Get-CompromisedUserDetailReport

This cmdlet is available only in the cloud-based service.

Use the Get-CompromisedUserDetailReport cmdlet to return detailed information about compromised users for the last 10 days.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Get-CompromisedUserDetailReport
   [-Action <MultiValuedProperty>]
   [-EndDate <System.DateTime>]
   [-Page <Int32>]
   [-PageSize <Int32>]
   [-StartDate <System.DateTime>]
   [<CommonParameters>]

Description

This cmdlet returns the following information:

  • Date
  • UserCount
  • Action

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Get-CompromisedUserDetailReport -StartDate 06-01-2020 -EndDate 06-10-2020 -Action Suspicious

This example returns all suspicious user accounts for the specified date range.

Parameters

-Action

The Action parameter filters the results by the compromised user status. Valid values are:

  • Restricted
  • Suspicious

You can specify multiple values separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

-EndDate

The EndDate parameter specifies the end date of the date range.

Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2018 to specify September 1, 2018.

Type:System.DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

-Page

This parameter is reserved for internal Microsoft use.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

-PageSize

The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

-StartDate

The StartDate parameter specifies the start date of the date range.

Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2018 to specify September 1, 2018.

A value for this parameter can't be older than 30 days.

Type:System.DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection