Get-CompromisedUserDetailReport
This cmdlet is available only in the cloud-based service.
Use the Get-CompromisedUserDetailReport cmdlet to return detailed information about compromised users for the last 10 days.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Get-CompromisedUserDetailReport
[-Action <MultiValuedProperty>]
[-EndDate <System.DateTime>]
[-Page <Int32>]
[-PageSize <Int32>]
[-StartDate <System.DateTime>]
[<CommonParameters>] Description
This cmdlet returns the following information:
- Date
- UserCount
- Action
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Examples
Example 1
Get-CompromisedUserDetailReport -StartDate 06-01-2020 -EndDate 06-10-2020 -Action SuspiciousThis example returns all suspicious user accounts for the specified date range.
Parameters
-Action
The Action parameter filters the results by the compromised user status. Valid values are:
- Restricted
- Suspicious
You can specify multiple values separated by commas.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |
-EndDate
The EndDate parameter specifies the end date of the date range.
Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format MM/dd/yyyy, enter 09/01/2018 to specify September 1, 2018.
| Type: | System.DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |
-Page
This parameter is reserved for internal Microsoft use.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |
-PageSize
The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |
-StartDate
The StartDate parameter specifies the start date of the date range.
Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format MM/dd/yyyy, enter 09/01/2018 to specify September 1, 2018.
A value for this parameter can't be older than 30 days.
| Type: | System.DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |