+|Metric|Definition|

+> [!IMPORTANT]

+>[!NOTE]

+> The OneDrive site URL may not be displayed in related usage reports. To display the site URL, you can use PowerShell. To follow the steps, see [Use PowerShell to resolve site URLs](resolve-site-urls.md).

+ Title: "Use PowerShell to resolve site URLs in reports"

+audience: Admin

+ms.localizationpriority: medium

+- Tier2

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- Adm_NonTOC

+description: "Learn about using PowerShell to resolve site URLs in reports for the Microsoft 365 admin center."

+# Use PowerShell to resolve site URLs in reports

+This article covers how to use PowerShell to display site URLs in reports.

+## How it works

+The Graph API provides an API that allows you to list all the sites within an organization. To use this API, you need to have an application with the Sites.Read.All permission.

+The script invokes this API endpoint to get the mapping between site IDs and site URLs, and then adds the site URLs into the exported CSV reports.

+### Why not use delegated permissions?

+- The /sites/getAllSites API only accepts application permissions.

+- The /sites?search=\* API accepts delegated permissions, but it doesnΓÇÖt return all the sites, even using an admin account.

+## Steps

+To display site URLs using PowerShell, follow these steps.

+### Create an Entra ID Application

+1. Go to [Microsoft Entra admin center](https://entra.microsoft.com/) **>** Applications **>** App registrations.

+2. On the App registrations page, select **New registrations**.

+3. Pick a name for this application, and use the default configuration to register the app.

+Remember, the **client id** and **tenant id** are displayed in the appΓÇÖs **Essentials** section.

+### Add Graph API permission to the app

+In the new applicationΓÇÖs **Request API permissions** page, add the Sites.Read.All permission.

+Then, grant admin consent.

+### Create a client secret

+In the new applicationΓÇÖs **Certificates & secrets** section, create a new client secret. Then, store the **secretΓÇÖs value** in a safe and secure place.

+### Download the reports in Microsoft 365 admin center

+Download the site details report on the two report pages and put the CSV report files under a local folder.

+Before downloading the reports, make sure to turn off the privacy setting for user details. For details, see [Microsoft 365 admin center activity reports](activity-reports.md).

+For SharePoint site usage, go to the [SharePoint site usage page in the Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/reportsUsage/SharePointSiteUsageV1).

+For OneDrive site usage, go to the [OneDrive site usage page in the Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/reportsUsage/OneDriveSiteUsage).

+### Update the reports with site URLs

+To update the reports with site URLs, execute the PowerShell script.

+ ```PowerShell

+ .\Update-Report.ps1 -**tenantId** {tenant id above} -**clientId** {client id above} -**reportPaths** @("file path for report \#1", "file path for report \#2")

+ ```

+To view the full Update-Report PowerShell script, see [Update-Report PowerShell](#update-report-powershell-script).

+The script will ask you to enter the **secretΓÇÖs value** created above.

+After executing the script, new versions of the reports are created with site URLs added.

+### Clean up the environment

+To clean up the environment, go back to the application's **Certificates & secrets** page and delete the secret that was created earlier.

+>[!TIP]

+> Use SSD (Solid State Drive) to improve the IO performance.

+> Execute the script on a machine with enough free/unused memory. The cache takes roughly 2GB for the 15 million sites.

+## Update-Report PowerShell script

+The following is the PowerShell script for Update-Report.

+ ```PowerShell

+ [Parameter(Mandatory=$true)]

+ [string]$tenantId,

+ [Parameter(Mandatory=$true)]

+ [string]$clientId,

+ [Parameter(Mandatory=$false)]

+ [string[]]$reportPaths

+)

+function Get-AccessToken {

+ param(

+ [Parameter(Mandatory=$true)]

+ [string]$tenantId,

+ [Parameter(Mandatory=$true)]

+ [string]$clientId,

+ [Parameter(Mandatory=$true)]

+ [System.Security.SecureString]$clientSecret,

+ [Parameter(Mandatory=$false)]

+ [string]$scope = "https://graph.microsoft.com/.default"

+ )

+ $tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"

+ $tokenRequest = @{

+ client_id = $clientId

+ scope = $scope

+ client_secret = ConvertFrom-SecureString $clientSecret -AsPlainText

+ grant_type = "client_credentials"

+ }

+ $tokenResponse = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $tokenRequest

+ return $tokenResponse.access_token

+}

