在安全与合规中心的"报告"仪表板中&邮件流报告View mail flow reports in the Reports dashboard in Security & Compliance Center

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

除了安全 & 合规中心的邮件流仪表板中提供的邮件流报告之外,报告仪表板中还提供了各种其他邮件流报告,以帮助您监视 Microsoft 365 组织。In addition to the mail flow reports that are available in the Mail flow dashboard in the Security & Compliance Center, a variety of additional mail flow reports are available in the Reports dashboard to help you monitor your Microsoft 365 organization.

如果您具有 必要的权限,可以在安全与合规中心内查看这些报告 &"报告仪表板 > "。If you have the necessary permissions, you can view these reports in the Security & Compliance Center by going to Reports > Dashboard. 若要直接转到"报表"仪表板,请打开 https://protection.office.com/insightdashboardTo go directly to the Reports dashboard, open https://protection.office.com/insightdashboard.

安全与合规中心&仪表板

连接器报告Connector report

连接器 报告显示 为组织配置的 入站 和出站连接器上的邮件流活动。The Connector report shows mail flow activity on the inbound and outbound connectors that are configured for your organization.

若要查看报告,请打开安全与合规 &,转到报告仪表板 > ,然后选择连接器 报告To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Connector report. 若要直接转到报告,请打开 https://protection.office.com/reportv2?id=ConnectorReportTo go directly to the report, open https://protection.office.com/reportv2?id=ConnectorReport.

"报告"仪表板中的"连接器报告"小组件

连接器报表的报表视图Report view for the Connector report

以下图表可用于报表视图:The following charts are available in report view:

  • 查看数据者:邮件流:此图表显示组织方式的入站和出站邮件数:View data by: Mail flow: This chart shows the number of inbound and outbound messages organized by:

    • TotalTotal
    • 从 Internet(不含连接器)From the internet without a connector
    • 在没有连接器的情况下连接到 InternetTo the internet without a connector
    • 已配置的特定连接器。A specific connector that you've configured.

    若要隔离图表中的数据,请使用"显示数据 控制"选择这些选项之一或"所有邮件流"。To isolate the data in the chart, use the Show data for control to select one of these options or All mail flow.

    在连接器报告中按邮件流查看数据

  • 查看数据者:TLS 使用情况:此图显示传输层安全性 (TLS) 邮件流版本使用率的百分比。View data by: TLS usage: This chart shows the percentage of Transport Layer Security (TLS) version usage for mail flow.

    若要隔离图表中的数据,请使用"显示 控件的数据 "选择以下选项之一:To isolate the data in the chart, use the Show data for control to select one of the following options:

    • 所有邮件流All mail flow
    • 从 Internet(不含连接器)From the internet without a connector
    • 在没有连接器的情况下连接到 InternetTo the internet without a connector
    • 已配置的特定连接器。A specific connector that you've configured.

    在连接器报告中按 TLS 使用情况查看数据

如果 单击筛选器中的 报表视图,可以指定开始日期和 结束日期的日期范围If you click Filters in a report view, you can specify a date range with Start date and End date.

连接器报告的详细信息表视图Details table view for the Connector report

如果单击 视图中的" 查看详细信息"报表视图,将显示以下信息:If you click View details table in a report view, the following information is shown:

  • "日期"Date
  • 连接器方向和名称Connector direction and name
  • 连接器类型Connector type
  • 强制 TLS?:TrueFalseForced TLS?: The value True or False.
  • 无 TLS (百分比) No TLS (percentage)
  • TLS 1.0 (百分比) TLS 1.0 (percentage)
  • TLS 1.1 (百分比) TLS 1.1 (percentage)
  • TLS 1.2 (百分比) TLS 1.2 (percentage)
  • Volume: 消息数。Volume: The number of messages.

如果在详细信息 视图中单击"筛选器",可以指定开始日期和 结束日期的日期范围If you click Filters in a details table view, you can specify a date range with Start date and End date.

若要返回到报告报表视图,请单击"查看 报告"。To go back to the report view, click View report.

Exchange 传输规则报告Exchange transport rule report

Exchange 传输规则报告显示 邮件流规则对组织中 (传输规则) 传入和传出邮件的影响。The Exchange transport rule report shows the effect of mail flow rules (also known as transport rules) on incoming and outgoing messages in your organization.

