We have an email security gateway that alerts us when a malicious email was delivered and later determined to be malicious. The alert contains the internet message ID, and we are ingesting these alerts into Sentinel and creating cases.
I'm trying to use the Delete Email option from the Office 365 Outlook connector. The only input it accepts is "message id" but the internet message ID does not work with this. In troubleshooting, I used the "when an email arrives" trigger from Office 365 Outlook. When I use this trigger, the output has a field called "Id." When I use this as dynamic content with delete email, it works.
Here is an example of the ID output from the trigger:
I have a ticket open to see if there is a way to use the internet message ID with this connector, but I was wondering if anyone had run into this issue yet. The technician is checking with the product group, but recommended using an Azure function app to convert the internet message ID to the message ID recognized by the connector. However, he wasn't certain what method was being used to compute the new ID value or if it was even based off of the internet message ID.