emailThreatSubmission resource type
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
An abstract type to report suspected spam, malware or phishing emails to Microsoft Defender for Office 365. You can also submit false positive cases, that shouldn't have been blocked by Microsoft Defender for Office 365, for example, emails incorrectly categorized as junk or spam.
Inherits from threatSubmission. Base type of emailContentThreatSubmission and emailUrlThreatSubmission.
Methods
| Method | Return type | Description |
|---|---|---|
| List | microsoft.graph.security.emailThreatSubmission collection | Get a list of the emailThreatSubmission objects and their properties. |
| Create | microsoft.graph.security.emailThreatSubmission | Create a new emailThreatSubmission object. |
| Get | microsoft.graph.security.emailThreatSubmission | Read the properties and relationships of an emailThreatSubmission object. |
| Review | None | Review threat submission from end user by administrator. |
Properties
| Property | Type | Description |
|---|---|---|
| attackSimulationInfo | security.attackSimulationInfo | If the email is phishing simulation, this field won't be null. |
| internetMessageId | String | Specifies the internet message ID of the email being submitted. This information is present in the email header. |
| originalCategory | submissionCategory | The original category of the submission. The possible values are: notJunk, spam, phishing, malware and unkownFutureValue. |
| receivedDateTime | DateTimeOffset | Specifies the date and time stamp when the email was received. |
| recipientEmailAddress | String | Specifies the email address (in smtp format) of the recipient who received the email. |
| sender | String | Specifies the email address of the sender. |
| senderIP | String | Specifies the IP address of the sender. |
| subject | String | Specifies the subject of the email. |
| tenantAllowOrBlockListAction | security.tenantAllowOrBlockListAction | It's used to automatically add allows for the components such as URL, file, sender; which are deemed bad by Microsoft so that similar messages in the future can be allowed. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.emailThreatSubmission",
"id": "String (identifier)",
"tenantId": "String",
"createdDateTime": "String (timestamp)",
"contentType": "String",
"category": "String",
"source": "String",
"createdBy": {
"@odata.type": "microsoft.graph.security.submissionUserIdentity"
},
"status": "String",
"result": {
"@odata.type": "microsoft.graph.security.submissionResult"
},
"adminReview": {
"@odata.type": "microsoft.graph.security.submissionAdminReview"
},
"clientSource": "String",
"recipientEmailAddress": "String",
"internetMessageId": "String",
"subject": "String",
"sender": "String",
"senderIP": "String",
"receivedDateTime": "String (timestamp)",
"originalCategory": "String",
"attackSimulationInfo": {
"@odata.type": "microsoft.graph.security.attackSimulationInfo"
},
"tenantAllowOrBlockListAction": {
"@odata.type": "microsoft.graph.security.tenantAllowOrBlockListAction"
}
}