EmailPostDeliveryEvents

Office 365 security events occurred post email delivery to recipient mailbox.

Categories

  • Security

Solutions

  • Microsoft Sentinel

Columns

Column Type Description
Action string Action taken on the entity
ActionResult string Result of the action
ActionTrigger string Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or String Delivery
ActionType string Type of activity that triggered the event
DeliveryLocation string Delivered email location: Inbox/Folder, On-premises/External, Junk, Quarantine, Failed, Dropped, Deleted items
InternetMessageId string Public-facing identifier for the email that is set by the sending email system
NetworkMessageId string Email unique identifier generated by Office 365
RecipientEmailAddress string Recipient email address or email address of the recipient after distribution list expansion
ReportId string Unique identifier for the event
SourceSystem string
TenantId string
TimeGenerated datetime Date and time (UTC) when the record was generated
Type string The name of the table