若要查看报告,请打开安全与合规 &,转到报告仪表板 > ,然后选择 Exchange 传输规则To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Exchange Transport rule. 若要直接转到报告,请打开 https://protection.office.com/reportv2?id=ETRRuleReportTo go directly to the report, open https://protection.office.com/reportv2?id=ETRRuleReport.

报告仪表板中的 Exchange 传输规则小组件

Exchange 传输规则报告的报告视图Report view for the Exchange transport rule report

以下图表可用于报表视图:The following charts are available in report view:

  • 查看数据者:Exchange 传输规则 >Break down by: Direction: This chart shows the number of Inbound and Outbound messages that were affected by transport rules.View data by: Exchange transport rules > Break down by: Direction: This chart shows the number of Inbound and Outbound messages that were affected by transport rules.

  • 查看数据者:Exchange 传输规则 >按以下值进行 分解:严重性:此图表显示高严重性和中等严重性和 低严重性邮件的数量View data by: Exchange transport rules > Break down by: Severity: This chart shows the number of High severity and Medium severity, and Low severity messages. 将严重性级别设置为规则中的操作, (严重性级别审核此规则或 SetAuditSeverity) 。You set the severity level as an action in the rule (Audit this rule with severity level or SetAuditSeverity). 有关详细信息,请参阅 Mail flow rule actions in Exchange Online。For more information, see Mail flow rule actions in Exchange Online.

  • 查看数据者:DLP Exchange 传输规则 >Break down by: Direction: This chart shows the number of Inbound and Outbound messages that were affected by data loss prevention (DLP) rules.View data by: DLP Exchange transport rules > Break down by: Direction: This chart shows the number of Inbound and Outbound messages that were affected by data loss prevention (DLP) transport rules. 您可以通过选择以下选项来进一步优化图表:You can further refine the chart by selecting on of the following options:

    • 显示数据:所有 DLP 传输规则Show data for: All DLP transport rules
    • 显示针对:遭到入侵的用户的数据Show data for: Compromised users
    • 显示数据:检测到美国爱国者法案的内容量较低Show data for: Low volume of content detected U.S. Patriot Act
  • 查看数据者:DLP Exchange 传输规则 >Break down by: Direction: This view shows the number of High severity and Medium severity, and Low severity messages that were affected by DLP transport rules.View data by: DLP Exchange transport rules > Break down by: Direction: This view shows the number of High severity and Medium severity, and Low severity messages that were affected by DLP transport rules. 您可以通过选择以下选项来进一步优化图表:You can further refine the chart by selecting on of the following options:

    • 显示数据:所有 DLP 传输规则Show data for: All DLP transport rules
    • 显示针对:遭到入侵的用户的数据Show data for: Compromised users
    • 显示数据:检测到美国爱国者法案的内容量较低Show data for: Low volume of content detected U.S. Patriot Act

如果 单击筛选器中的 报表视图,可以使用以下筛选器修改结果:If you click Filters in a report view, you can modify the results with the following filters::

  • 开始日期和****结束日期Start date and End date
  • 方向值Direction values
  • 严重性值Severity values

Exchange 传输规则报告中的报告视图

Exchange 传输规则报告的详细信息表视图Details table view for the Exchange transport rule report

如果单击 "查看详细信息表",显示的信息取决于您所查看的图表:If you click View details table, the information that's shown depends on the chart you were looking at:

  • 查看数据者:Exchange 传输规则View data by: Exchange Transport rules:

    • "日期"Date
    • 传输规则Transport rule
    • 主题Subject
    • 发件人地址Sender address
    • 收件人地址Recipient address
    • 严重性Severity
    • 方向Direction
  • 查看数据者:DLP Exchange 传输规则View data by: DLP Exchange transport rules:

    • "日期"Date
    • DLP 策略DLP policy
    • 传输规则Transport rule
    • 主题Subject
    • 发件人地址Sender address
    • 收件人地址Recipient address
    • 严重性Severity
    • 方向Direction

如果在详细信息 视图中单击"筛选器",可以使用以下筛选器修改结果:If you click Filters in a details table view, you can modify the results with the following filters:

  • 开始日期和****结束日期Start date and End date
  • 方向值Direction values
  • 严重性值Severity values

若要返回到报告报表视图,请单击"查看 报告"。To go back to the report view, click View report.

