Jan 17 2023 11:40 AM
I'm working with a client who use customized Anti-Spam policy settings, and are considering moving over to the Standard Preset Policies instead. One difference between the two things is that their current config only does MoveToJmf for HighConfidenceSpam, while Standard preset does Quarantine. They would like to know how many spam vs highconfidencespam they're getting.
I find no report options (GUI/PowerShell) that offer this visiblity. I know that Get-QuarantineMessage / Quarantine GUI both show this level of detail. But nothing else does. Since the Quarantine is only good for Quarantined messages (doesn't help with MoveToJmf'd messages), I'm hoping there is some way to retrieve the SCL score or just the classification of spam or highconfidencespam.
Does anyone know of a way to get this info at scale?
Jan 19 2023 12:58 AM
Hi @Jeremy Bradshaw,
What I usually do is run a query on security.microsoft.com
There, on the left side menu, under "Email & collaboration" you'll find "Explorer".
You can filter there the dates, kind of messages, Original delivery, ( if the message landed on Junk, Inbox, Quarantine... ), and also the detection confidence level. You can also export the result list and get all the data you need in an excel file.
Remember to Customize the columns of the result list in order to visualize exactly what you're looking for.
Hope this helps :)
Have a nice day.
Jan 19 2023 05:11 AM
Jan 19 2023 06:49 AM