+ ```

+### Prepare the cache and client secret

+ ```PowerShell

+if ($reportPaths.Count -eq 0) {

+ Write-Host "Please provide at least one report path" -ForegroundColor Red

+ exit

+}

+$cache = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'

+$clientSecret = Read-Host "Please enter client secret" -AsSecureString

+ ```

+### Fetch site info from Graph API

+ ```PowerShell

+Write-Host

+Write-Host "Getting information for all the sites..." -ForegroundColor Cyan

+$uri = "https://graph.microsoft.com/v1.0/sites/getAllSites?`$select=sharepointIds&`$top=10000"

+while ($uri -ne $null) {

+ Write-Host $uri

+ $isSuccess = $false

+ while (-not $isSuccess) {

+ try {

+ $accessToken = Get-AccessToken -tenantId $tenantId -clientId $clientId -clientSecret $clientSecret

+ $restParams = @{Headers=@{Authorization="Bearer $accessToken"}}

+ }

+ catch {

+ Write-Host "Retrying... $($_.Exception.Message)" -ForegroundColor Yellow

+ continue

+ }

+ try {

+ $sites = Invoke-RestMethod $uri @restParams

+ $isSuccess = $true

+ }

+ catch {

+ if ($_.Exception.Response -and $_.Exception.Response.Headers['Retry-After']) {

+ $retryAfter = [int]$_.Exception.Response.Headers['Retry-After']

+ Write-Output "Waiting for $retryAfter seconds before retrying..." -ForegroundColor Yellow

+ Start-Sleep -Seconds $retryAfter

+ }

+ Write-Host "Retrying... $($_.Exception.Message)" -ForegroundColor Yellow

+ continue

+ }

+ }

+ $sites.value | ForEach-Object {

+ $cache[$_.sharepointIds.siteId] = $_.sharepointIds.siteUrl

+ }

+ $uri = $sites."@odata.nextLink"

+ Write-Host "Total sites received: $($cache.Count)"

+}

+ ```

+### Update the report using cached site info

+ ```PowerShell

+foreach ($reportPath in $reportPaths) {

+ Write-Host

+ Write-Host "Updating report $($reportPath) ..." -ForegroundColor Cyan

+ $outputPath = "$($reportPath)_$([Math]::Floor((Get-Date -UFormat %s))).csv"

+ $writer = [System.IO.StreamWriter]::new($outputPath)

+ $reader = [System.IO.StreamReader]::new($reportPath)

+ $rowCount = 0

+ while ($null -ne ($line = $reader.ReadLine())) {

+ $rowCount++

+ $columns = $line.Split(",")

+ $siteId = $columns[1]

+ $_guid = New-Object System.Guid

+ if ([System.Guid]::TryParse($siteId, [ref]$_guid)) {

+ $siteUrl = $cache[$siteId]

+ $columns[2] = $siteUrl

+ $line = $columns -join ","

+ }

+

+ $writer.WriteLine($line)

+ if ($rowCount%1000 -eq 0) {

+ Write-Host "Processed $($rowCount) rows"

+ }

+ }

+ $writer.Close()

+ $reader.Close()

+ Write-Host "Processed $($rowCount) rows"

+ Write-Host "Report updated: $($outputPath)" -ForegroundColor Cyan

+}

