Skip to content

Fixing Microsoft 365 Message Trace collection

Microsoft has changed the way Message Trace data is retrieved from Exchange Online. The original Reporting Webservice API that TeskaLabs LogMan.io used for Message Trace collection is being deprecated and replaced by a new Microsoft Graph API. If you collect Microsoft 365 Message Trace logs, you must update your Azure / Entra ID configuration, otherwise Message Trace collection will stop working.

What changed

Microsoft announced that Message Trace support using the Graph API is now generally available and that it replaces the older Message Trace support using the Reporting Webservice API.

The key dates from Microsoft are:

  • Migrate before April 6, 2026 — customers using Message Trace via the Reporting Webservice were advised to move to the Graph API.
  • Deprecation started April 8, 2026 — Message Trace and Message Trace Detail using the Reporting Webservice began deprecating in the Multi Tenant (WW) environment. Other cloud environments have different timelines.

New Microsoft 365 organizations no longer have access to the Reporting Webservice for Message Trace at all.

For TeskaLabs LogMan.io, this means the previous setup based on the ReportingWebService.Read.All permission of Office 365 Exchange Online needs to be replaced with the new Graph-based permission ExchangeMessageTrace.Read.All.

There is one additional twist. Because of the retirement of service principal-less authentication, the new Message Trace Graph API requires that a service principal for Microsoft's first-party Message Trace application exists in your tenant. This is a one-time step that you perform manually.

How to fix your deployment

The following steps update your existing TeskaLabs LogMan.io application registration so that Message Trace collection continues to work using the new Graph API.

1. Add the new Graph permission

  1. Sign in to the Microsoft Entra admin center (formerly Azure Active Directory).
  2. Navigate to Microsoft Entra ID > Manage > App registrations.
  3. Open your existing TeskaLabs LogMan.io application registration.
  4. Select API permissions > Add a permission.
  5. Choose Microsoft Graph > Application permissions.
  6. Search for and select ExchangeMessageTrace.Read.All.
  7. Click Add permissions.

On the API permissions page, click Grant admin consent for <your tenant> and confirm. The status of ExchangeMessageTrace.Read.All should change to Granted.

3. Create the service principal for the Message Trace application

Because of the retirement of service principal-less authentication, you must provision a service principal for Microsoft's first-party Message Trace application (appId 8bd644d1-64a1-4d4b-ae52-2e0cbf64e373) in your tenant.

  1. Open the Microsoft Graph Explorer.
  2. Make sure you are signed in with an administrator account of your tenant.
  3. If needed, open the Modify permissions tab and consent to Application.ReadWrite.All, which is required to create a service principal.
  4. Run the following request:
POST https://graph.microsoft.com/v1.0/servicePrincipals

{
  "appId": "8bd644d1-64a1-4d4b-ae52-2e0cbf64e373"
}

A successful response (HTTP 201 Created) confirms the service principal has been created.

Danger

Provisioning may take several hours to fully propagate on Microsoft's side. If Message Trace collection still returns authorization errors immediately after this step, wait and retry later.

4. Verify

After admin consent has been granted and the service principal has been provisioned, TeskaLabs LogMan.io will resume collecting Message Trace logs on the next refresh interval. No change to the TeskaLabs LogMan.io connection or input configuration is required — the client_id, tenant_id and client_secret stay the same.

A note on throttling

The new Graph API enforces a tenant-level rate limit: a maximum of 100 Message Trace requests per 5-minute window, shared across Message Trace and Message Trace Detail. TeskaLabs LogMan.io stays within this limit with its default refresh interval. If you tuned the refresh interval to a very low value, make sure your overall request rate remains below the threshold.

More information

If you need help updating your deployment, contact TeskaLabs support at support@teskalabs.com.