@microsoft/msgraph-beta-sdk
Version:
Microsoft Graph Beta JavaScript client library
1,103 lines • 1.18 MB
TypeScript
import { type BaseCollectionPaginationCountResponse, type Entity, type Group, type Identity, type IdentitySet, type PhysicalAddress, type PublicError, type ResultInfo, type Site } from '../index.js';
import { type AdditionalDataHolder, type BackedModel, type Duration, type Guid, type Parsable, type ParseNode, type SerializationWriter } from '@microsoft/kiota-abstractions';
export interface AadRiskDetectionAuditRecord extends AuditData, Parsable {
}
export interface Account extends AdditionalDataHolder, BackedModel, Parsable {
/**
* List of the type of action. The possible values are: disable, enable, forcePasswordReset, revokeAllSessions, requireUserToSignInAgain, markUserAsCompromised.
*/
actions?: Action[] | null;
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The account ID.
*/
identifier?: string | null;
/**
* The identityProvider property
*/
identityProvider?: IdentityProvider | null;
/**
* The OdataType property
*/
odataType?: string | null;
}
export type Action = (typeof ActionObject)[keyof typeof ActionObject];
export type ActionAfterRetentionPeriod = (typeof ActionAfterRetentionPeriodObject)[keyof typeof ActionAfterRetentionPeriodObject];
export type ActionSource = (typeof ActionSourceObject)[keyof typeof ActionSourceObject];
export interface AddContentFooterAction extends InformationProtectionAction, Parsable {
/**
* The alignment property
*/
alignment?: ContentAlignment | null;
/**
* Color of the font to use for the footer.
*/
fontColor?: string | null;
/**
* Name of the font to use for the footer.
*/
fontName?: string | null;
/**
* Font size to use for the footer.
*/
fontSize?: number | null;
/**
* The margin of the header from the bottom of the document.
*/
margin?: number | null;
/**
* The contents of the footer itself.
*/
text?: string | null;
/**
* The name of the UI element where the footer should be placed.
*/
uiElementName?: string | null;
}
export interface AddContentHeaderAction extends InformationProtectionAction, Parsable {
/**
* The alignment property
*/
alignment?: ContentAlignment | null;
/**
* Color of the font to use for the header.
*/
fontColor?: string | null;
/**
* Name of the font to use for the header.
*/
fontName?: string | null;
/**
* Font size to use for the header.
*/
fontSize?: number | null;
/**
* The margin of the header from the top of the document.
*/
margin?: number | null;
/**
* The contents of the header itself.
*/
text?: string | null;
/**
* The name of the UI element where the header should be placed.
*/
uiElementName?: string | null;
}
export type AdditionalDataOptions = (typeof AdditionalDataOptionsObject)[keyof typeof AdditionalDataOptionsObject];
export type AdditionalOptions = (typeof AdditionalOptionsObject)[keyof typeof AdditionalOptionsObject];
export interface AddWatermarkAction extends InformationProtectionAction, Parsable {
/**
* Color of the font to use for the watermark.
*/
fontColor?: string | null;
/**
* Name of the font to use for the watermark.
*/
fontName?: string | null;
/**
* Font size to use for the watermark.
*/
fontSize?: number | null;
/**
* The layout property
*/
layout?: WatermarkLayout | null;
/**
* The contents of the watermark itself.
*/
text?: string | null;
/**
* The name of the UI element where the watermark should be placed.
*/
uiElementName?: string | null;
}
export interface AedAuditRecord extends AuditData, Parsable {
}
export interface AiAppInteractionAuditRecord extends AuditData, Parsable {
}
export interface AipFileDeleted extends AuditData, Parsable {
}
export interface AipHeartBeat extends AuditData, Parsable {
}
export interface AipProtectionActionLogRequest extends AuditData, Parsable {
}
export interface AipScannerDiscoverEvent extends AuditData, Parsable {
}
export interface AipSensitivityLabelActionLogRequest extends AuditData, Parsable {
}
export interface AirAdminActionInvestigationData extends AuditData, Parsable {
}
export interface AirInvestigationData extends AuditData, Parsable {
}
export interface AirManualInvestigationData extends AuditData, Parsable {
}
export interface Alert extends Entity, Parsable {
/**
* The adversary or activity group that is associated with this alert.
*/
actorDisplayName?: string | null;
/**
* A collection of other alert properties, including user-defined properties. Any custom details defined in the alert, and any dynamic content in the alert details, are stored here.
*/
additionalDataProperty?: Dictionary | null;
/**
* The ID of the policy that generated the alert, and populated when there is a specific policy that generated the alert, whether configured by a customer or a built-in policy.
*/
alertPolicyId?: string | null;
/**
* URL for the Microsoft 365 Defender portal alert page.
*/
alertWebUrl?: string | null;
/**
* Owner of the alert, or null if no owner is assigned.
*/
assignedTo?: string | null;
/**
* The attack kill-chain category that the alert belongs to. Aligned with the MITRE ATT&CK framework.
*/
category?: string | null;
/**
* Specifies whether the alert represents a true threat. Possible values are: unknown, falsePositive, truePositive, informationalExpectedActivity, unknownFutureValue.
*/
classification?: AlertClassification | null;
/**
* Array of comments created by the Security Operations (SecOps) team during the alert management process.
*/
comments?: AlertComment[] | null;
/**
* Time when Microsoft 365 Defender created the alert.
*/
createdDateTime?: Date | null;
/**
* User defined custom fields with string values.
*/
customDetails?: Dictionary | null;
/**
* String value describing each alert.
