SecurityAnalyzedMessage.ReadWrite.All
Read email metadata, security detection details, and execute remediation actions like deleting an email, on behalf of the signed in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
SecurityAnalyzedMessage.ReadWrite.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 04c55753-2244-4c25-87fc-704ab82a4f69 | 48eb8c83-6e58-46e7-a6d3-8805822f5940 |
| DisplayText | Read metadata, detection details, and execute remediation actions on all emails in your organization | Read metadata, detection details, and execute remediation actions on emails in your organization |
| Description | Read email metadata and security detection details, and execute remediation actions like deleting an email, without a signed-in user. | Read email metadata, security detection details, and execute remediation actions like deleting an email, on behalf of the signed in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: analyzedEmail
| Property | Type | Description |
|---|---|---|
| alertIds | String collection | A collection of values that contain the IDs of any alerts associated with the email. |
| attachments | microsoft.graph.security.analyzedEmailAttachment collection | A collection of the attachments in the email. |
| attachmentsCount | Int32 | The number of attachments in the email. |
| authenticationDetails | microsoft.graph.security.analyzedEmailAuthenticationDetail | The authentication details associated with the email. |
| bulkComplaintLevel | String | The bulk complaint level of the email. A higher level is more likely to be spam. |
| contexts | String collection | Provides context of the email. |
| detectionMethods | String collection | The methods of detection used. |
| directionality | microsoft.graph.security.antispamDirectionality | The direction of the emails. The possible values are: unknown, inbound, outbound, intraOrg, unknownFutureValue. |
| distributionList | String | The distribution list details to which the email was sent. |
| emailClusterId | String | The identifier for the group of similar emails clustered based on heuristic analysis of their content. |
| exchangeTransportRules | microsoft.graph.security.analyzedEmailExchangeTransportRuleInfo collection | The name of the Exchange transport rules (ETRs) associated with the email. |
| id | String | The ID of an analyzed email. |
| internetMessageId | String | A public-facing identifier for the email that is sent. The message ID is in the format specified by RFC2822. |
| language | String | The detected language of the email content. |
| latestDelivery | microsoft.graph.security.analyzedEmailDeliveryDetail | The latest delivery details of the email. |
| loggedDateTime | DateTimeOffset | Date-time when the email record was logged. |
| networkMessageId | String | An internal identifier for the email generated by Microsoft 365. |
| originalDelivery | microsoft.graph.security.analyzedEmailDeliveryDetail | The original delivery details of the email. |
| overrideSources | String collection | An aggregated list of all overrides with source on email. |
| phishConfidenceLevel | String | The phish confidence level associated with the email |
| policy | String | The action policy that took effect. |
| policyAction | String | The action taken on the email based on the configured policy. |
| recipientEmailAddress | String | Contains the email address of the recipient. |
| returnPath | String | A field that indicates where and how bounced emails are processed. |
| senderDetail | microsoft.graph.security.analyzedEmailSenderDetail | Sender details of the email. |
| sizeInBytes | Int32 | Size of the email in bytes. |
| spamConfidenceLevel | String | Spam confidence of the email. |
| subject | String | Subject of the email. |
| threatTypes | microsoft.graph.security.threatType collection | Indicates the threat types. The possible values are: unknown, spam, malware, phish, none, unknownFutureValue. |
| urls | microsoft.graph.security.analyzedEmailUrl collection | A collection of the URLs in the email. |
| urlsCount | Int32 | The number of URLs in the email. |