cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Reporting on EOP/MDO Spam Confidence Levels of "Moved to Junk" and Quarantined messages

Jeremy Bradshaw
Steel Contributor

‎Jan 17 2023 11:40 AM

‎Jan 17 2023 11:40 AM

Reporting on EOP/MDO Spam Confidence Levels of "Moved to Junk" and Quarantined messages

I'm working with a client who use customized Anti-Spam policy settings, and are considering moving over to the Standard Preset Policies instead.  One difference between the two things is that their current config only does MoveToJmf for HighConfidenceSpam, while Standard preset does Quarantine.  They would like to know how many spam vs highconfidencespam they're getting.

 

I find no report options (GUI/PowerShell) that offer this visiblity.  I know that Get-QuarantineMessage / Quarantine GUI both show this level of detail.  But nothing else does.  Since the Quarantine is only good for Quarantined messages (doesn't help with MoveToJmf'd messages), I'm hoping there is some way to retrieve the SCL score or just the classification of spam or highconfidencespam.

 

Does anyone know of a way to get this info at scale?

1,142 Views
0 Likes
3 Replies
Reply
3 Replies
FcoManigrasso

‎Jan 19 2023 12:58 AM

‎Jan 19 2023 12:58 AM

Re: Reporting on EOP/MDO Spam Confidence Levels of "Moved to Junk" and Quarantined message

Hi @Jeremy Bradshaw,

What I usually do is run a query on security.microsoft.com

There, on the left side menu, under "Email & collaboration" you'll find "Explorer".

You can filter there the dates, kind of messages, Original delivery, ( if the message landed on Junk, Inbox, Quarantine... ), and also the detection confidence level. You can also export the result list and get all the data you need in an excel file. 

Remember to Customize the columns of the result list in order to visualize exactly what you're looking for.

FcoManigrasso_0-1674118681061.png

Hope this helps :)

Have a nice day.

0 Likes
Reply
Jeremy Bradshaw

‎Jan 19 2023 05:11 AM

‎Jan 19 2023 05:11 AM

Re: Reporting on EOP/MDO Spam Confidence Levels of "Moved to Junk" and Quarantined message

This is a nice to know feature. I just went to check it out and realized it's only available for the phish-specific view. What I'm after is exactly this, but for Spam Confidence Level instead of Phish Confidence Level. Thanks regardless as this is nice to know. Hoping somebody has a trick up their sleeve to get similar capabilities for spam/highconfidencespam.
0 Likes
Reply
FcoManigrasso

‎Jan 19 2023 06:49 AM

‎Jan 19 2023 06:49 AM

Re: Reporting on EOP/MDO Spam Confidence Levels of "Moved to Junk" and Quarantined message

You're right, just tried to filter out SPAM and faced the same scenario. I would give a try to the Get-MailDetailATPReport, ( https://learn.microsoft.com/en-us/powershell/module/exchange/get-maildetailatpreport?view=exchange-p... ). Not tried yet from my side, but I'll do so once I have some time. On the other hand, I'm quite sure that we'll be able to filter out and get that data from the prebuild Office365 Connector in Power-Bi.
0 Likes
Reply