+ ```

+### Finalize

+```PowerShell

+Write-Host

+Read-Host "Press any key to exit..."

+ ```

+## Additional option for small-scale scenarios

+For smaller scale scenarios, admins with appropriate access can use the SharePoint REST API or Microsoft Graph API to retrieve information about site IDs referenced in affected reports. The SharePoint REST API can be used to retrieve information about a specific site ID.

+For example, the following SharePoint REST API request retrieves information about the Contoso site with site ID 15d43f38-ce4e-4f6b-bac6-766ece1fbcb4:

+`https://contoso.sharepoint.com/_api/v2.1/sites/contoso.sharepoint.com,15d43f38-ce4e-4f6b-bac6-766ece1fbcb4`

+The Microsoft Graph API can be used to list SharePoint sites or retrieve information about a specific site ID. For details, see [site resource type](/graph/api/resources/site).

+For example:

+- `https://graph.microsoft.com/v1.0/sites?search=*&$select=sharepointIds`

+- `https://graph.microsoft.com/v1.0/sites/{siteId}`

+The Microsoft Graph API can also be used to retrieve information about a given user's OneDrive for Business site. For details, see [drive resource type](/graph/api/resources/drive).

+For example:

+- `https://graph.microsoft.com/v1.0/users/{userId}/drives?$select=sharepointIds`

+|Root Web Template |The template used for creating the site. **NOTE**: If you want to filter the data by different site types, then export the data and use the Root Web Template column. |

+>[!NOTE]

+> The SharePoint site URL may not be displayed in related usage reports. To display the site URL, you can use PowerShell. To follow the steps, see [Use PowerShell to resolve site URLs](resolve-site-urls.md).

+Note that you may see differences between the sites listed above and those listed on the [Active sites page](https://go.microsoft.com/fwlink/?linkid=2185220) in the [SharePoint admin center](https://go.microsoft.com/fwlink/?linkid=2185219), from Sites > Active sites because the certain site templates and URLs are not included as Active Sites. See [Manage sites in the SharePoint admin center](/sharepoint/manage-sites-in-new-admin-center) for more information.

+## How do I get to the Viva Insights activity report?

+## Interpret the Microsoft 365 Apps usage report

+## Learn about Microsoft 365 previews

+Microsoft 365 releases some features in public preview or private preview to customers. These features are being actively developed and may not be complete.

+During the ΓÇÿPrivate previewΓÇÖ phase, a controlled testing environment is provided that is limited to a small group of customers. Features in private preview are typically more restricted and evaluated by a select set of users. Access to private preview features is usually by invitation only, directly from the product team responsible for the feature or service. Private preview allows for more confidential testing due to the smaller group size. Microsoft provides support for private preview features. It can be seen as a focused, exclusive testing phase before broader public preview.

+During the ΓÇÿPublic previewΓÇÖ phase, Microsoft releases certain features to a broader audience for testing and feedback. These features are made available to a wider group of customers and can be tested and used in production environments. However, they may have restricted or limited functionality and may only apply to specific platforms. Public preview features are actively being developed and may not be complete. Microsoft encourages users to provide feedback during this phase, and public preview features are fully supported by Microsoft. Some features may be available only in selected geographic regions or specific cloud environments.

+ Title: "Manage passwords with Microsoft Graph PowerShell"

+- must-keep

+ - azure-ad-ref-level-one-done

+description: "Learn how to use Microsoft Graph PowerShell to manage passwords."

+# Manage passwords with Microsoft Graph PowerShell

+You can use Microsoft Graph PowerShell as an alternative to the Microsoft 365 admin center to manage passwords in Microsoft 365.

+>[!NOTE]

+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).

+First, use a **Microsoft Entra DC admin**, **Cloud Application Admin**, or **Global admin** account to [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md).

+Managing passwords for a user requires the **User.ReadWrite.All** permission scope or one of the other permissions listed in the ['Assign license' Graph API reference page](/graph/api/user-assignlicense).

+Connect-Graph -Scopes User.ReadWrite.All

+Update-MgUser -UserId $userUPN -PasswordProfile @{ ForceChangePasswordNextSignIn = $true; Password = $newPassword }

+## March 2024

+Inaccuracy report ID |Description |Fix date |

+|:|:|:|

+| - | Defender Vulnerability Management doesn't currently support CVE-2023-4966 | 05-Mar-24

+| 47296 | Defender Vulnerability Management doesn't currently support Bitdefender Vulnerabilities - CVE-2017-17408, CVE-2017-17409 & CVE-2017-17410 | 05-Mar-24

+| 45297 | Fixed inaccuracy in Tera Term vulnerability - CVE-2023-48995 | 22-Feb-24

+| - | Fixed invalid version detections in Control & Control Client | 23-Feb-24

+| - | Added Microsoft Defender Vulnerability Management support to ConnectWise Control vulnerabilities - CVE-2024-1708 & CVE-2024-1709 | 23-Feb-24

