命名空间:microsoft.graph.security
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
删除最终用户邮箱中的潜在威胁。
修正是指针对威胁采取规定的作。 此 API 可以触发电子邮件清除作,例如移动到垃圾邮件、移动到已删除的项目、软删除、硬删除或移动到收件箱。 此 API 支持方案和用例,例如 SOAR 集成、playbook 和自动化。 有关详细信息 ,请阅读电子邮件修正、触发作和跟踪作。 如果出现误报,管理员可以采取移动到收件箱作。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
❌ |
❌ |
❌ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
不支持。 |
不支持。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
SecurityAnalyzedMessage.ReadWrite.All |
不可用。 |
HTTP 请求
POST /security/collaboration/analyzedEmails/remediate
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,提供参数的 JSON 表示形式。
下表列出了调用此作时所需的参数。
| 参数 |
类型 |
说明 |
| displayName |
String |
在作中心用作引用的修正的名称。 |
| description |
String |
修正的说明。 |
| severity |
microsoft.graph.security.remediationSeverity |
修正的严重性。 可能的值包括 low、medium、high、unknownFutureValue。 |
| action |
microsoft.graph.security.remediationAction |
支持的移动和删除作的类型。 可能的值包括 moveToJunk、moveToInbox、hardDelete、softDelete、moveToDeletedItems、unknownFutureValue。 |
| remediateSendersCopy |
布尔值 |
对于内部或出站电子邮件,指示是否修正发件人的电子邮件副本。 |
| analyzedEmails |
microsoft.graph.security.analyzedEmail 集合 |
包含已分析电子邮件的 networkMessageId 和 recipientEmailAddress 值。 |
响应
如果成功,此作将 202 Accepted 返回响应代码和标头, Location 其中包含指向跟踪信息的链接。
注意: 可以在 中 https://security.microsoft.com/action-center/history跟踪对作的响应。 若要了解详细信息,请参阅 使用作中心。
示例
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/security/collaboration/analyzedEmails/remediate
Content-Type: application/json
{
"displayName": "Clean up Phish email",
"description": "Delete email",
"severity": "medium",
"action": "softDelete",
"remediateSendersCopy": "false",
"analyzedEmails": [
{
"networkMessageId": "73ca4154-58d8-43d0-a890-08dc18c52e6d",
"recipientEmailAddress": "hannah.jarvis@contoso.com"
},
{
"networkMessageId": "73ca4154-58d8-43d0-a890-08dc18c52e6d",
"recipientEmailAddress": "preston.morales@contoso.com"
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Security.Collaboration.AnalyzedEmails.MicrosoftGraphSecurityRemediate;
using Microsoft.Graph.Beta.Models.Security;
var requestBody = new RemediatePostRequestBody
{
DisplayName = "Clean up Phish email",
Description = "Delete email",
Severity = RemediationSeverity.Medium,
Action = RemediationAction.SoftDelete,
RemediateSendersCopy = false,
AnalyzedEmails = new List<AnalyzedEmail>
{
new AnalyzedEmail
{
NetworkMessageId = "73ca4154-58d8-43d0-a890-08dc18c52e6d",
RecipientEmailAddress = "hannah.jarvis@contoso.com",
},
new AnalyzedEmail
{
NetworkMessageId = "73ca4154-58d8-43d0-a890-08dc18c52e6d",
RecipientEmailAddress = "preston.morales@contoso.com",
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Security.Collaboration.AnalyzedEmails.MicrosoftGraphSecurityRemediate.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphsecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/security"
graphmodelssecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/models/security"
//other-imports
)
requestBody := graphsecurity.NewRemediatePostRequestBody()
displayName := "Clean up Phish email"
requestBody.SetDisplayName(&displayName)
description := "Delete email"
requestBody.SetDescription(&description)
severity := graphmodels.MEDIUM_REMEDIATIONSEVERITY
requestBody.SetSeverity(&severity)
action := graphmodels.SOFTDELETE_REMEDIATIONACTION
requestBody.SetAction(&action)
remediateSendersCopy := false
requestBody.SetRemediateSendersCopy(&remediateSendersCopy)
analyzedEmail := graphmodelssecurity.NewAnalyzedEmail()
networkMessageId := "73ca4154-58d8-43d0-a890-08dc18c52e6d"
analyzedEmail.SetNetworkMessageId(&networkMessageId)
recipientEmailAddress := "hannah.jarvis@contoso.com"
analyzedEmail.SetRecipientEmailAddress(&recipientEmailAddress)
analyzedEmail1 := graphmodelssecurity.NewAnalyzedEmail()
networkMessageId := "73ca4154-58d8-43d0-a890-08dc18c52e6d"
analyzedEmail1.SetNetworkMessageId(&networkMessageId)
recipientEmailAddress := "preston.morales@contoso.com"
analyzedEmail1.SetRecipientEmailAddress(&recipientEmailAddress)
analyzedEmails := []graphmodelssecurity.AnalyzedEmailable {
analyzedEmail,
analyzedEmail1,
}
requestBody.SetAnalyzedEmails(analyzedEmails)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Security().Collaboration().AnalyzedEmails().MicrosoftGraphSecurityRemediate().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.security.collaboration.analyzedemails.microsoftgraphsecurityremediate.RemediatePostRequestBody remediatePostRequestBody = new com.microsoft.graph.beta.security.collaboration.analyzedemails.microsoftgraphsecurityremediate.RemediatePostRequestBody();
remediatePostRequestBody.setDisplayName("Clean up Phish email");
remediatePostRequestBody.setDescription("Delete email");
remediatePostRequestBody.setSeverity(com.microsoft.graph.beta.models.security.RemediationSeverity.Medium);
remediatePostRequestBody.setAction(com.microsoft.graph.beta.models.security.RemediationAction.SoftDelete);
