This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 86%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Hi
I am trying to create a new alert policy using the New-ProtectionAlert cmdlet with the following Filter parameters
My questions are:
Thanks
This Tag is mainly dedicated to question related with Exchange online, since your question is related with Office 365, I would suggest you open a service request to confirm with Office 365 team.
Here are my suggestions, it may be useful to you:
The "Mail:IsThreat" is belonged to "Malware", if you want to using it, you need to have this add-on subscription below:
If you are not familiar with PowerShell, you can create this policy in security and compliance center, then use command below to check it:
Get-ProtectionAlert -Identity "YourPolicy" | fl filter
About whether this alter could filter on message header, you can also confirm with the Office 365 team.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi thanks for the reply
I will raise the ticket as you suggest. I have a developer E5 license at the moment but will look to see if I can add either of those add-ons to get a bit further.
Out of interest, what did you enter to get the information about ThreatType: Malware?
Thanks
Just the "-ThreatType" in "New-ProtectionAlert"