| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AccountUpn |
User Principal Name of the account that clicked on the link. |
String |
| ActionType |
Indicates whether the click was allowed or blocked by ‘safe links’ or blocked due to a tenant policy e.g., from tenant allow block list. |
String |
| DetectionMethods |
Detection technology which was used to identify the threat at the time of click. |
String |
| IPAddress |
Public IP address of the device from which the user clicked on the link. |
String |
| IsClickedThrough |
Indicates whether the user was able to click through to the original URL or was not allowed. |
Boolean |
| NetworkMessageId |
The unique identifier for the email that contains the clicked link, generated by Microsoft 365. |
String |
| ReportId |
This is the unique identifier for a click event. Note that for clickthrough scenarios, report ID would have same value, and therefore it should be used to correlate a click event. |
String |
| SourceSystem |
|
String |
| TenantId |
|
String |
| ThreatTypes |
Verdict at the time of click, which tells whether the URL led to malware, phish or other threats. |
String |
| TimeGenerated |
The date and time when the user clicked on the link. The value is identical to TimeGenerated and intended for Microsoft Defender for Endpoints queries compatibility. |
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
The name of the table |
String |
| Url |
The full URL that was clicked on by the user. |
String |
| UrlChain |
For scenarios involving redirections, it includes URLs present in the redirection chain. |
String |
| Workload |
The application from which the user clicked on the link, with the values being Email, Office and Teams. |
String |