转发报告Forwarding report

转发 报告显示 您的组织自动将邮件从 Exchange Online 邮箱转发到外部域。The Forwarding report shows your organization's automatically forwarded messages to external domains from Exchange Online mailboxes. 转发的邮件可能会带来安全或合规性风险,并可能指示帐户遭到入侵。Forwarded messages can pose a security or compliance risk, and might indicate a compromised account.

若要查看报告,请打开安全与&中心,转到报告仪表板 > ,然后选择 转发报告To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Forwarding report. 若要直接转到报告,请打开 https://protection.office.com/reportv2?id=MailFlowForwardingTo go directly to the report, open https://protection.office.com/reportv2?id=MailFlowForwarding.

"报告"仪表板中的"转发报告"小组件

转发报告的报表视图Report view for the Forwarding report

下表中提供了以下报表视图:The following charts are available in the report view:

  • 显示以下方法的数据:转发方法:显示以下方法:Show data for: Forwarding methods: The following methods are shown:

    转发报告中的转发方法视图

  • 显示数据:转发域:此视图显示作为转发目标收件人域。Show data for: Forwarding domains: This view shows the recipient domains that are the destinations for forwarding.

    转发报告中的转发域视图

  • 显示以下转发器 的数据:转发器如下所示:Show data for: Forwarders: The following forwarders are shown:

    • 传输规则Transport rule
    • 包含转发收件箱规则的邮箱。The mailbox that contains the forwarding Inbox rule.

    转发报告中的转发器视图

如果 单击筛选器中的 报表视图,可以指定开始日期和 结束日期的日期范围If you click Filters in a report view, you can specify a date range with Start date and End date.

转发报告的详细信息表视图Details table view for the Forwarding report

如果单击 视图中的" 查看详细信息"报表视图,将显示以下信息:If you click View details table in a report view, the following information is shown:

  • 转发器:值 传输规则 或包含转发收件箱规则的邮箱。Forwarders: The value Transport rule or the mailbox that contains the forwarding Inbox rule.
  • 转发类型:值 Mailbox ruleTransport ruleForwarding type: The value Mailbox rule or Transport rule.
  • 收件人名称Recipient name
  • 收件人域Recipient domain
  • 详细信息:这是邮件流规则的 GUID 值或收件箱规则的 RuleIdentity 值。Details: This is the GUID value of the mail flow rule, or the RuleIdentity value of the Inbox rule.
  • CountCount
  • 第一个转发日期First forward date

如果在详细信息 视图中单击"筛选器",可以指定开始日期和 结束日期的日期范围If you click Filters in a details table view, you can specify a date range with Start date and End date.

若要返回到报告视图,请单击"查看 报告"。To go back to the reports view, click View report.

邮件流状态报告Mailflow status report

邮件 流状态报告 类似于"已发送和已接收 电子邮件"报告,包含有关边缘上允许或阻止的电子邮件的其他信息。The Mailflow status report is similar to the Sent and received email report, with additional information about email allowed or blocked on the edge. 这是包含边缘保护信息的唯一报告,它显示了在 Exchange Online Protection (EOP) 允许进入服务之前阻止的电子邮件数。This is the only report that contains edge protection information, and shows just how much email is blocked before being allowed into the service for evaluation by Exchange Online Protection (EOP). 必须了解,如果将一封邮件发送给五个收件人,我们会将邮件计为五个不同的邮件,而不是一封邮件。It's important to understand that if a message is sent to five recipients we count it as five different messages and not one message. 若要查看报告,请打开安全与合规 &,转到报告仪表板 > ,然后选择 邮件流状态报告To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Mailflow status report. 若要直接转到邮件 流状态报告, 请打开 https://protection.office.com/mailflowStatusReportTo go directly to the Mail flow status report, open https://protection.office.com/mailflowStatusReport.

