Share via

Work with Cloud-based Message Recall

With the new Cloud-based Message Recall, we made major changes to how message recall works in the service. The process of initiating a recall from the Outlook client remains the same. But once the recall is initiated, the Message Recall feature agent intercepts the recall messages and then works to delete the original message from recipient mailboxes. If the option is chosen to replace the message, recall deletes the original message and then Outlook sends the new message, which is processed for normal delivery. Once the recall has been initiated, another email is sent to the mailbox who initiated it with a link to message recall report.

There are two settings that admins can control:

  • Enable or disable the new cloud recall feature.
  • Whether to recall messages that were already read.

Via the Exchange Admin Center:

Screenshot that shows Message Recall from Exchange Admin Center

Via Exchange Online PowerShell:

To connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell.

Set-OrganizationConfig -MessageRecallEnabled <$true | $false> -RecallReadMessagesEnabled <$true | $false>

Tip

The default value is $null (blank), which is equivalent to $true.

The message recall dialog in Outlook states that only unread messages are recalled. This statement is no longer accurate.

Changes take about an hour to take effect. Disabling the new recall experience reverts the organization to the old recall experience.

The recall request message generated by the client has the following properties:

  • The message class is IPM.Outlook.Recall
  • The message subject is "Recall: <Original Subject>"

The Message Recall feature agent intercepts these recall messages and attempts to hard-delete the message from recipient mailboxes. After the original message is successfully hard-deleted, mail Transport drops the Recall message.

When the Recall message is generated, it doesn't show in Sent Items. Instead, the message is immediately moved to the Purges folder under Recoverable Items. A Recall Report is also generated within a few minutes of the recall message being sent. The Recall Report contain a link to check the recall status. Recall status is normally available for each recipient within a few minutes but could take longer for messages with many recipients. The system continues to recall for up to 24 hours.

Important

Recall reports are sent using the address Office365Reports@microsoft.com. Admins should make sure this sender address isn't blocked. If recall reports aren't delivered, use message trace to see if the recall report email message was blocked or quarantined.

Use message trace to verify recall

Recall reports build their information based on message trace data. If the recall report isn't received or doesn't update properly, admins can use message trace to verify the recall status. If the recall was successful or if the recall failed after 24 hours, the Status value is Failed.

For example:

PS C:\> Get-MessageTraceV2 -SenderAddress user@contoso.com

Received               Sender Address     Recipient Address        Subject                                Status
-------------------    ----------------   ----------------------   ------------------------------------   ------
8/14/2023 9:51:20 PM   user@contoso.com   recipient1@contoso.com   Recall: Testing recall functionality   Failed
8/14/2023 9:51:20 PM   user@contoso.com   recipient2@contoso.com   Recall: Testing recall functionality   Failed
8/14/2023 9:51:20 PM   user@contoso.com   recipient3@contoso.com   Recall: Testing recall functionality   Failed

This result is normal. The message is dropped once recall is successful or after it times out (24 hours). The Status value is also Failed for any other message dropped by Transport. Message trace detail shows extra information in the Detail property of the Drop event that confirms whether recall was successful.

For example:

PS C:\> Get-MessageTraceV2 -SenderAddress user@contoso.com -MessageId "<Message ID of recall message>" | Get-MessageTraceDetailV2 -Event Drop | Format-List

Event            : Drop
Action           :
Detail           : Reason: [Stage: OnPromotedEvent][Agent: Transport Message Recall Agent];Message recall process complete, dropping the recall email. Result:Success

The Detail property shows the recall process is complete with the Result value Success.

Tip

You get the MessageId value from the initial message trace results.

If the recall fails after 24 hours or for any other reason, message trace shows the Status value Failed, but the Drop even in the message trace detail shows the Result value Failed.

One limitation with message trace detail in Exchange Online PowerShell is the Sender and Recipient aren't included in the results.

Use the following PowerShell commands to add the sender and recipient values from the message trace results to the message trace detail results. You can output the results to the screen or to a CSV file.

