| title | analyzedEmail resource type |
|---|---|
| description | Contains metadata for email messages that are analyzed for security threats. |
| author | ajaj-shaikh |
| ms.localizationpriority | medium |
| ms.subservice | security |
| doc_type | resourcePageType |
| ms.date | 05/23/2024 |
Namespace: microsoft.graph.security
[!INCLUDE beta-disclaimer]
Contains metadata for email messages that are analyzed for security threats.
| Method | Return type | Description |
|---|---|---|
| List | microsoft.graph.security.analyzedEmail collection | Get a list of analyzedEmail objects and their properties. |
| Get | microsoft.graph.security.analyzedEmail | Read the properties and relationships of an analyzedEmail object. |
| Remediate | None | Remove a potential threat from end users' mailboxes. |
| Property | Type | Description |
|---|---|---|
| alertIds | String collection | A collection of values that contain the IDs of any alerts associated with the email. |
| attachments | microsoft.graph.security.analyzedEmailAttachment collection | A collection of the attachments in the email. |
| authenticationDetails | microsoft.graph.security.analyzedEmailAuthenticationDetail | The authentication details associated with the email. |
| bulkComplaintLevel | String | The bulk complaint level of the email. A higher level is more likely to be spam. |
| clientType | String | Shows the type of client that sent the message (for example, REST). |
| contexts | String collection | Provides context of the email. |
| detectionMethods | String collection | The methods of detection used. |
| directionality | microsoft.graph.security.antispamDirectionality | The direction of the emails. The possible values are: unknown, inbound, outbound, intraOrg, unknownFutureValue. |
| distributionList | String | The distribution list details to which the email was sent. |
| dlpRules | microsoft.graph.security.analyzedEmailDlpRuleInfo collection | Data loss prevention rules configured in purview. |
| emailClusterId | String | The identifier for the group of similar emails clustered based on heuristic analysis of their content. |
| exchangeTransportRules | microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo collection | The name of the Exchange transport rules (ETRs) associated with the email. |
| forwardingDetail | String | Email smtp forwarding details. |
| id | String | The ID of an analyzed email. |
| inboundConnectorFormattedName | String | Custom instructions name that defines organizational mail flow and how the email was routed. |
| internetMessageId | String | A public-facing identifier for the email that is sent. The message ID is in the format specified by RFC2822. |
| language | String | The detected language of the email content. |
| latestDelivery | microsoft.graph.security.analyzedEmailDeliveryDetail | The latest delivery details of the email. |
| loggedDateTime | DateTimeOffset | Date-time when the email record was logged. |
| networkMessageId | String | An internal identifier for the email generated by Microsoft 365. |
| originalDelivery | microsoft.graph.security.analyzedEmailDeliveryDetail | The original delivery details of the email. |
| overrideSources | String collection | An aggregated list of all overrides with source on email. |
| phishConfidenceLevel | String | The phish confidence level associated with the email |
| policy | String | The action policy that took effect. |
| policyAction | String | The action taken on the email based on the configured policy. |
| policyType | String | Type of policy configured that defines the delivery action on email. |
| primaryOverrideSource | String | Shows the organization or user setting that altered the intended delivery location of the message (allowed instead of blocked, or blocked instead of allowed). |
| recipientDetail | microsoft.graph.security.analyzedEmailRecipientDetail | Details of the recipients. |
| recipientEmailAddress | String | Contains the email address of the recipient. |
| returnPath | String | A field that indicates where and how bounced emails are processed. |
| senderDetail | microsoft.graph.security.analyzedEmailSenderDetail | Sender details of the email. |
| sizeInBytes | Int32 | Size of the email in bytes. |
| spamConfidenceLevel | String | Spam confidence of the email. |
| subject | String | Subject of the email. |
| threatTypes | microsoft.graph.security.threatType collection | Indicates the threat types. The possible values are: unknown, spam, malware, phish, none, unknownFutureValue. |
| timelineEvents | microsoft.graph.security.timelineEvent collection | Delivery and post-delivery events that happened to the email. |
| threatDetectionDetails | microsoft.graph.security.threatDetectionDetail collection | Information about threats detected in the email. |
| urls | microsoft.graph.security.analyzedEmailUrl collection | A collection of the URLs in the email. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.analyzedEmail",
"id": "String (identifier)",
"loggedDateTime": "String (timestamp)",
"networkMessageId": "String",
"internetMessageId": "String",
"senderDetail": {
"@odata.type": "microsoft.graph.security.analyzedEmailSenderDetail"
},
"recipientEmailAddress": "String",
"distributionList": "String",
"subject": "String",
"returnPath": "String",
"directionality": "microsoft.graph.security.antispamDirectionality",
"originalDelivery": {
"@odata.type": "microsoft.graph.security.analyzedEmailDeliveryDetail"
},
"latestDelivery": {
"@odata.type": "microsoft.graph.security.analyzedEmailDeliveryDetail"
},
"attachments": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailAttachment"
}
],
"urls": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailUrl"
}
],
"language": "String",
"sizeInBytes": "Integer",
"alertIds": [
"String"
],
"exchangeTransportRules": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo"
}
],
"overrideSources": [
"String"
],
"threatTypes": [
"microsoft.graph.security.threatType"
],
"detectionMethods": [
"String"
],
"contexts": [
"String"
],
"authenticationDetails": {
"@odata.type": "microsoft.graph.security.analyzedEmailAuthenticationDetail"
},
"phishConfidenceLevel": "String",
"spamConfidenceLevel": "String",
"bulkComplaintLevel": "String",
"emailClusterId": "String",
"policyAction": "String",
"policy": "String",
"timelineEvents": [
{
"@odata.type": "microsoft.graph.security.timelineEvent"
}
],
"threatDetectionDetails": [
{
"@odata.type": "microsoft.graph.security.threatDetectionDetail"
}
],
"primaryOverrideSource": "String",
"inboundConnectorFormattedName": "String",
"policyType": "String",
"clientType": "String",
"dlpRules": [
{
"@odata.type": "microsoft.graph.security.analyzedEmailDlpRuleInfo"
}
],
"forwardingDetail": "String",
"recipientDetail": {
"@odata.type": "microsoft.graph.security.analyzedEmailRecipientDetail"
}
}