"报告"仪表板中的"邮件流状态报告"小部件

邮件流状态报告的类型视图Type view for the Mailflow status report

打开报表时,默认情况下 会选中 "类型"选项卡。When you open the report, the Type tab is selected by default. 默认情况下,此视图包含一个图表和一个使用以下筛选器配置的数据表:By default, this view contains a chart and a data table that's configured with the following filters:

  • 日期:最近 7 天。Date: The last 7 days.

  • 方向Direction:

    • 入站Inbound
    • 出站Outbound
    • 组织内部:此计数用于租户内的邮件,即Intra-org: this count is for messages within a tenant i.e 发件人 abc@domain.com 发送到收件人的邮件 xyz@domain.com (与 入站 和出站邮件 分开计算)sender abc@domain.com sends to recipient xyz@domain.com (counted separately from Inbound and Outbound)
  • 类型Type:

    • 良好的邮件Good mail
    • 恶意软件Malware
    • 垃圾邮件Spam
    • 边缘保护Edge protection
    • 规则邮件Rule messages
    • 钓鱼电子邮件Phishing email

图表按 Type 值组织The chart is organized by the Type values.

可以通过单击"筛选器 "或单击 图表图例中的值来更改这些筛选器。You can change these filters by clicking Filter or by clicking a value in the chart legend.

该数据表包含以下信息:The data table contains the following information:

  • 方向Direction
  • 类型Type
  • 24 小时24 hours
  • 3 天3 days
  • 7 天7 days
  • 15 天15 days
  • 30 天30 days

If you click Choose a category for more details, you can select from the following values:If you click Choose a category for more details, you can select from the following values:

导出Export:

对于详细信息视图,只能导出一天的数据。For the detail view, you can only export data for one day. 因此,如果要导出 7 天的数据,需要执行 7 种不同的导出操作。So, if you want to export data for 7 days, you need to do 7 different export actions.

每个导出的 .csv 文件限制为 150,000 行。Each exported .csv file is limited to 150,000 rows. 如果当天的数据包含超过 150,000 行,将创建多个 .csv 文件。If the data for that day contains more than 150,000 rows, then multiple .csv files will be created.

邮件流状态报告中的类型视图Type view in the Mailflow status report

邮件流状态报告的方向视图Direction view for the Mailflow status report

如果单击" 方向" 选项卡,则使用"类型"视图中 的相同 默认筛选器。If you click the Direction tab, the same default filters from the Type view are used.

图表按 Direction 组织。The chart is organized by Direction values.

可以通过单击"筛选器 "或单击 图表图例中的值来更改这些筛选器。You can change these filters by clicking Filter or by clicking a value in the chart legend. 使用"类型" 视图中的 相同筛选器。The same filters from the Type view are used.

该数据表包含"类型"视图中 的相同 信息。The data table contains same information from the Type view.

" 选择类别"了解更多详细信息 可用的选择和行为与"类型 "视图相同The Choose a category for more details available selections and behavior are the same as the Type view.

导出Export:

对于详细信息视图,只能导出一天的数据。For the detail view, you can only export data for one day. 因此,如果要导出 7 天的数据,需要执行 7 种不同的导出操作。So, if you want to export data for 7 days, you need to do 7 different export actions.

每个导出的 .csv 文件限制为 150,000 行。Each exported .csv file is limited to 150,000 rows. 如果当天的数据包含超过 150,000 行,将创建多个 .csv 文件。If the data for that day contains more than 150,000 rows, then multiple .csv files will be created.

邮件流状态报告中的方向视图Direction view in the Mailflow status report

邮件流状态报告的漏斗视图Funnel view for the Mailflow status report

视图显示 Microsoft 的电子邮件威胁防护功能如何筛选组织中传入和传出的电子邮件。The Funnel view shows you how Microsoft's email threat protection features filter incoming and outgoing email in your organization. 它提供有关总电子邮件计数以及配置的威胁防护功能(包括边缘保护、反恶意软件、反网络钓鱼、反垃圾邮件和反欺骗)如何影响此计数的详细信息。It provides details on the total email count, and how the configured threat protection features, including edge protection, anti-malware, anti-phishing, anti-spam, and anti-spoofing affect this count.

