This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 76%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hello,
Is there any other way to submit a email sample to Microsoft other than through the portal? It would be appropriate via Graph API, PowerShell, sending email with sample in attachment to the appropriate address or some other way.
There is a "Email threat submission" API but it seems it's not possible to send a sample to Microsoft, please correct me if I'm wrong.
To clarify, this functionality shown in the screenshot is needed. We want to send samples to Microsoft via app so reporting via the portal or via the phishing button is not a solution.
We do not need feedback on the result of the analysis by Microsoft, this reporting is intended to improve the filtering of unwanted emails (phishing).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 44%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
Did you find a solution to achieve this goal using API, PowerShell?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 3%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET4%3C/text%3E%3C/svg%3E)
Hello
You can also try the method via the threatAssessmentrequests endpoint as documented in article https://learn.microsoft.com/en-us/graph/api/informationprotection-post-threatassessmentrequests?view=graph-rest-1.0&tabs=http.
Thanks.
Hello Sławomir Janiszewski,
Good day. Hope all is well.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Thanks.
Hello Sławomir Janiszewski,
Good day. Hope all is well.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Thanks.
From what I can see in the documentation, that's what I'm looking for. However, there is an error when we try to do it via API although we can create it in the portal without any problems. Even the global admin has the same error.
Same error both when we try to create or list requests.
Thanks for your email. I was able to reproduce the issue via Graph Explorer and Postman using delegate permissions. The problem appears to be with the ThreatAssessment.ReadWrite.All delegate permissions. I would suggest opening a support ticket for the issue. I was however able to use the Postman application via App flow authentication and ThreatAssessment.Read.All application permission to get a successful response. Please see screenshot below:
Please try the above and let us know if this worked for you or not.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Thanks.
Hello Sławomir Janiszewski,
Thanks for reaching out. Email Submission via Graph API is currently in preview. Please refer to below article for more information on the topic.
Please note that APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Thanks.
Thanks for the answer, do you mean request like this?
POST https://graph.microsoft.com/beta/security/threatSubmission/emailThreats
Content-type: application/json
{
"@odata.type": "#microsoft.graph.security.emailContentThreatSubmission",
"category": "spam",
"recipientEmailAddress": "******@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",
"fileContent": "UmVjZWl2ZWQ6IGZyb20gTVcyUFIwME1CMDMxNC5uYW1wcmQwMC....."
}
source:
I used it. Unfortunately, such a sample has not been submitted to Microsoft.
Can it be sent to Microsoft using API/PowerShell?
Hello Sławomir Janiszewski,
Thanks for your reply. Did you receive an error when posting the query or did it return a response with the submission object in the body of the response as documented in the article I sent in the previous email?
Thanks.
There wasn't any error. From what I understand everything worked fine - it created entry in "User reported" tab. This is a User submission and not an admin submission so it hasn't been reported to Microsoft. I would probably have to change the global settings so that every user report is reported to Microsoft, and I don't want that