Get-ContentMalwareMdoDetailReport

Reference

Module:: ExchangePowerShell

Applies to:: Exchange Online

This cmdlet is available only in the cloud-based service.

Use the ContentMalwareMdoDetailReport cmdlet to view detection details by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in Microsoft Defender for Office 365.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Get-ContentMalwareMdoDetailReport
   [-DetectionTechnology <MultiValuedProperty>]
   [-EndDate <System.DateTime>]
   [-Page <Int32>]
   [-PageSize <Int32>]
   [-StartDate <System.DateTime>]
   [-Workload <MultiValuedProperty>]
   [<CommonParameters>]

Description

For the specified reporting period, the cmdlet returns the following information:

Date
File Name
Workload
Detection Technology
File Size
Last modifying user

By default, the command returns data for the last 14 days. Data for the last 30 days is available.

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Get-ContentMalwareMdoDetailReport -StartDate 1/1/2022 -EndDate 1/4/2022 -DetectionTechnology AtpSafeAttachment

This example returns the results for detections by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams for the specified date range.

Parameters

-DetectionTechnology

The DetectionTechnology parameter filters the results by what classified the file as malware. Valid values are:

AntiMalware
AtpSafeAttachment
Reputation

You can specify multiple values separated by commas.

Type:	MultiValuedProperty
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False
Applies to:	Exchange Online

-EndDate

The EndDate parameter specifies the end date of the date range.

Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format MM/dd/yyyy, enter 09/01/2021 to specify September 1, 2021.

Type:	System.DateTime
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False
Applies to:	Exchange Online

-Page

The Page parameter specifies the page number of the results you want to view. Valid input for this parameter is an integer between 1 and 1000. The default value is 1.

Type:	Int32
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False
Applies to:	Exchange Online

-PageSize

The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.

Type:	Int32
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False
Applies to:	Exchange Online

-StartDate

The EndDate parameter specifies the start date of the date range.

Type:	System.DateTime
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False
Applies to:	Exchange Online

-Workload

The Workload parameter filters the results by where the detected file is located. Valid values are:

OneDriveForBusiness
SharePoint
Teams