+| 43472 | Added correct version details in all FortiClient CVEs | 25-Feb-24

+| 45727 | Added Microsoft Defender Vulnerability Management support to Box Tools & Box for Office products | 26-Feb-24

+| 47045 | Fixed inaccuracy issues in April 2021 GitLab Vulnerabilities | 26-Feb-24

+| 47174 | Added accurate EOS details for SQL Server Editions | 26-Feb-24

+| 46416 | Fixed inaccuracy in Oracle Kernel-uek-modules | 28-Feb-24

+| - | Fixed inaccuracy in Python Anaconda3 | 30-Jan-24

+ - tier2

+The user entity page in Microsoft Defender XDR helps you in your investigation of user identities. The page has all the important information about each identity. If an alert or incident indicates that a user might be compromised or is suspicious, check and investigate the user profile.

+### Active directory account control

+ :::image type="content" source="../../media/image.png" alt-text="Screenshot that shows how to choose time frame." lightbox="../../media/image.png":::

+- **Export button:** You can export the timeline to a CSV file. Export is limited to the first 5000 records and contains the data as it displays in the UI (same filters and columns).

+ :::image type="content" source="../../media/image2.png" alt-text="Screenshot that shows the user's image." lightbox="../../media/image2.png":::

+- [MITRE ATT&CK](https://attack.mitre.org/) techniques

+> Microsoft Defender XDR can display date and time information using either your local time zone or UTC. The selected time zone will apply to all date and time information shown in the Identity timeline.

+>

+> To set the time zone for these features, go to **Settings** \> **Security center** \> **Time zone**.

+appliesto: ✅ Microsoft Defender XDR

+Microsoft Defender XDR helps security teams protect and detect their organizations by using information from other Microsoft security products, including:

+- Ensure 'Windows Azure Service Management API' is limited to administrative roles.

+Client-side latency and network latency aren't included in the results.

+- **Message view**: Select one of tne of the following values:

+ - **All email**

+ - **Detonated email**: After you select this value, select one of the following values that appears:

+ - **Inline detonation**: Links and attachments in messages are fully tested by Safe Links and Safe Attachments before delivery.

+ - **Asynchronous detonation**: [Dynamic delivery](safe-attachments-about.md#dynamic-delivery-in-safe-attachments-policies) of attachments by Safe Attachments and links in email tested by Safe Links after delivery.

+The report shows real-time information with updated threat information.

+- **Updated threat**: Select one ore mor of the following values:

+- **Action**: The same URL click protection actions as previously described. By default, **Allowed** and **Allowed by tenant admin** aren't selected.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+> [!TIP]

+> URL clicks by guest users are available in the report. Guest user accounts might be compromised or access malicious content inside the organization.

+- **Action**: The same values as shown in the [View data by URL click protection action view](#view-data-by-url-click-protection-action-in-the-url-protection-report). By default, **Allowed** and **Allowed by tenant admin** aren't selected.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Tag**: Select **All** or the specified user tag (including priority accounts). For more information, see [User tags](user-tags-about.md).

+- **Data loss prevention**: Email messages that were quarantined by [data loss prevention (DLP) policies](/purview/dlp-learn-about-dlp).

+- **Mail direction**: Select **Inbound**, **Outbound**, and **Intra-org**.

+- **Type**: Select one or more of the following values:

+ - **Data loss prevention**

+- **Domain**: Select **All** or an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Phishing email**: This selection takes you to [View data by Email \> Phish and Chart breakdown by Detection Technology](#view-data-by-email--phish-and-chart-breakdown-by-detection-technology) in the Threat protection status report.

+- **Malware in email**: This selection takes you to [View data by Email \> Malware and Chart breakdown by Detection Technology](#view-data-by-email--malware-and-chart-breakdown-by-detection-technology) in the Threat protection status report.

+- **Spam detections**: This selection takes you to [View data by Email \> Spam and Chart breakdown by Detection Technology](#view-data-by-email--spam-and-chart-breakdown-by-detection-technology) in the Threat protection status report.

+- **Intra-org**

+- **Mail direction**: Select **Inbound**, **Outbound**, and **Intra-org**.

+- **Type**: Select one or more of the following values:

+ - **Data loss prevention**: Email messages that were quarantined by [data loss prevention (DLP) policies](/purview/dlp-learn-about-dlp).

+- **Domain**: Select **All** or an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Phishing email**: This selection takes you to [View data by Email \> Phish and Chart breakdown by Detection Technology](#view-data-by-email--phish-and-chart-breakdown-by-detection-technology) in the Threat protection status report.