*/
description?: string | null;
/**
* Detection technology or sensor that identified the notable component or activity. Possible values are: unknown, microsoftDefenderForEndpoint, antivirus, smartScreen, customTi, microsoftDefenderForOffice365, automatedInvestigation, microsoftThreatExperts, customDetection, microsoftDefenderForIdentity, cloudAppSecurity, microsoft365Defender, azureAdIdentityProtection, manual, microsoftDataLossPrevention, appGovernancePolicy, appGovernanceDetection, unknownFutureValue, microsoftDefenderForCloud, microsoftDefenderForIoT, microsoftDefenderForServers, microsoftDefenderForStorage, microsoftDefenderForDNS, microsoftDefenderForDatabases, microsoftDefenderForContainers, microsoftDefenderForNetwork, microsoftDefenderForAppService, microsoftDefenderForKeyVault, microsoftDefenderForResourceManager, microsoftDefenderForApiManagement, microsoftSentinel, nrtAlerts, scheduledAlerts, microsoftDefenderThreatIntelligenceAnalytics, builtInMl, microsoftThreatIntelligence, microsoftDefenderForAIServices, securityCopilot. Use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: microsoftDefenderForCloud, microsoftDefenderForIoT, microsoftDefenderForServers, microsoftDefenderForStorage, microsoftDefenderForDNS, microsoftDefenderForDatabases, microsoftDefenderForContainers, microsoftDefenderForNetwork, microsoftDefenderForAppService, microsoftDefenderForKeyVault, microsoftDefenderForResourceManager, microsoftDefenderForApiManagement, microsoftSentinel, nrtAlerts, scheduledAlerts, microsoftDefenderThreatIntelligenceAnalytics, builtInMl, microsoftThreatIntelligence, microsoftDefenderForAIServices, securityCopilot.
*/
detectionSource?: DetectionSource | null;
/**
* The ID of the detector that triggered the alert.
*/
detectorId?: string | null;
/**
* Specifies the result of the investigation, whether the alert represents a true attack, and if so, the nature of the attack. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedAccount, phishing, maliciousUserActivity, notMalicious, notEnoughDataToValidate, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.
*/
determination?: AlertDetermination | null;
/**
* Collection of evidence related to the alert.
*/
evidence?: AlertEvidence[] | null;
/**
* The earliest activity associated with the alert.
*/
firstActivityDateTime?: Date | null;
/**
* Unique identifier to represent the incident this alert resource is associated with.
*/
incidentId?: string | null;
/**
* URL for the incident page in the Microsoft 365 Defender portal.
*/
incidentWebUrl?: string | null;
/**
* Information on the current status of the investigation. Possible values are: unknown, terminated, successfullyRemediated, benign, failed, partiallyRemediated, running, pendingApproval, pendingResource, queued, innerFailure, preexistingAlert, unsupportedOs, unsupportedAlertType, suppressedAlert, partiallyInvestigated, terminatedByUser, terminatedBySystem, unknownFutureValue.
*/
investigationState?: InvestigationState | null;
/**
* The oldest activity associated with the alert.
*/
lastActivityDateTime?: Date | null;
/**
* Time when the alert was last updated at Microsoft 365 Defender.
*/
lastUpdateDateTime?: Date | null;
/**
* The attack techniques, as aligned with the MITRE ATT&CK framework.
*/
mitreTechniques?: string[] | null;
/**
* The name of the product which published this alert.
*/
productName?: string | null;
/**
* The ID of the alert as it appears in the security provider product that generated the alert.
*/
providerAlertId?: string | null;
/**
* Recommended response and remediation actions to take in the event this alert was generated.
*/
recommendedActions?: string | null;
/**
* Time when the alert was resolved.
*/
resolvedDateTime?: Date | null;
/**
* The serviceSource property
*/
serviceSource?: ServiceSource | null;
/**
* The severity property
*/
severity?: AlertSeverity | null;
/**
* The status property
*/
status?: AlertStatus | null;
/**
* The system tags associated with the alert.
*/
systemTags?: string[] | null;
/**
* The Microsoft Entra tenant the alert was created in.
*/
tenantId?: string | null;
/**
* The threat associated with this alert.
*/
threatDisplayName?: string | null;
/**
* Threat family associated with this alert.
*/
threatFamilyName?: string | null;
/**
* Brief identifying string value describing the alert.
*/
title?: string | null;
}
export type AlertClassification = (typeof AlertClassificationObject)[keyof typeof AlertClassificationObject];
export interface AlertCollectionResponse extends BaseCollectionPaginationCountResponse, Parsable {
/**
* The value property
*/
value?: Alert[] | null;
}
export interface AlertComment extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The comment text.
*/
comment?: string | null;
/**
* The person or app name that submitted the comment.
*/
createdByDisplayName?: string | null;
/**
* The time when the comment was submitted.
*/
createdDateTime?: Date | null;
/**
* The OdataType property
*/
odataType?: string | null;
}
export type AlertDetermination = (typeof AlertDeterminationObject)[keyof typeof AlertDeterminationObject];
export interface AlertEvidence extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
*/
createdDateTime?: Date | null;
/**
* Detailed description of the entity role/s in an alert. Values are free-form.
*/
detailedRoles?: string[] | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* The remediationStatus property
*/
remediationStatus?: EvidenceRemediationStatus | null;
/**
* Details about the remediation status.
*/
remediationStatusDetails?: string | null;
/**
* The role/s that an evidence entity represents in an alert, for example, an IP address that is associated with an attacker has the evidence role Attacker.
*/
roles?: EvidenceRole[] | null;
/**
* Array of custom tags associated with an evidence instance, for example, to denote a group of devices, high-value assets, etc.