remediatePostRequestBody.setRemediateSendersCopy(false);
LinkedList<com.microsoft.graph.beta.models.security.AnalyzedEmail> analyzedEmails = new LinkedList<com.microsoft.graph.beta.models.security.AnalyzedEmail>();
com.microsoft.graph.beta.models.security.AnalyzedEmail analyzedEmail = new com.microsoft.graph.beta.models.security.AnalyzedEmail();
analyzedEmail.setNetworkMessageId("73ca4154-58d8-43d0-a890-08dc18c52e6d");
analyzedEmail.setRecipientEmailAddress("hannah.jarvis@contoso.com");
analyzedEmails.add(analyzedEmail);
com.microsoft.graph.beta.models.security.AnalyzedEmail analyzedEmail1 = new com.microsoft.graph.beta.models.security.AnalyzedEmail();
analyzedEmail1.setNetworkMessageId("73ca4154-58d8-43d0-a890-08dc18c52e6d");
analyzedEmail1.setRecipientEmailAddress("preston.morales@contoso.com");
analyzedEmails.add(analyzedEmail1);
remediatePostRequestBody.setAnalyzedEmails(analyzedEmails);
graphClient.security().collaboration().analyzedEmails().microsoftGraphSecurityRemediate().post(remediatePostRequestBody);
const options = {
authProvider,
};
const client = Client.init(options);
const remediate = {
displayName: 'Clean up Phish email',
description: 'Delete email',
severity: 'medium',
action: 'softDelete',
remediateSendersCopy: 'false',
analyzedEmails: [
{
networkMessageId: '73ca4154-58d8-43d0-a890-08dc18c52e6d',
recipientEmailAddress: 'hannah.jarvis@contoso.com'
},
{
networkMessageId: '73ca4154-58d8-43d0-a890-08dc18c52e6d',
recipientEmailAddress: 'preston.morales@contoso.com'
}
]
};
await client.api('/security/collaboration/analyzedEmails/remediate')
.version('beta')
.post(remediate);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Security\Collaboration\AnalyzedEmails\MicrosoftGraphSecurityRemediate\RemediatePostRequestBody;
use Microsoft\Graph\Beta\Generated\Models\Security\RemediationSeverity;
use Microsoft\Graph\Beta\Generated\Models\Security\RemediationAction;
use Microsoft\Graph\Beta\Generated\Models\Security\AnalyzedEmail;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new RemediatePostRequestBody();
$requestBody->setDisplayName('Clean up Phish email');
$requestBody->setDescription('Delete email');
$requestBody->setSeverity(new RemediationSeverity('medium'));
$requestBody->setAction(new RemediationAction('softDelete'));
$requestBody->setRemediateSendersCopy(false);
$analyzedEmailsAnalyzedEmail1 = new AnalyzedEmail();
$analyzedEmailsAnalyzedEmail1->setNetworkMessageId('73ca4154-58d8-43d0-a890-08dc18c52e6d');
$analyzedEmailsAnalyzedEmail1->setRecipientEmailAddress('hannah.jarvis@contoso.com');
$analyzedEmailsArray []= $analyzedEmailsAnalyzedEmail1;
$analyzedEmailsAnalyzedEmail2 = new AnalyzedEmail();
$analyzedEmailsAnalyzedEmail2->setNetworkMessageId('73ca4154-58d8-43d0-a890-08dc18c52e6d');
$analyzedEmailsAnalyzedEmail2->setRecipientEmailAddress('preston.morales@contoso.com');
$analyzedEmailsArray []= $analyzedEmailsAnalyzedEmail2;
$requestBody->setAnalyzedEmails($analyzedEmailsArray);
$graphServiceClient->security()->collaboration()->analyzedEmails()->microsoftGraphSecurityRemediate()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Security
$params = @{
displayName = "Clean up Phish email"
description = "Delete email"
severity = "medium"
action = "softDelete"
remediateSendersCopy = "false"
analyzedEmails = @(
@{
networkMessageId = "73ca4154-58d8-43d0-a890-08dc18c52e6d"
recipientEmailAddress = "hannah.jarvis@contoso.com"
}
@{
networkMessageId = "73ca4154-58d8-43d0-a890-08dc18c52e6d"
recipientEmailAddress = "preston.morales@contoso.com"
}
)
}
Invoke-MgBetaRemediateSecurityCollaborationAnalyzedEmail -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.security.collaboration.analyzedemails.microsoft_graph_security_remediate.remediate_post_request_body import RemediatePostRequestBody
from msgraph_beta.generated.models.remediation_severity import RemediationSeverity
from msgraph_beta.generated.models.remediation_action import RemediationAction
from msgraph_beta.generated.models.security.analyzed_email import AnalyzedEmail
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = RemediatePostRequestBody(
display_name = "Clean up Phish email",
description = "Delete email",
severity = RemediationSeverity.Medium,
action = RemediationAction.SoftDelete,
remediate_senders_copy = False,
analyzed_emails = [
AnalyzedEmail(
network_message_id = "73ca4154-58d8-43d0-a890-08dc18c52e6d",
recipient_email_address = "hannah.jarvis@contoso.com",
),
AnalyzedEmail(
network_message_id = "73ca4154-58d8-43d0-a890-08dc18c52e6d",
recipient_email_address = "preston.morales@contoso.com",
),
],
)
await graph_client.security.collaboration.analyzed_emails.microsoft_graph_security_remediate.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 202 Accepted
Location: https://security.microsoft.com/action-center/history?filters={"bulkId":["{bulkId}"]}&tid={tid}
Content-Type: application/json;text/plain
Content-Length: 0