Events
17 Mar, 21 - 21 Mar, 10
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowEmailPostDeliveryEvents
Office 365 security events occurred post email delivery to recipient mailbox.
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | No |
| Ingestion-time transformation | Yes |
| Sample Queries | Yes |
| Column | Type | Description |
|---|---|---|
| Action | string | Action taken on the entity |
| ActionResult | string | Result of the action |
| ActionTrigger | string | Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or String Delivery |
| ActionType | string | Type of activity that triggered the event |
| _BilledSize | real | The record size in bytes |
| DeliveryLocation | string | Delivered email location: Inbox/Folder, On-premises/External, Junk, Quarantine, Failed, Dropped, Deleted items |
| DetectionMethods | string | Methods used to detect malware, phishing, or other threats found in the email |
| InternetMessageId | string | Public-facing identifier for the email that is set by the sending email system |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| NetworkMessageId | string | Email unique identifier generated by Office 365 |
| RecipientEmailAddress | string | Recipient email address or email address of the recipient after distribution list expansion |
| ReportId | string | Unique identifier for the event |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| ThreatTypes | string | Verdict from the email filtering stack on whether the email contains malware, phishing, or other threats |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated |
| Type | string | The name of the table |
Additional resources
Training
Module
Enhance your email protection using Microsoft Defender for Office 365 - Training
This module examines how Microsoft Defender for Office 365 extends EOP protection through various tools, including Safe Attachments, Safe Links, spoofed intelligence, spam filtering policies, and the Tenant Allow/Block List.
Certification
Microsoft Certified: Security Operations Analyst Associate - Certifications
Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.