*/
tags?: string[] | null;
/**
* The verdict property
*/
verdict?: EvidenceVerdict | null;
}
export type AlertSeverity = (typeof AlertSeverityObject)[keyof typeof AlertSeverityObject];
export type AlertStatus = (typeof AlertStatusObject)[keyof typeof AlertStatusObject];
export interface AlertTemplate extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* Category assigned to the alert triggered by the custom detection rule.
*/
category?: string | null;
/**
* Description of the alert triggered by the custom detection rule.
*/
description?: string | null;
/**
* Which asset or assets were impacted based on the alert triggered by the custom detection rule.
*/
impactedAssets?: ImpactedAsset[] | null;
/**
* MITRE technique assigned to the alert triggered by the custom detection rule.
*/
mitreTechniques?: string[] | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule.
*/
recommendedActions?: string | null;
/**
* The severity property
*/
severity?: AlertSeverity | null;
/**
* Name of the alert triggered by the custom detection rule.
*/
title?: string | null;
}
export interface AllowFileResponseAction extends Parsable, ResponseAction {
/**
* Device groups to which the actions set in the custom detection rule are applied. More information
*/
deviceGroupNames?: string[] | null;
/**
* The identifier property
*/
identifier?: FileEntityIdentifier[] | null;
}
export interface AmazonResourceEvidence extends AlertEvidence, Parsable {
/**
* The unique identifier for the Amazon account.
*/
amazonAccountId?: string | null;
/**
* The Amazon resource identifier (ARN) for the cloud resource.
*/
amazonResourceId?: string | null;
/**
* The name of the resource.
*/
resourceName?: string | null;
/**
* The type of the resource.
*/
resourceType?: string | null;
}
export interface AnalyzedEmail extends Entity, Parsable {
/**
* A collection of values that contain the IDs of any alerts associated with the email.
*/
alertIds?: string[] | null;
/**
* A collection of the attachments in the email.
*/
attachments?: AnalyzedEmailAttachment[] | null;
/**
* The authentication details associated with the email.
*/
authenticationDetails?: AnalyzedEmailAuthenticationDetail | null;
/**
* The bulk complaint level of the email. A higher level is more likely to be spam.
*/
bulkComplaintLevel?: string | null;
/**
* Shows the type of client that sent the message (for example, REST).
*/
clientType?: string | null;
/**
* Provides context of the email.
*/
contexts?: string[] | null;
/**
* The methods of detection used.
*/
detectionMethods?: string[] | null;
/**
* The direction of the emails. The possible values are: unknown, inbound, outbound, intraOrg, unknownFutureValue.
*/
directionality?: AntispamDirectionality | null;
/**
* The distribution list details to which the email was sent.
*/
distributionList?: string | null;
/**
* Data loss prevention rules configured in purview.
*/
dlpRules?: AnalyzedEmailDlpRuleInfo[] | null;
/**
* The identifier for the group of similar emails clustered based on heuristic analysis of their content.
*/
emailClusterId?: string | null;
/**
* The name of the Exchange transport rules (ETRs) associated with the email.
*/
exchangeTransportRules?: AnalyzedEmailExchangeTransportRuleInfo[] | null;
/**
* Email smtp forwarding details.
*/
forwardingDetail?: string | null;
/**
* Custom instructions name that defines organizational mail flow and how the email was routed.
*/
inboundConnectorFormattedName?: string | null;
/**
* A public-facing identifier for the email that is sent. The message ID is in the format specified by RFC2822.
*/
internetMessageId?: string | null;
/**
* The detected language of the email content.
*/
language?: string | null;
/**
* The latest delivery details of the email.
*/
latestDelivery?: AnalyzedEmailDeliveryDetail | null;
/**
* Date-time when the email record was logged.
*/
loggedDateTime?: Date | null;
/**
* An internal identifier for the email generated by Microsoft 365.
*/
networkMessageId?: string | null;
/**
* The original delivery details of the email.
*/
originalDelivery?: AnalyzedEmailDeliveryDetail | null;
/**
* An aggregated list of all overrides with source on email.
*/
overrideSources?: string[] | null;
/**
* The phish confidence level associated with the email
*/
phishConfidenceLevel?: string | null;
/**
* The action policy that took effect.
*/
policy?: string | null;
/**
* The action taken on the email based on the configured policy.
*/
policyAction?: string | null;
/**
* Type of policy configured that defines the delivery action on email.
*/
policyType?: string | null;
/**
* Shows the organization or user setting that altered the intended delivery location of the message (allowed instead of blocked, or blocked instead of allowed).
*/
primaryOverrideSource?: string | null;
/**
* Details of the recipients.
*/
recipientDetail?: AnalyzedEmailRecipientDetail | null;
/**
* Contains the email address of the recipient.
*/
recipientEmailAddress?: string | null;
/**
* A field that indicates where and how bounced emails are processed.
*/
returnPath?: string | null;
/**
* Sender details of the email.
*/
senderDetail?: AnalyzedEmailSenderDetail | null;
/**
* Size of the email in bytes.
*/
sizeInBytes?: number | null;
/**
* Spam confidence of the email.
*/
spamConfidenceLevel?: string | null;
/**
* Subject of the email.
*/
subject?: string | null;
/**
* Information about threats detected in the email.
*/
threatDetectionDetails?: ThreatDetectionDetail[] | null;
/**
* Indicates the threat types. The possible values are: unknown, spam, malware, phish, none, unknownFutureValue.
*/
threatTypes?: ThreatType[] | null;
/**
* Delivery and post-delivery events that happened to the email.
*/
timelineEvents?: TimelineEvent[] | null;
/**
* A collection of the URLs in the email.
