Forum Discussion
Metrics from Defender for O365
I am struggling to reconcile the different sources of information we have about the activities of Defender on our tenancy. If I compare the following EXO PowerShell and KQL, I get answers that do not...
ExMSW4319 Hi there, I realize this doesn't directly answer your question about the discrepancy in definitions, but have you checked out the mailflow status report? There are a couple of different views that show mail volume as it transits through the various layers of the filtering stack.
- I did look at it briefly, Giulian, and a couple of the other reports too. If anything, it only deepened the mystery. There was a third set of figures that clearly did not match the previous two, almost certainly because of unstated differences in the definitions.
I must admit that I had not seen the current funnel view, which is very useful for clarifying and quantifying the delivery pipeline sequence.- FaithEbenezerOquong
Microsoft
thanks for your feedback here.... we have worked on fixing our cmdlet Get-ATPTotalTrafficReport (https://docs.microsoft.com/en-us/powershell/module/exchange/get-atptotaltrafficreport?view=exchange-ps) . we expect our updated changes to reflect on the cmdlet by July 2022... for now you can leverage the Get-MailTrafficATPReport (https://docs.microsoft.com/en-us/powershell/module/exchange/get-mailtrafficatpreport?view=exchange-ps) for all your report aggregate needs.
please let me know if you have any other questions
