View mail flow reports in the Reports dashboard in Security & Compliance Center

Tip

Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.

Applies to

• Exchange Online Protection
• Microsoft Defender for Office 365 plan 1 and plan 2
• Microsoft 365 Defender

Note

Most of the reports in this article are also available in the Microsoft 365 Defender portal or the Exchange admin center (EAC). For more information, see the following topics:

• Mail flow reports in the new Exchange admin center
• View email security reports in the Microsoft 365 Defender portal

In addition to the mail flow reports that are available in the Mail flow dashboard in the Security & Compliance Center, a variety of additional mail flow reports are available in the Reports dashboard to help you monitor your Microsoft 365 organization.

If you have the necessary permissions, you can view these reports in the Security & Compliance Center at https://protection.office.com by going to Reports > Dashboard. To go directly to the Reports dashboard, open https://protection.office.com/insightdashboard.

Connector report

Note

This report has been replaced by the Inbound messages report and the Outbound messages report in the EAC. For more information, see Inbound messages and Outbound messages reports in the new EAC.

Exchange transport rule report

The Exchange transport rule report shows the effect of mail flow rules (also known as transport rules) on incoming and outgoing messages in your organization.

To view the report, open the Security & Compliance Center at https://protection.office.com, go to Reports > Dashboard and select Exchange Transport rule. To go directly to the report, open https://security.microsoft.com/reports/ETRRuleReport.

Note

The Exchange transport rule report is now available in the EAC. For more information, see Exchange transport rule report in the new EAC.

Forwarding report

Note

The Forwarding report is now available in the EAC. For more information, see Auto forwarded messages report in the new EAC.

Mailflow status report

The Mailflow status report is similar to the Sent and received email report, with additional information about email allowed or blocked on the edge. This is the only report that contains edge protection information, and shows just how much email is blocked before being allowed into the service for evaluation by Exchange Online Protection (EOP). It's important to understand that if a message is sent to five recipients we count it as five different messages and not one message.

To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Mailflow status report. To go directly to the Mail flow status report, open https://security.microsoft.com/reports/mailflowStatusReport.

Note

Clicking on the widget for this report in the Security & Compliance Center (protection.office.com) now takes you to the full report in the Microsoft 365 Defender portal (security.microsoft.com). For details about the report, see Mailflow status report.

Sent and received email report

Note

This report has been replaced by the Mailflow status report.

Top senders and recipients report

The Top senders and recipients shows the top messages senders in your organization, as well as the top recipients for messages that were detected by EOP and Defender for Office 365 protection features.

To view the report, open the Security & Compliance Center at https://protection.office.com, go to Reports > Dashboard and select Top senders and recipients. To go directly to the report, open one of the following URLs:

• Defender for Office 365: https://protection.office.com/TopSenderRecipientsATP
• EOP: https://protection.office.com/TopSenderRecipients

Note

Although clicking on the widget for this report in the Security & Compliance Center takes you to a protection.office.com page, the page content is from the Microsoft 365 Defender portal. For details about the report, see Top senders and recipients report.

What permissions are needed to view these reports?

In order to view and use the reports described in this article, you need to be a member of one of the following role groups in the Security & Compliance Center:

• Organization Management
• Security Administrator
• Security Reader
• Global Reader

For more information, see Permissions in the Security & Compliance Center.

Note

Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions in the Security & Compliance Center and permissions for other features in Microsoft 365. For more information, see About admin roles.

Related topics

Smart reports and insights in the Security & Compliance Center

Mail flow insights in the Security & Compliance Center

View email security reports in the Security & Compliance Center

View reports for Microsoft Defender for Office 365