*/
urls?: AnalyzedEmailUrl[] | null;
}
export interface AnalyzedEmailAttachment extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The detonation details of the attachment.
*/
detonationDetails?: DetonationDetails | null;
/**
* Extension of the file.
*/
fileExtension?: string | null;
/**
* The name of the attachment in the email.
*/
fileName?: string | null;
/**
* Size of the file.
*/
fileSize?: number | null;
/**
* The type of the attachment in the email.
*/
fileType?: string | null;
/**
* The threat name associated with the threat type.
*/
malwareFamily?: string | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* The SHA256 file hash of the attachment.
*/
sha256?: string | null;
/**
* Details of entries in tenant allow/block list configured by tenant.
*/
tenantAllowBlockListDetailInfo?: string | null;
/**
* The threat type associated with the attachment. The possible values are: unknown, spam, malware, phishing, none, unknownFutureValue.
*/
threatType?: ThreatType | null;
}
export interface AnalyzedEmailAuthenticationDetail extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* A value used by Microsoft 365 to combine email authentication such as SPF, DKIM, and DMARC, to determine whether the message is authentic.
*/
compositeAuthentication?: string | null;
/**
* DomainKeys identified mail (DKIM). Indicates whether it was pass/fail/soft fail.
*/
dkim?: string | null;
/**
* Domain-based Message Authentication. Indicates whether it was pass/fail/soft fail.
*/
dmarc?: string | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* Sender Policy Framework (SPF). Indicates whether it was pass/fail/soft fail.
*/
senderPolicyFramework?: string | null;
}
export interface AnalyzedEmailCollectionResponse extends BaseCollectionPaginationCountResponse, Parsable {
/**
* The value property
*/
value?: AnalyzedEmail[] | null;
}
export interface AnalyzedEmailDeliveryDetail extends AdditionalDataHolder, BackedModel, Parsable {
/**
* The delivery action of the email. The possible values are: unknown, deliveredToJunk, delivered, blocked, replaced, unknownFutureValue.
*/
action?: DeliveryAction | null;
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* Latest known threat on the email.
*/
latestThreats?: string | null;
/**
* The delivery location of the email. The possible values are: unknown, inboxfolder, junkFolder, deletedFolder, quarantine, onpremexternal, failed, dropped, others, unknownFutureValue.
*/
location?: DeliveryLocation | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* Threats identified at the time of delivery.
*/
originalThreats?: string | null;
}
export interface AnalyzedEmailDlpRuleInfo extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* Name of the the data loss prevention rule.
*/
name?: string | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* Unique identifier of the data loss prevention rule.
*/
ruleId?: string | null;
}
export interface AnalyzedEmailExchangeTransportRuleInfo extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* Name of the Exchange transport rules (ETRs) that are part of the email.
*/
name?: string | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* The ETR rule ID.
*/
ruleId?: string | null;
}
export interface AnalyzedEmailRecipientDetail extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* Recipient address in the cc field.
*/
ccRecipients?: string[] | null;
/**
* Domain name of the recipient.
*/
domainName?: string | null;
/**
* The OdataType property
*/
odataType?: string | null;
}
export interface AnalyzedEmailSenderDetail extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* Display name of sender from address.
*/
displayName?: string | null;
/**
* Date and time of creation of the sender domain.
*/
domainCreationDateTime?: Date | null;
/**
* Registered name of the domain.
*/
domainName?: string | null;
/**
* Owner of the domain.
*/
domainOwner?: string | null;
/**
* The sender email address in the mail From header, also known as the envelope sender or the P1 sender.
*/
fromAddress?: string | null;
/**
* The IPv4 address of the last detected mail server that relayed the message.
*/
ipv4?: string | null;
/**
* Location of the domain.
*/
location?: string | null;
/**
* The sender email address in the From header, which is visible to email recipients on their email clients. Also known as P2 sender.
*/
mailFromAddress?: string | null;
/**
* Domain name of sender mail from address.
*/
mailFromDomainName?: string | null;
/**
* The OdataType property
*/
odataType?: string | null;
}
export interface AnalyzedEmailUrl extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The method used to detect threats in the URL.
*/
detectionMethod?: string | null;
/**
* Detonation data associated with the URL.
*/
detonationDetails?: DetonationDetails | null;
/**
* The OdataType property
*/
odataType?: string | null;
/**
* Details of entries in tenant allow/block list configured by tenant.
*/
tenantAllowBlockListDetailInfo?: string | null;
/**
* The type of threat associated with the URL. The possible values are: unknown, spam, malware, phishing, none, unknownFutureValue.
*/
threatType?: ThreatType | null;
/**
* The URL that is found in the email. This is full URL string, including query parameters.
*/
url?: string | null;
}
export interface AnalyzedMessageEvidence extends AlertEvidence, Parsable {
/**
* Direction of the email relative to your network. The possible values are: inbound, outbound or intraorg.
*/
antiSpamDirection?: string | null;
/**
* Number of attachments in the email.
*/
attachmentsCount?: number | null;
/**
* Delivery action of the email. The possible values are: delivered, deliveredAsSpam, junked, blocked, or replaced.
*/
deliveryAction?: string | null;
/**
* Location where the email was delivered. The possible values are: inbox, external, junkFolder, quarantine, failed, dropped, deletedFolder or forwarded.
*/
deliveryLocation?: string | null;
/**
* Public-facing identifier for the email that is set by the sending email system.
*/
internetMessageId?: string | null;
/**
* Detected language of the email content.
*/
language?: string | null;
/**
* Unique identifier for the email, generated by Microsoft 365.
