analyzedEmail resource type

Namespace: microsoft.graph.security

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Contains metadata for email messages that are analyzed for security threats.

Methods

Method Return type Description
List microsoft.graph.security.analyzedEmail collection Get a list of analyzedEmail objects and their properties.
Get microsoft.graph.security.analyzedEmail Read the properties and relationships of an analyzedEmail object.
Remediate None Remove a potential threat from end users' mailboxes.

Properties

Property Type Description
alertIds String collection A collection of values that contain the IDs of any alerts associated with the email.
attachments microsoft.graph.security.analyzedEmailAttachment collection A collection of the attachments in the email.
attachmentsCount Int32 The number of attachments in the email.
authenticationDetails microsoft.graph.security.analyzedEmailAuthenticationDetail The authentication details associated with the email.
bulkComplaintLevel String The bulk complaint level of the email. A higher level is more likely to be spam.
contexts String collection Provides context of the email.
detectionMethods String collection The methods of detection used.
directionality microsoft.graph.security.antispamDirectionality The direction of the emails. The possible values are: unknown, inbound, outbound, intraOrg, unknownFutureValue.
distributionList String The distribution list details to which the email was sent.
emailClusterId String The identifier for the group of similar emails clustered based on heuristic analysis of their content.
exchangeTransportRules microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo collection The name of the Exchange transport rules (ETRs) associated with the email.
id String The ID of an analyzed email.
internetMessageId String A public-facing identifier for the email that is sent. The message ID is in the format specified by RFC2822.
language String The detected language of the email content.
latestDelivery microsoft.graph.security.analyzedEmailDeliveryDetail The latest delivery details of the email.
loggedDateTime DateTimeOffset Date-time when the email record was logged.
networkMessageId String An internal identifier for the email generated by Microsoft 365.
originalDelivery microsoft.graph.security.analyzedEmailDeliveryDetail The original delivery details of the email.
overrideSources String collection An aggregated list of all overrides with source on email.
phishConfidenceLevel String The phish confidence level associated with the email
policy String The action policy that took effect.
policyAction String The action taken on the email based on the configured policy.
recipientEmailAddress String Contains the email address of the recipient.
returnPath String A field that indicates where and how bounced emails are processed.
senderDetail microsoft.graph.security.analyzedEmailSenderDetail Sender details of the email.
sizeInBytes Int32 Size of the email in bytes.
spamConfidenceLevel String Spam confidence of the email.
subject String Subject of the email.
threatTypes microsoft.graph.security.threatType collection Indicates the threat types. The possible values are: unknown, spam, malware, phish, none, unknownFutureValue.
urls microsoft.graph.security.analyzedEmailUrl collection A collection of the URLs in the email.
urlsCount Int32 The number of URLs in the email.

antispamDirectionality values

Member
unknown
inbound
outbound
intraOrg
unknownFutureValue

threatType values

Member
unknown
spam
malware
phish
none
unknownFutureValue

remediationSeverity values

Member
low
medium
high
unknownFutureValue

remediationAction values

Member
moveToJunk
moveToInbox
hardDelete
softDelete
moveToDeletedItems
unknownFutureValue

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.security.analyzedEmail",
  "id": "String (identifier)",
  "loggedDateTime": "String (timestamp)",
  "networkMessageId": "String",
  "internetMessageId": "String",
  "senderDetail": {
    "@odata.type": "microsoft.graph.security.analyzedEmailSenderDetail"
  },
  "recipientEmailAddress": "String",
  "distributionList": "String",
  "subject": "String",
  "returnPath": "String",
  "directionality": "microsoft.graph.security.antispamDirectionality",
  "originalDelivery": {
    "@odata.type": "microsoft.graph.security.analyzedEmailDeliveryDetail"
  },
  "latestDelivery": {
    "@odata.type": "microsoft.graph.security.analyzedEmailDeliveryDetail"
  },
  "attachmentsCount": "Integer",
  "attachments": [
    {
      "@odata.type": "microsoft.graph.security.analyzedEmailAttachment"
    }
  ],
  "urlsCount": "Integer",
  "urls": [
    {
      "@odata.type": "microsoft.graph.security.analyzedEmailUrl"
    }
  ],
  "language": "String",
  "sizeInBytes": "Integer",
  "alertIds": [
    "String"
  ],
  "exchangeTransportRules": [
    {
      "@odata.type": "microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo"
    }
  ],
  "overrideSources": [
    "String"
  ],
  "threatTypes": [
    "microsoft.graph.security.threatType"
  ],
  "detectionMethods": [
    "String"
  ],
  "contexts": [
    "String"
  ],
  "authenticationDetails": {
    "@odata.type": "microsoft.graph.security.analyzedEmailAuthenticationDetail"
  },
  "phishConfidenceLevel": "String",
  "spamConfidenceLevel": "String",
  "bulkComplaintLevel": "String",
  "emailClusterId": "String",
  "policyAction": "String",
  "policy": "String"
}