analyzedEmail resource type
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Contains metadata for email messages that are analyzed for security threats.
Methods
| Method | Return type | Description |
|---|---|---|
| List | microsoft.graph.security.analyzedEmail collection | Get a list of analyzedEmail objects and their properties. |
| Get | microsoft.graph.security.analyzedEmail | Read the properties and relationships of an analyzedEmail object. |
| Remediate | None | Remove a potential threat from end users' mailboxes. |
Properties
| Property | Type | Description |
|---|---|---|
| alertIds | String collection | A collection of values that contain the IDs of any alerts associated with the email. |
| attachments | microsoft.graph.security.analyzedEmailAttachment collection | A collection of the attachments in the email. |
| attachmentsCount | Int32 | The number of attachments in the email. |
| authenticationDetails | microsoft.graph.security.analyzedEmailAuthenticationDetail | The authentication details associated with the email. |
| bulkComplaintLevel | String | The bulk complaint level of the email. A higher level is more likely to be spam. |
| contexts | String collection | Provides context of the email. |
| detectionMethods | String collection | The methods of detection used. |
| directionality | microsoft.graph.security.antispamDirectionality | The direction of the emails. The possible values are: unknown, inbound, outbound, intraOrg, unknownFutureValue. |
| distributionList | String | The distribution list details to which the email was sent. |
| emailClusterId | String | The identifier for the group of similar emails clustered based on heuristic analysis of their content. |
| exchangeTransportRules | microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo collection | The name of the Exchange transport rules (ETRs) associated with the email. |
| id | String | The ID of an analyzed email. |
| internetMessageId | String | A public-facing identifier for the email that is sent. The message ID is in the format specified by RFC2822. |
| language | String | The detected language of the email content. |
| latestDelivery | microsoft.graph.security.analyzedEmailDeliveryDetail | The latest delivery details of the email. |
| loggedDateTime | DateTimeOffset | Date-time when the email record was logged. |
| networkMessageId | String | An internal identifier for the email generated by Microsoft 365. |
| originalDelivery | microsoft.graph.security.analyzedEmailDeliveryDetail | The original delivery details of the email. |
| overrideSources | String collection | An aggregated list of all overrides with source on email. |
| phishConfidenceLevel | String | The phish confidence level associated with the email |
| policy | String | The action policy that took effect. |
| policyAction | String | The action taken on the email based on the configured policy. |
| recipientEmailAddress | String | Contains the email address of the recipient. |
| returnPath | String | A field that indicates where and how bounced emails are processed. |
| senderDetail | microsoft.graph.security.analyzedEmailSenderDetail | Sender details of the email. |
| sizeInBytes | Int32 | Size of the email in bytes. |
| spamConfidenceLevel | String | Spam confidence of the email. |
| subject | String | Subject of the email. |
| threatTypes | microsoft.graph.security.threatType collection | Indicates the threat types. The possible values are: unknown, spam, malware, phish, none, unknownFutureValue. |
| urls | microsoft.graph.security.analyzedEmailUrl collection | A collection of the URLs in the email. |
| urlsCount | Int32 | The number of URLs in the email. |
antispamDirectionality values
| Member |
|---|
| unknown |
| inbound |
| outbound |
| intraOrg |
| unknownFutureValue |
threatType values
| Member |
|---|
| unknown |
| spam |
| malware |
| phish |
| none |
| unknownFutureValue |
remediationSeverity values
| Member |
|---|
| low |
| medium |
| high |
| unknownFutureValue |
remediationAction values
| Member |
|---|
| moveToJunk |
| moveToInbox |
| hardDelete |
| softDelete |
| moveToDeletedItems |
| unknownFutureValue |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.analyzedEmail",
"id": "String (identifier)",
"loggedDateTime": "String (timestamp)",
"networkMessageId": "String",
"internetMessageId": "String",
"senderDetail": {
"@odata.type": "microsoft.graph.security.analyzedEmailSenderDetail"
},
"recipientEmailAddress": "String",
"distributionList": "String",
"subject": "String",
"returnPath": "String",
"directionality": "microsoft.graph.security.antispamDirectionality",
"originalDelivery": {
"@odata.type": "microsoft.graph.security.analyzedEmailDeliveryDetail"
},
"latestDelivery": {
"@odata.type": "microsoft.graph.security.analyzedEmailDeliveryDetail"
},
"attachmentsCount": "Integer",
"attachments": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailAttachment"
}
],
"urlsCount": "Integer",
"urls": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailUrl"
}
],
"language": "String",
"sizeInBytes": "Integer",
"alertIds": [
"String"
],
"exchangeTransportRules": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo"
}
],
"overrideSources": [
"String"
],
"threatTypes": [
"microsoft.graph.security.threatType"
],
"detectionMethods": [
"String"
],
"contexts": [
"String"
],
"authenticationDetails": {
"@odata.type": "microsoft.graph.security.analyzedEmailAuthenticationDetail"
},
"phishConfidenceLevel": "String",
"spamConfidenceLevel": "String",
"bulkComplaintLevel": "String",
"emailClusterId": "String",
"policyAction": "String",
"policy": "String"
}