Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Transtport rule raise scl

Frequent Contributor

Hello all


I created a transport rule that raises the scl on bulk emails, and send the emails to the quarantine. How can i quickly identity  emails that were detected by the rule and sent to the quarantine? Does EOP stamp an attribute on the message header? can i find these emails running a report a report in EOP\Defender ?

1 Reply
best response confirmed by Skipster311-1 (Frequent Contributor)
The Get-MailDetailTransportRuleReport gives you a detailed list of all messages processed by transport rules, you can filter it down to specific rules as needed. Message trace details also contain this information. Header will also contain some information, but those are generally harder to get compared to the two aforementioned methods.