+- **Malware in email**: This selection takes you to [View data by Email \> Malware and Chart breakdown by Detection Technology](#view-data-by-email--malware-and-chart-breakdown-by-detection-technology) in the Threat protection status report.

+- **Spam detections**: This selection takes you to [View data by Email \> Spam and Chart breakdown by Detection Technology](#view-data-by-email--spam-and-chart-breakdown-by-detection-technology) in the Threat protection status report.

+ - **Data loss prevention block**

+- **Mail direction**: Select **Inbound**, **Outbound**, and **Intra-org**.

+- **Domain**: Select **All** or an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+The details table below the graph shows the same information and has the same available actions actions as the **Emails** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=email>:

+- :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: **Customize columns**

+- :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: **Group**

+- :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **Submit to Microsoft for analysis**

+For more information, see [View email admin submissions to Microsoft](submissions-admin.md#view-email-admin-submissions-to-microsoft).

+ - **Appears clean**

+ - **Appears suspicious**

+- **Tags**: **All** or one or more [user tags](user-tags-about.md).

+On the **Submissions** page, the **[Export](#export-report-data)** action is available.

+- **Content malware** (Defender for Office 365 only: Files detected by [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](anti-malware-protection-for-spo-odfb-teams-about.md) and [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md))

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Leave the value **All** or remove it, double-click in the empty box, and then select one of the following values:

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Recipients (separated by commas)**

+- **Direction**: **All** or enter **Inbound**, **Outbound** and **Intra-org**.

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Recipients (separated by commas)**

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Recipients (separated by commas)**

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Recipients (separated by commas)**

+- **Data Loss Prevention**: Email messages that were quarantined by [data loss prevention (DLP) policies](/purview/dlp-learn-about-dlp).

+- **IP Allow**

+- **On-premises skip**

+- **Organization allowed domains**

+- **Organization allowed senders**

+- **Sender Domain List**

+- **TABL - File allowed**

+- **TABL - URL allowed**

+- **TABL - URL blocked**

+- **TABL Sender email address Allow**

+- **Third party filter**

+- **Trusted Contact List - Sender in Address Book**

+- **Trusted Recipient Address List**

+- **Trusted Recipient Domain List**

+- **Trusted Senders List (Outlook)**

+- **User Safe Domain**

+- **User Safe Sender**

+- **ZAP not enabled**

+- **Delivery Location**: **Junk Mail folder not enabled** and **SecOps mailbox**.

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+ - **Anti-malware**

+ - **Safe Attachments**

+ - **Anti-phish**

+ - **Anti-spam**

+ - **Mail flow rule** (transport rule)

+ - **Others**

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Recipients (separated by commas)**

+- **Delivery Location**: **Junk Mail folder not enabled** and **SecOps mailbox**.

+- **Direction**: Leave the value **All** or remove it, double-click in the empty box, and then select **Inbound**, **Outbound**, or **Intra-org**.

+- **Tag**: Leave the value **All** or remove it, double-click in the empty box, and then select **Priority account**. For more information about user tags, see [User tags](user-tags-about.md).

+- **Domain**: Leave the value **All** or remove it, double-click in the empty box, and then select an [accepted domain](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains).

+- **Policy type**: Select **All** or one of the following values:

+ - **Safe Attachments**

+- **Policy name (details table view only)**: Select **All** or a specific policy.

+- **Recipients (separated by commas)**

+- **Show data for Top intra.org mail senders**

+- **Show data for Top intra.org mail recipients**

+- **Show data for Top intra.org spam recipients**

+- **Show data for Top intra.org malware recipients**

+- **Show data for Top intra.org phishing recipients**

+- **Show data for Top intra.org phishing recipients (MDO)**

+- **Show data for Top intra.org malware recipients (MDO)**

+- **Tag**: Select **All** or the specified user tag (including priority accounts). For more information, see [User tags](user-tags-about.md).

+- **Phish**

+- **Spam**

+The details table below the graph shows the same information and has the same actions that are available on the **User reported** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=user>:

+On the report page, the :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **[Export](#export-report-data)** action is available.

+Depending on the report and the specific view in the report, one or more of the following actions might be available on the main report page as previously described: