emailThreatSubmission resource type

Namespace: microsoft.graph.security

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

An abstract type to report suspected spam, malware or phishing emails to Microsoft Defender for Office 365. You can also submit false positive cases, that shouldn't have been blocked by Microsoft Defender for Office 365, for example, emails incorrectly categorized as junk or spam.

Inherits from threatSubmission. Base type of emailContentThreatSubmission and emailUrlThreatSubmission.

Methods

Method Return type Description
List microsoft.graph.security.emailThreatSubmission collection Get a list of the emailThreatSubmission objects and their properties.
Create microsoft.graph.security.emailThreatSubmission Create a new emailThreatSubmission object.
Get microsoft.graph.security.emailThreatSubmission Read the properties and relationships of an emailThreatSubmission object.
Review None Review threat submission from end user by administrator.

Properties

Property Type Description
attackSimulationInfo security.attackSimulationInfo If the email is phishing simulation, this field won't be null.
internetMessageId String Specifies the internet message ID of the email being submitted. This information is present in the email header.
originalCategory submissionCategory The original category of the submission. The possible values are: notJunk, spam, phishing, malware and unkownFutureValue.
receivedDateTime DateTimeOffset Specifies the date and time stamp when the email was received.
recipientEmailAddress String Specifies the email address (in smtp format) of the recipient who received the email.
sender String Specifies the email address of the sender.
senderIP String Specifies the IP address of the sender.
subject String Specifies the subject of the email.
tenantAllowOrBlockListAction security.tenantAllowOrBlockListAction It's used to automatically add allows for the components such as URL, file, sender; which are deemed bad by Microsoft so that similar messages in the future can be allowed.

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.security.emailThreatSubmission",
  "id": "String (identifier)",
  "tenantId": "String",
  "createdDateTime": "String (timestamp)",
  "contentType": "String",
  "category": "String",
  "source": "String",
  "createdBy": {
    "@odata.type": "microsoft.graph.security.submissionUserIdentity"
  },
  "status": "String",
  "result": {
    "@odata.type": "microsoft.graph.security.submissionResult"
  },
  "adminReview": {
    "@odata.type": "microsoft.graph.security.submissionAdminReview"
  },
  "clientSource": "String",
  "recipientEmailAddress": "String",
  "internetMessageId": "String",
  "subject": "String",
  "sender": "String",
  "senderIP": "String",
  "receivedDateTime": "String (timestamp)",
  "originalCategory": "String",
  "attackSimulationInfo": {
    "@odata.type": "microsoft.graph.security.attackSimulationInfo"
  },
  "tenantAllowOrBlockListAction": {
    "@odata.type": "microsoft.graph.security.tenantAllowOrBlockListAction"
  }
}