Create emailThreatSubmissionPolicy

Namespace: microsoft.graph.security

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Create a new emailThreatSubmissionPolicy object.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) ThreatSubmissionPolicy.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application ThreatSubmissionPolicy.ReadWrite.All Not available.

HTTP request

POST /security/threatSubmission/emailThreatSubmissionPolicies

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply a JSON representation of the emailThreatSubmissionPolicy object.

You can also specify the following properties when creating an emailThreatSubmissionPolicy. These properties are related to the user reported message settings. For details, see User reported message settings.

Property Type Description
customizedNotificationSenderEmailAddress String Specifies the email address of the sender from which email notifications will be sent to end users to inform them whether an email is spam, phish or clean. The default value is null. Optional for creation.
customizedReportRecipientEmailAddress String Specifies the destination where the reported messages from end users will land whenever they report something as phish, junk or not junk. The default value is null. Optional for creation.
isAlwaysReportEnabledForUsers Boolean Indicates whether end users can report a message as spam, phish or junk directly without a confirmation(popup). The default value is true. Optional for creation.
isAskMeEnabledForUsers Boolean Indicates whether end users can confirm using a popup before reporting messages as spam, phish or not junk. The default value is true. Optional for creation.
isCustomizedMessageEnabled Boolean Indicates whether the email notifications sent to end users to inform them if an email is phish, spam or junk is customized or not. The default value is false. Optional for creation.
isCustomizedMessageEnabledForPhishing Boolean If enabled, customized message only shows when email is reported as phishing. The default value is false. Optional for creation.
isCustomizedNotificationSenderEnabled Boolean Indicates whether to use the sender email address set using customizedNotificationSenderEmailAddress for sending email notifications to end users. The default value is false. Optional for creation.
isNeverReportEnabledForUsers Boolean Indicates whether end users can simply move the message from one folder to another based on the action of spam, phish or not junk without actually reporting it. The default value is true. Optional for creation.
isOrganizationBrandingEnabled Boolean Indicates whether the branding logo should be used in the email notifications sent to end users. The default value is false. Optional for creation.
isReportFromQuarantineEnabled Boolean Indicates whether end users can submit from the quarantine page. The default value is true. Optional for creation.
isReportToCustomizedEmailAddressEnabled Boolean Indicates whether emails reported by end users should be send to the custom mailbox configured using customizedReportRecipientEmailAddress. The default value is false. Optional for creation.
isReportToMicrosoftEnabled Boolean If enabled, the email will be sent to Microsoft for analysis. The default value is false. Requried for creation.
isReviewEmailNotificationEnabled Boolean Indicates whether an email notification is sent to the end user who reported the email when it has been reviewed by the admin. The default value is false. Optional for creation.

Response

If successful, this method returns a 201 Created response code and an emailThreatSubmissionPolicy object in the response body.

Examples

Request

The following example shows a request.

POST https://graph.microsoft.com/beta/security/threatSubmission/emailthreatSubmissionPolicies
Content-type: application/json

{
  "isReportToMicrosoftEnabled": true
}

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.security.emailThreatSubmissionPolicy",
  "id": "DefaultReportSubmissionPolicy",
  "isReportToMicrosoftEnabled": true,
  "isReportToCustomizedEmailAddressEnabled": false,
  "isAskMeEnabledForUsers": true,
  "isAlwaysReportEnabledForUsers": true,
  "isNeverReportEnabledForUsers": true,
  "isCustomizedMessageEnabledForPhishing": false,
  "isCustomizedMessageEnabled": false,
  "customizedReportRecipientEmailAddress": null,
  "isReviewEmailNotificationEnabled": false,
  "isCustomNotificationSenderEnabled": false,
  "isOrganizationBrandingEnabled": false,
  "customizedNotificationSenderEmailAddress": null,
  "isReportFromQuarantineEnabled": false
}