$results = Get-MessageTraceV2 -MessageID "<message ID of recall message>" -StartDate <date> -EndDate <date>

$detail = foreach ($result in $results) {Get-MessageTraceDetailV2 -RecipientAddress $result.recipientaddress -MessageTraceId $result.messagetraceid | select organization, messageid, messagetraceid, date, event, action, detail, data, @{n='SenderAddress';e={$result.senderaddress}}, @{n='RecipientAddress';e={$result.recipientaddress}}}

$detail | Export-Csv "C:\Data\MsgTraceBrid.csv -Append -NoTypeInformation

Limitations

  • The new message recall feature only works within the confines of an organization. You can't recall messages over the internet, or across organizations. For hybrid customers, you also can't recall messages sent to the on-premises Exchange environment from cloud mailboxes.
  • Currently, you can trigger Message Recall only in the Outlook for Windows client.
  • Message Recall doesn't work in Outlook for Windows under the following conditions:  - Outlook is in Online mode.   - Multiple Exchange accounts are configured in the Outlook profile.
  • You can trigger a recall from shared mailboxes or delegated mailboxes with some limitations. See the FAQ section for details.
  • You can trigger a recall for messages sent on behalf of a distribution list. However, the recall report message is sent to all members of the distribution list. Currently, report recipients can't view the recall status report. Doing so requires sign in credentials, which the distribution list doesn't have.

Frequently Asked Questions

Recall for Shared/Delegated mailboxes

Messages sent to shared or delegated mailboxes can be recalled successfully by the sender.

There are two known issues with recall and shared mailboxes:

  • Messages sent from shared or delegated mailboxes can also be recalled. However, the report isn't viewable by the user connected to the shared or delegated mailbox. The report is visible only in a browser. The report requires authentication by the owning mailbox, and you can't sign in as the shared account. Logging in as a user with rights on the mailbox doesn't work.
  • Messages sent via shared or delegated mailboxes in Outlook for Windows are stored in the Sent Items folder of the authenticated user who sent the message. Recall initiated from the message in the Sent Items folder of the authenticated user would be successful (the same status report issue would exist).

Messages sent via shared or delegated mailboxes using Open another mailbox in Outlook on the web (formerly known as Outlook Web App or OWA) are stored in the Sent Items of the shared mailbox. In this scenario, if you open the shared mailbox in the same Outlook profile as the authenticated user via automapping or Open these additional mailboxes, the Recall option is grayed out when you attempt the recall from the Sent Items folder of the shared mailbox. The workaround is to open the shared mailbox in its own Outlook profile.

Do recalls show up for eDiscovery?

For users/mailboxes that have a Litigation or an In-Place Hold, the recalled message shows up in eDiscovery.

Do recalls show up in the mailbox audit logs?

No, not at this time.

Do forwarded messages get recalled?

  • Messages automatically forwarded by a recipient to another mailbox within the same organization can be recalled.
  • Messages that are automatically forwarded outside of the organization can't be recalled.
  • Messages forwarded manually by the recipient can't be recalled.
  • Messages forwarded by Inbox Rule (either forward or redirect) can't be recalled.

Does recall work for encrypted email?

Message Recall isn't available for messages encrypted with OME or using MIP labels. When attempting to recall these messages, the Recall option is greyed out and unavailable. This limitation is in the client and is by design.

I use a non-Microsoft service that requires routing all email (including internal email) through the service. Does recall still work?

As mentioned in the limitations, recall only works within the confines of the organization. Any configuration that requires email sent externally to a non-Microsoft service might encounter issues with recall.

External round-trip recall of intra-tenant messages requires proper configuration of both outbound and inbound connectors. For setup guidance on integrating an add-on service for external round-trip routing, see Scenario: Integrate Microsoft 365 or Office 365 with an email add-on service.

Recall or replace an email message that you sent - Microsoft Support

Exchange Online Message Recall Updates

Cloud-based Message Recall in Exchange Online - Microsoft Community Hub

  • Last updated on