognizing spam emails. It also helps in fine-tuning spam filtering settings to better protect users from unwanted emails.

2. Analyze Malware Incidents

Command:

Get-MailTrafficSummaryReport -Category TopMalware -StartDate "01/01/2023" -EndDate "01/31/2023"

Running this command for the specified date range provides insights into the types of malware that have been detected in your organization’s email traffic. Understanding the prevalence of certain malware types enables IT teams to proactively address vulnerabilities and enhance email security measures.

3. Evaluate DLP Policy Impact

Command:

Get-MailTrafficSummaryReport -Category InboundDLPPolicyRuleHits -DlpPolicy "Confidential Data" -StartDate "01/01/2023" -EndDate "01/31/2023"

This command filters results based on a specific DLP policy, allowing you to assess how often this policy was triggered. Evaluating DLP policy effectiveness is important for ensuring sensitive data protection and compliance with regulations.

The data can inform adjustments to DLP rules or training efforts for employees.

4. Review Transport Rule Hits

Command:

Get-MailTrafficSummaryReport -Category InboundTransportRuleHits -TransportRule "Block External Spam" -StartDate "01/01/2023" -EndDate "01/31/2023"

By examining how many times a particular transport rule was triggered, administrators can evaluate its effectiveness. If the "Block External Spam" rule has low hit counts, it may indicate that adjustments are needed to improve its performance.

5. Monitor Mail Traffic for Specific Domains

Command:

Command: Get-MailTrafficSummaryReport -Domain "example.com" -StartDate "01/01/2023" -EndDate "01/31/2023"

This command focuses on a specific domain, allowing administrators to analyze mail traffic patterns associated with it. This is particularly useful for organizations that manage multiple domains or have recently acquired new ones, ensuring that mail flow is consistent and secure across all domains.

6. Page and Size Customization for Reports

Command:

Get-MailTrafficSummaryReport -Category TopMailRecipient -Page 1 -PageSize 500 -StartDate "01/01/2023" -EndDate "01/31/2023"

When dealing with large reports, this command allows administrators to control how many entries are displayed per page. By setting a page size of 500, it becomes easier to navigate through the data, especially when analyzing multiple top senders.

Conclusion

The Get-MailTrafficSummaryReport cmdlet is an essential tool for Exchange Online administrators looking to maintain secure and efficient email environments. By leveraging this cmdlet, organizations can gain insights into message traffic trends, identify areas for improvement, and ensure compliance with internal policies and external regulations.Understanding message traffic not only enhances security but also promotes a more informed and proactive approach to email management within Microsoft 365.