Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph.security
Represents a mailbox configuration entity that is reported as part of the security detection alert.
Inherits from alertEvidence, which represents evidence related to an alert.
Properties
| Property | Type | Description |
|---|---|---|
| configurationId | String | The unique identifier of the mailbox configuration. |
| configurationType | microsoft.graph.security.mailboxConfigurationType | The type of mailbox configuration. The possible values are: mailForwardingRule, owaSettings, ewsSettings, mailDelegation, userInboxRule, unknownFutureValue. |
| createdDateTime | DateTimeOffset | The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from alertEvidence. |
| detailedRoles | String collection | Detailed roles of the evidence in the alert. Inherited from alertEvidence. |
| displayName | String | The display name of the mailbox. |
| externalDirectoryObjectId | Guid | The external directory object identifier of the mailbox. |
| mailboxPrimaryAddress | String | The primary email address of the mailbox. |
| remediationStatus | microsoft.graph.security.evidenceRemediationStatus | The status of the remediation action taken. The possible values are: none, remediated, prevented, blocked, notFound, active, pendingApproval, declined, notRemediated, running, unknownFutureValue. Inherited from alertEvidence. |
| remediationStatusDetails | String | Details about the remediation status. Inherited from alertEvidence. |
| roles | microsoft.graph.security.evidenceRole collection | One or more roles that an evidence entity represents in an alert. For example, an IP address that is associated with an attacker has the evidence role Attacker. Inherited from alertEvidence. |
| tags | String collection | Array of custom tags associated with an evidence instance. For example, to denote a group of devices or high value assets. Inherited from alertEvidence. |
| upn | String | The user principal name (UPN) of the mailbox. |
| verdict | microsoft.graph.security.evidenceVerdict | The decision reached by automated investigation. The possible values are: unknown, suspicious, malicious, noThreatsFound, unknownFutureValue. Inherited from alertEvidence. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.mailboxConfigurationEvidence",
"createdDateTime": "String (timestamp)",
"verdict": "String",
"remediationStatus": "String",
"remediationStatusDetails": "String",
"roles": [
"String"
],
"detailedRoles": [
"String"
],
"tags": [
"String"
],
"configurationType": "String",
"mailboxPrimaryAddress": "String",
"displayName": "String",
"upn": "String",
"configurationId": "String",
"externalDirectoryObjectId": "String"
}