| Action |
Action taken on the message |
String |
| ActionResult |
Result of the action |
String |
| ActionTrigger |
Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or Dynamic Delivery |
String |
| ActionType |
Type of activity that triggered the event |
String |
| ConfidenceLevel |
List of confidence levels of any spam or phishing verdicts. For spam, this column shows the spam confidence level (SCL), indicating if the email was skipped (-1), found to be not spam (0,1), found to be spam with moderate confidence (5,6), or found to be spam with high confidence (9). For phishing, this column displays whether the confidence level is “High” or “Low”. |
Object |
| DetectionMethods |
Methods used to detect malware, phishing, or other threats found in the email |
Object |
| IsExternalThread |
Indicates if there are external recipients in the thread |
Boolean |
| LatestDeliveryLocation |
Last known location of the message |
String |
| RecipientDetails |
Array of recipient data (RecipientSmtpAddress, RecipientDisplayName, RecipientType, RecipientObjectId) |
Object |
| ReportId |
Unique identifier for the event |
String |
| SafetyTip |
Indicates if a safe tip has been added on the message |
String |
| SenderEmailAddress |
Email address of the sender |
String |
| SourceSystem |
|
String |
| TeamsMessageId |
Unique identifier for the message generated by Office 365 |
String |
| TenantId |
|
String |
| ThreatTypes |
Verdict from the filtering stack on whether the message contains malware, phishing, or other threats |
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the event was recorded |
DateTime |
| Type |
|
String |