Reporting
3 TopicsRecipientEmailAddress but recipient information BEFORE DL expansion
I'm trying to get a list of the top email recipients in our environment using the EmailEvents table andRecipientEmailAddress in Defender 365/Sentinel. But, as the schema says, RecipientEmailAddress is the "address of the recipient, or email address of the recipient after distribution list expansion" How can I query on recipient info before DL expansion?682Views0likes1CommentReporting on EOP/MDO Spam Confidence Levels of "Moved to Junk" and Quarantined messages
I'm working with a client who use customized Anti-Spam policy settings, and are considering moving over to the Standard Preset Policies instead. One difference between the two things is that their current config only does MoveToJmf for HighConfidenceSpam, while Standard preset does Quarantine. They would like to know how many spam vs highconfidencespam they're getting. I find no report options (GUI/PowerShell) that offer this visiblity. I know that Get-QuarantineMessage / Quarantine GUI both show this level of detail. But nothing else does. Since the Quarantine is only good for Quarantined messages (doesn't help with MoveToJmf'd messages), I'm hoping there is some way to retrieve the SCL score or just the classification of spam or highconfidencespam. Does anyone know of a way to get this info at scale?1.7KViews0likes3CommentsExchange on-premises Message Tracking Logs Analysis
Calling on Exchange admins with scripts (or just commands) to analyze Message Tracking logs. I would like to be able to summarize a days' worth of email that flowed through Exchange Server. It's very hard. In particular, I'm thinking of metrics like these: # of messages (sent / received / total) - and proper counts, not count of each event for each message. Top NN senders Top NN recipients Top NN Subjects, message ID (top anything I suppose) Total Bytes per hour / timerange / etc. Would anybody happen to have some experience with this kind of a chore and be interested in helping me out. I'd love to create a script for this task, and hopefully will, and if I do, I'll definitely share it, and it will be filled with parameters to dial in exactly what we're after, and error handling / other protections to make sure it's robust. For the immediate term, I figured I should come here and check. Thanks in advance.1.5KViews0likes2Comments