*/
networkMessageId?: string | null;
/**
* The P1 sender.
*/
p1Sender?: EmailSender | null;
/**
* The P2 sender.
*/
p2Sender?: EmailSender | null;
/**
* Date and time when the email was received.
*/
receivedDateTime?: Date | null;
/**
* Email address of the recipient, or email address of the recipient after distribution list expansion.
*/
recipientEmailAddress?: string | null;
/**
* IP address of the last detected mail server that relayed the message.
*/
senderIp?: string | null;
/**
* Subject of the email.
*/
subject?: string | null;
/**
* Collection of methods used to detect malware, phishing, or other threats found in the email.
*/
threatDetectionMethods?: string[] | null;
/**
* Collection of detection names for malware or other threats found.
*/
threats?: string[] | null;
/**
* Number of embedded URLs in the email.
*/
urlCount?: number | null;
/**
* Collection of the URLs contained in this email.
*/
urls?: string[] | null;
/**
* Uniform resource name (URN) of the automated investigation where the cluster was identified.
*/
urn?: string | null;
}
export type AntispamDirectionality = (typeof AntispamDirectionalityObject)[keyof typeof AntispamDirectionalityObject];
export type AntispamTeamsDirection = (typeof AntispamTeamsDirectionObject)[keyof typeof AntispamTeamsDirectionObject];
export type AppCategory = (typeof AppCategoryObject)[keyof typeof AppCategoryObject];
export type AppInfoCsaStarLevel = (typeof AppInfoCsaStarLevelObject)[keyof typeof AppInfoCsaStarLevelObject];
export type AppInfoDataAtRestEncryptionMethod = (typeof AppInfoDataAtRestEncryptionMethodObject)[keyof typeof AppInfoDataAtRestEncryptionMethodObject];
export type AppInfoDataRetentionPolicy = (typeof AppInfoDataRetentionPolicyObject)[keyof typeof AppInfoDataRetentionPolicyObject];
export type AppInfoEncryptionProtocol = (typeof AppInfoEncryptionProtocolObject)[keyof typeof AppInfoEncryptionProtocolObject];
export type AppInfoFedRampLevel = (typeof AppInfoFedRampLevelObject)[keyof typeof AppInfoFedRampLevelObject];
export type AppInfoHolding = (typeof AppInfoHoldingObject)[keyof typeof AppInfoHoldingObject];
export type AppInfoPciDssVersion = (typeof AppInfoPciDssVersionObject)[keyof typeof AppInfoPciDssVersionObject];
export type AppInfoUploadedDataTypes = (typeof AppInfoUploadedDataTypesObject)[keyof typeof AppInfoUploadedDataTypesObject];
export interface ApplyLabelAction extends InformationProtectionAction, Parsable {
/**
* The collection of actions that should be implemented by the caller.
*/
actions?: InformationProtectionAction[] | null;
/**
* The actionSource property
*/
actionSource?: ActionSource | null;
/**
* If the label was the result of an automatic classification, supply the list of sensitive info type GUIDs that resulted in the returned label.
*/
responsibleSensitiveTypeIds?: string[] | null;
/**
* The sensitivityLabelId property
*/
sensitivityLabelId?: string | null;
}
export interface Article extends Entity, Parsable {
/**
* The body property
*/
body?: FormattedContent | null;
/**
* The date and time when this article was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
*/
createdDateTime?: Date | null;
/**
* URL of the header image for this article, used for display purposes.
*/
imageUrl?: string | null;
/**
* Indicators related to this article.
*/
indicators?: ArticleIndicator[] | null;
/**
* Indicates whether this article is currently featured by Microsoft.
*/
isFeatured?: boolean | null;
/**
* The most recent date and time when this article was updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
*/
lastUpdatedDateTime?: Date | null;
/**
* The summary property
*/
summary?: FormattedContent | null;
/**
* Tags for this article, communicating keywords, or key concepts.
*/
tags?: string[] | null;
/**
* The title of this article.
*/
title?: string | null;
}
export interface ArticleCollectionResponse extends BaseCollectionPaginationCountResponse, Parsable {
/**
* The value property
*/
value?: Article[] | null;
}
export interface ArticleIndicator extends Indicator, Parsable {
}
export interface ArticleIndicatorCollectionResponse extends BaseCollectionPaginationCountResponse, Parsable {
/**
* The value property
*/
value?: ArticleIndicator[] | null;
}
export interface Artifact extends Entity, Parsable {
}
export type AssignmentMethod = (typeof AssignmentMethodObject)[keyof typeof AssignmentMethodObject];
export interface AttackSimAdminAuditRecord extends AuditData, Parsable {
}
export interface AttackSimulationInfo extends AdditionalDataHolder, BackedModel, Parsable {
/**
* The date and time of the attack simulation.
*/
attackSimDateTime?: Date | null;
/**
* The duration (in time) for the attack simulation.
*/
attackSimDurationTime?: Duration | null;
/**
* The activity ID for the attack simulation.
*/
attackSimId?: Guid | null;
/**
* The unique identifier for the user who got the attack simulation email.
*/
attackSimUserId?: string | null;
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The OdataType property
*/
odataType?: string | null;
}
export interface AuditCoreRoot extends Entity, Parsable {
/**
* The queries property
*/
queries?: AuditLogQuery[] | null;
}
export interface AuditData extends AdditionalDataHolder, BackedModel, Parsable {
/**
* Stores model information.
*/
backingStoreEnabled?: boolean | null;
/**
* The OdataType property
*/
odataType?: string | null;
}
export interface AuditLogQuery extends Entity, Parsable {
/**
* The administrative units tagged to an audit log record.
