Can logs in Exchange Online be deleted, or is it just hard to find missing emails?

If you're troublefinding it, have the user verify the email. It’s possible they're not on the email list and are relying on forwarded messages from someone else, which can lead to miscommunication. Or, it could be filtered out completely by your email security service.

You might want to narrow down your search by date and time. Users often misremember details about the sender's email address. I faced a situation like this before; turns out the sender was using a different email address than what the user provided, and I found it quarantined because of misconfigurations.

It's more likely that you're missing the email rather than it being deleted. Sometimes, emails can get tricky to track down due to things like aliases or server-side groups. Have you tried looking for it from different angles? Maybe check the mailbox directly instead of filtering by recipients to see if it appears there. Also, it’s important to know why you're searching for it; sometimes users think they received something when they actually didn't.

First IT rule: users can sometimes lie—or simply be mistaken. Always validate what they say with actual logs and data. Checking older emails can also help; gather all the details like sender's address and the timing to locate what you're missing.

Can the user actually show you the email? Remember, people can sometimes misremember details. They might not be lying on purpose, but inaccuracies happen all the time. Double-checking with them could reveal where the confusion is coming from. Also, it's possible the email is going into a shared mailbox or being blocked by email security filters.