4

I would like to use the Microsoft Graph to report suspicious emails on behalf of a user. Precisely, the reports should end up in the User reported messages view in Microsoft Defender.

I know I can create Threat Assessment Request, but that sends the report directly to Microsoft, i.e. reports end up in the Submitted for analysis view. I want to let the tenant admin decide whether to send to Microsoft or not.

In other words, I would like to implement the same feature as this button in Outlook:

enter image description here

How can I achieve this using the Microsoft Graph, or another Microsoft endpoint ?

poiuytrez
  • 21,330
  • 35
  • 113
  • 172
Arnaud P
  • 12,022
  • 7
  • 56
  • 67

1 Answers1

0

Neither v1.0 nor beta of Graph api doesn't support setting policy for threat assessment.

Those operations are only available via the corresponding Exchange Online PowerShell cmdlets

Resources:

Security & Compliance Center PowerShell

New malware filter policy

New anti-phish policy

New safe attachment policy

New safe link policy

user2250152
  • 14,658
  • 4
  • 33
  • 57
  • Thank you for making clear that my request can't be achieved via MS Graph. I am still lost as to what command I should run to achieve my purpose though. I have looked into the `New-AntiPhishPolicy` page for example, but failed to see what parameter I should use. Precisely, I cannot find the text `submission` or `submit` in that page. Would you be able to suggest a specific command ? Thanks – Arnaud P Feb 01 '22 at 09:52
  • @ArnaudP I also cannot find any relevant powershell command. There is also New-AntiPhisRule but without any reference to 'submission' or 'submit'. Still you can ask new question. – user2250152 Feb 01 '22 at 11:10