*/
administrativeUnitIdFilters?: string[] | null;
/**
* The display name of the saved audit log query.
*/
displayName?: string | null;
/**
* The end date of the date range in the query.
*/
filterEndDateTime?: Date | null;
/**
* The start date of the date range in the query.
*/
filterStartDateTime?: Date | null;
/**
* The IP address of the device that was used when the activity was logged.
*/
ipAddressFilters?: string[] | null;
/**
* Free text field to search non-indexed properties of the audit log.
*/
keywordFilter?: string | null;
/**
* For SharePoint and OneDrive for Business activity, the full path name of the file or folder accessed by the user. For Exchange admin audit logging, the name of the object that was modified by the cmdlet.
*/
objectIdFilters?: string[] | null;
/**
* The name of the user or admin activity. For a description of the most common operations/activities, see Search the audit log in the Office 365 Protection Center.
*/
operationFilters?: string[] | null;
/**
* An individual audit log record.
*/
records?: AuditLogRecord[] | null;
/**
* The type of operation indicated by the record. The possible values are: exchangeAdmin, exchangeItem, exchangeItemGroup, sharePoint, syntheticProbe, sharePointFileOperation, oneDrive, azureActiveDirectory, azureActiveDirectoryAccountLogon, dataCenterSecurityCmdlet, complianceDLPSharePoint, sway, complianceDLPExchange, sharePointSharingOperation, azureActiveDirectoryStsLogon, skypeForBusinessPSTNUsage, skypeForBusinessUsersBlocked, securityComplianceCenterEOPCmdlet, exchangeAggregatedOperation, powerBIAudit, crm, yammer, skypeForBusinessCmdlets, discovery, microsoftTeams, threatIntelligence, mailSubmission, microsoftFlow, aeD, microsoftStream, complianceDLPSharePointClassification, threatFinder, project, sharePointListOperation, sharePointCommentOperation, dataGovernance, kaizala, securityComplianceAlerts, threatIntelligenceUrl, securityComplianceInsights, mipLabel, workplaceAnalytics, powerAppsApp, powerAppsPlan, threatIntelligenceAtpContent, labelContentExplorer, teamsHealthcare, exchangeItemAggregated, hygieneEvent, dataInsightsRestApiAudit, informationBarrierPolicyApplication, sharePointListItemOperation, sharePointContentTypeOperation, sharePointFieldOperation, microsoftTeamsAdmin, hrSignal, microsoftTeamsDevice, microsoftTeamsAnalytics, informationWorkerProtection, campaign, dlpEndpoint, airInvestigation, quarantine, microsoftForms, applicationAudit, complianceSupervisionExchange, customerKeyServiceEncryption, officeNative, mipAutoLabelSharePointItem, mipAutoLabelSharePointPolicyLocation, microsoftTeamsShifts, secureScore, mipAutoLabelExchangeItem, cortanaBriefing, search, wdatpAlerts, powerPlatformAdminDlp, powerPlatformAdminEnvironment, mdatpAudit, sensitivityLabelPolicyMatch, sensitivityLabelAction, sensitivityLabeledFileAction, attackSim, airManualInvestigation, securityComplianceRBAC, userTraining, airAdminActionInvestigation, mstic, physicalBadgingSignal, teamsEasyApprovals, aipDiscover, aipSensitivityLabelAction, aipProtectionAction, aipFileDeleted, aipHeartBeat, mcasAlerts, onPremisesFileShareScannerDlp, onPremisesSharePointScannerDlp, exchangeSearch, sharePointSearch, privacyDataMinimization, labelAnalyticsAggregate, myAnalyticsSettings, securityComplianceUserChange, complianceDLPExchangeClassification, complianceDLPEndpoint, mipExactDataMatch, msdeResponseActions, msdeGeneralSettings, msdeIndicatorsSettings, ms365DCustomDetection, msdeRolesSettings, mapgAlerts, mapgPolicy, mapgRemediation, privacyRemediationAction, privacyDigestEmail, mipAutoLabelSimulationProgress, mipAutoLabelSimulationCompletion, mipAutoLabelProgressFeedback, dlpSensitiveInformationType, mipAutoLabelSimulationStatistics, largeContentMetadata, microsoft365Group, cdpMlInferencingResult, filteringMailMetadata, cdpClassificationMailItem, cdpClassificationDocument, officeScriptsRunAction, filteringPostMailDeliveryAction, cdpUnifiedFeedback, tenantAllowBlockList, consumptionResource, healthcareSignal, dlpImportResult, cdpCompliancePolicyExecution, multiStageDisposition, privacyDataMatch, filteringDocMetadata, filteringEmailFeatures, powerBIDlp, filteringUrlInfo, filteringAttachmentInfo, coreReportingSettings, complianceConnector, powerPlatformLockboxResourceAccessRequest, powerPlatformLockboxResourceCommand, cdpPredictiveCodingLabel, cdpCompliancePolicyUserFeedback, webpageActivityEndpoint, omePortal, cmImprovementActionChange, filteringUrlClick, mipLabelAnalyticsAuditRecord, filteringEntityEvent, filteringRuleHits, filteringMailSubmission, labelExplorer, microsoftManagedServicePlatform, powerPlatformServiceActivity, scorePlatformGenericAuditRecord, filteringTimeTravelDocMetadata, alert, alertStatus, alertIncident, incidentStatus, case, caseInvestigation, recordsManagement, privacyRemediation, dataShareOperation, cdpDlpSensitive, ehrConnector, filteringMailGradingResult, publicFolder, privacyTenantAuditHistoryRecord, aipScannerDiscoverEvent, eduDataLakeDownloadOperation, m365ComplianceConnector, microsoftGraphDataConnectOperation, microsoftPurview, filteringEmailContentFeatures, powerPagesSite, powerAppsResource, plannerPlan, plannerCopyPlan, plannerTask, plannerRoster, plannerPlanList, plannerTaskList, plannerTenantSettings, projectForTheWebProject, projectForTheWebTask, projectForTheWebRoadmap, projectForTheWebRoadmapItem, projectForTheWebProjectSettings, projectForTheWebRoadmapSettings, quarantineMetadata, microsoftTodoAudit, timeTravelFilteringDocMetadata, teamsQuarantineMetadata, sharePointAppPermissionOperation, microsoftTeamsSensitivityLabelAction, filteringTeamsMetadata, filteringTeamsUrlInfo, filteringTeamsPostDeliveryAction, mdcAssessments, mdcRegulatoryComplianceStandards, mdcRegulatoryComplianceControls, mdcRegulatoryComplianceAssessments, mdcSecurityConnectors, mdaDataSecuritySignal, vivaGoals, filteringRuntimeInfo, attackSimAdmin, microsoftGraphDataConnectConsent, filteringAtpDetonationInfo, privacyPortal, managedTenants, unifiedSimulationMatchedItem, unifiedSimulationSummary, updateQuarantineMetadata, ms365DSuppressionRule, purviewDataMapOperation, filteringUrlPostClickAction, irmUserDefinedDetectionSignal, teamsUpdates, plannerRosterSensitivityLabel, ms365DIncident, filteringDelistingMetadata, complianceDLPSharePointClassificationExtended, microsoftDefenderForIdentityAudit, supervisoryReviewDayXInsight, defenderExpertsforXDRAdmin, cdpEdgeBlockedMessage, hostedRpa, cdpContentExplorerAggregateRecord, cdpHygieneAttachmentInfo, cdpHygieneSummary, cdpPostMailDeliveryAction, cdpEmailFeatures, cdpHygieneUrlInfo, cdpUrlClick, cdpPackageManagerHygieneEvent, filteringDocScan, timeTravelFilteringDocScan, mapgOnboard, unknownFutureValue.
*/
recordTypeFilters?: AuditLogRecordType[] | null;
/**
* The serviceFilters property
*/
serviceFilters?: string[] | null;
/**
* Describes the current status of the query. The possible values are: notStarted, running, succeeded, failed, cancelled, unknownFutureValue.
*/
status?: AuditLogQueryStatus | null;
/**
* The UPN (user principal name) of the user who performed the action (specified in the operation property) that resulted in the record being logged; for example, myname@mydomain_name.
*/
userPrincipalNameFilters?: string[] | null;
}
export interface AuditLogQueryCollectionResponse extends BaseCollectionPaginationCountResponse, Parsable {
/**
* The value property
*/
value?: AuditLogQuery[] | null;
}
export type AuditLogQueryStatus = (typeof AuditLogQueryStatusObject)[keyof typeof AuditLogQueryStatusObject];
export interface AuditLogRecord extends Entity, Parsable {
/**
* The administrative units tagged to an audit log record.
*/
administrativeUnits?: string[] | null;
/**
* A JSON object that contains the actual audit log data.
*/
auditData?: AuditData | null;
/**
* The type of operation indicated by the record. The possible values are: exchangeAdmin, exchangeItem, exchangeItemGroup, sharePoint, syntheticProbe, sharePointFileOperation, oneDrive, azureActiveDirectory, azureActiveDirectoryAccountLogon, dataCenterSecurityCmdlet, complianceDLPSharePoint, sway, complianceDLPExchange, sharePointSharingOperation, azureActiveDirectoryStsLogon, skypeForBusinessPSTNUsage, skypeForBusinessUsersBlocked, securityComplianceCenterEOPCmdlet, exchangeAggregatedOperation, powerBIAudit, crm, yammer, skypeForBusinessCmdlets, discovery, microsoftTeams, threatIntelligence, mailSubmission, microsoftFlow, aeD, microsoftStream, complianceDLPSharePointClassification, threatFinder, project, sharePointListOperation, sharePointCommentOperation, dataGovernance, kaizala, securityComplianceAlerts, threatIntelligenceUrl, securityComplianceInsights, mipLabel, workplaceAnalytics, powerAppsApp, powerAppsPlan, threatIntelligenceAtpContent, labelContentExplorer, teamsHealthcare, exchangeItemAggregated, hygieneEvent, dataInsightsRestApiAudit, informationBarrierPolicyApplication, sharePointListItemOperation, sharePointContentTypeOperation, sharePointFieldOperation, microsoftTeamsAdmin, hrSignal, microsoftTeamsDevice, microsoftTeamsAnalytics, informationWorkerProtection, campaign, dlpEndpoint, airInvestigation, quarantine, microsoftForms, applicationAudit, complianceSupervisionExchange, customerKeyServiceEncryption, officeNative, mipAutoLabelSharePointItem, mipAutoLabelSharePointPolicyLocation, microsoftTeamsShifts, secureScore, mipAutoLabelExchangeItem, cortanaBriefing, search, wdatpAlerts, powerPlatformAdminDlp, powerPlatformAdminEnvironment, mdatpAudit, sensitivityLabelPolicyMatch, sensitivityLabelAction, sensitivityLabeledFileAction, attackSim, airManualInvestigation, securityComplianceRBAC, userTraining, airAdminActionInvestigation, mstic, physicalBadgingSignal, teamsEasyApprovals, aipDiscover, aipSensitivityLabelAction, aipProtectionAction, aipFileDeleted, aipHeartBeat, mcasAlerts, onPremisesFileShareScannerDlp, onPremisesSharePointScannerDlp, exchangeSearch, sharePointSearch, privacyDataMinimization, labelAnalyticsAggregate, myAnalyticsSettings, securityComplianceUserChange, complianceDLPExchangeClassification, complianceDLPEndpoint, mipExactDataMatch, msdeResponseActions, msdeGeneralSettings, msdeIndicatorsSettings, ms365DCustomDetection, msdeRolesSettings, mapgAlerts, mapgPolicy, mapgRemediation, privacyRemediationAction, privacyDigestEmail, mipAutoLabelSimulationProgress, mipAutoLabelSimulationCompletion, mipAutoLabelProgressFeedback, dlpSensitiveInformationType, mipAutoLabelSimulationStatistics, largeContentMetadata, microsoft365Group, cdpMlInferencingResult, filteringMailMetadata, cdpClassificationMailItem, cdpClassificationDocument, officeScriptsRunAction, filteringPostMailDeliveryAction, cdpUnifiedFeedback, tenantAllowBlockList, consumptionResource, healthcareSignal, dlpImportResult, cdpCompliancePolicyExecution, multiStageDisposition, privacyDataMatch, filteringDocMetadata, filteringEmailFeatures, powerBIDlp, filteringUrlInfo, filteringAttachmentInfo, coreReportingSettings, complianceConnector, powerPlatformLockboxResourceAccessRequest, powerPlatformLockboxResourceCommand, cdpPredictiveCodingLabel, cdpCompliancePolicyUserFeedback, webpageActivityEndpoint, omePortal, cmImprovementActionChange, filteringUrlClick, mipLabelAnalyticsAuditRecord, filteringEntityEvent, filteringRuleHits, filteringMailSubmission, labelExplorer, microsoftManagedServicePlatform, powerPlatformServiceActivity, scorePlatformGenericAuditRecord, filteringTimeTravelDocMetadata, alert, alertStatus, alertIncident, incidentStatus, case, caseInvestigation, recordsManagement, privacyRemediation, dataShareOperation, cdpDlpSensitive, ehrConnector, filteringMailGradingResult, publicFolder, privacyTenantAuditHistoryRecord, aipScannerDiscoverEvent, eduDataLakeDownloadOperation, m365ComplianceConnector, microsoftGraphDataConnectOperation, microsoftPurview, filteringEmailContentFeatures, powerPagesSite, powerAppsResource, plannerPlan, plannerCopyPlan, plannerTask, plannerRoster, plannerPlanList, plannerTaskList, plannerTenantSettings, projectForTheWebProject, projectForTheWebTask, projectForTheWebRoadmap, projectForTheWebRoadmapItem, projectForTheWebProjectSettings, projectForTheWebRoadmapSettings, quarantineMetadata, microsoftTodoAudit, timeTravelFilteringDocMetadata, teamsQuarantineMetadata, sharePointAppPermissionOperation, microsoftTeamsSensitivityLabelAction, filteringTeamsMetadata, filteringTeamsUrlInfo, filteringTeamsPostDeliveryAction, mdcAssessments, mdcRegulatoryComplianceStandards, mdcRegulatoryComplianceControls, mdcRegulatoryComplianceAssessments, mdcSecurityConnectors, mdaDataSecuritySignal, vivaGoals, filteringRuntimeInfo, attackSimAdmin, microsoftGraphDataConnectConsent, filteringAtpDetonationInfo, privacyPortal, managedTenants, unifiedSimulationMatchedItem, unifiedSimulationSummary, updateQuarantineMetadata, ms365DSuppressionRule, purviewDataMapOperation, filteringUrlPostClickAction, irmUserDefinedDetectionSignal, teamsUpdates, plannerRosterSensitivityLabel, ms365DIncident, filteringDelistingMetadata, complianceDLPSharePointClassificationExtended, microsoftDefenderForIdentityAudit, supervisoryReviewDayXInsight, defenderExpertsforXDRAdmin, cdpEdgeBlockedMessage, hostedRpa, cdpContentExplorerAggregateRecord, cdpHygieneAttachmentInfo, cdpHygieneSummary, cdpPostMailDeliveryAction, cdpEmailFeatures, cdpHygieneUrlInfo, cdpUrlClick, cdpPackageManagerHygieneEvent, filteringDocScan, timeTravelFilteringDocScan, mapgOnboard, unknownFutureValue.
*/
auditLogRecordType?: AuditLogRecordType | null;
/**
* The IP address of the device used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format.
*/
clientIp?: string | null;
/**
* The date and time in UTC when the user performed the activity.
*/
createdDateTime?: Date | null;
/**
* For Exchange admin audit logging, the name of the object modified by the cmdlet. For SharePoint activity, the full URL path name of the file or folder accessed by a user. For Microsoft Entra activity, the name of the user account that was modified.
*/
objectId?: string | null;
/**
* The name of the user or admin activity.
*/
operation?: string | null;
/**
* The GUID for your organization.
*/
organizationId?: string | null;
/**
* The Microsoft 365 service where the activity occurred.
*/
service?: string | null;
/**
* The user who performed the action (specified in the Operation property) that resulted in the record being logged. Audit records for activity performed by system accounts (such as SHAREPOINT/system or NT AUTHORITY/SYSTEM) are also included in the audit log. Another common value for the UserId property is app@sharepoint. It indicates that the 'user' who performed the activity was an application with the necessary permissions in SharePoint to perform organization-wide actions (such as searching a SharePoint site or OneDrive account) on behalf of a user, admin, or service.
*/
userId?: string | null;
/**
* UPN of the user who performed the action.
*/
userPrincipalName?: string | nul