如果单击" 漏斗" 选项卡,默认情况下,此视图包含一个图表和一个使用以下筛选器配置的数据表:If you click the Funnel tab, by default, this view contains a chart and a data table that's configured with the following filters:

  • 日期:最近 7 天。Date: The last 7 days.

  • 方向Direction:

    • 入站Inbound
    • 出站Outbound
    • 组织内部:此计数用于租户内发送的邮件;即,发件人 abc@domain.com 收件人的邮件 xyz@domain.com (入站和出站邮件分开计算) 。Intra-org: This count is for messages sent within a tenant; i.e, sender abc@domain.com sends to recipient xyz@domain.com (counted separately from Inbound and Outbound).

聚合视图和数据表视图允许筛选 90 天。The aggregate view and data table view allow for 90 days of filtering.

如果单击 "筛选器",可以同时筛选图表和数据表。If you click Filter, you can filter both the chart and the data table.

此图表显示按以下方式组织的电子邮件计数:This chart shows the email count organized by:

  • 电子邮件总数Total email
  • 边缘保护后的电子邮件Email after edge protection
  • 反恶意软件后的电子邮件, 文件信誉, 文件类型阻止Email after anti-malware, file reputation, file type block
  • 反网络钓鱼后的电子邮件, URL 信誉, 品牌模拟, 反欺骗Email after anti-phish, URL reputation, brand impersonation, anti-spoof
  • 反垃圾邮件、批量邮件筛选后的电子邮件Email after anti-spam, bulk mail filtering
  • 用户和域模拟之后的电子邮件1Email after user and domain impersonation1
  • 文件和 URL 触发1之后的电子邮件Email after file and URL detonation1
  • 在传递后保护或 URL 单击时间保护 (检测为安全)Email detected as benign after post-delivery protection (URL click time protection)

仅 1 个 Defender for Office 3651 Defender for Office 365 only

若要查看由 EOP 或 Defender for Office 365 单独筛选的电子邮件,请单击图表图例中的值。To view the email filtered by EOP or Defender for Office 365 separately, click on the value in the chart legend.

该数据表包含以下信息,按降序日期顺序显示:The data table contains the following information, shown in descending date order:

  • "日期"Date
  • 电子邮件总数Total email
  • 边缘保护Edge protection
  • 反恶意软件, 文件信誉, 文件类型阻止Anti-malware, file reputation, file type block:
    • 文件信誉:由于其他 Microsoft 客户标识的附加文件而筛选的邮件。File reputation: Messages filtered due to identification of an attached file by other Microsoft customers.
    • 文件类型阻止:由于邮件中标识的恶意文件类型而筛选的邮件。File type block: Messages filtered due to the type of malicious file identified in the message.
  • 反网络钓鱼, URL 信誉, 品牌模拟, 反欺骗Anti-phish, URL reputation, Brand impersonation, anti-spoof:
    • URL 信誉:由于其他 Microsoft 客户标识的 URL 而筛选的邮件。URL reputation: Messages filtered due to the identification of the URL by other Microsoft customers.
    • 品牌模拟:由于来自已知品牌模拟发件人的邮件而筛选的邮件。Brand impersonation: Messages filtered due to the message coming from well-known brand impersonating senders.
    • 反欺骗:由于邮件试图欺骗收件人所属的域或邮件发件人不属于的域而筛选的邮件。Anti-spoof: Messages filtered due to the message attempting to spoof a domain that the recipient belongs to, or a domain that the message sender doesn't own.
  • 反垃圾邮件,批量邮件筛选Anti-spam, bulk mail filtering:
    • 批量邮件筛选:由于尝试将批量邮件传递至收件人而筛选的邮件。Bulk mail filtering: Messages filtered due to an attempt to deliver bulk mail to its recipients.
  • Office 365 (Defender 中的 用户和) :User and domain impersonation (Defender for Office 365):
    • 用户模拟:由于尝试模拟用户 (邮件发件人) (在反网络钓鱼策略的模拟保护设置中定义)而筛选的邮件。User impersonation: Messages filtered due to an attempt to impersonate a user (message sender) that's defined in the impersonation protection settings of an anti-phishing policy.
    • 域模拟:由于尝试模拟在反网络钓鱼策略的模拟保护设置中定义的域而筛选的邮件。Domain impersonation: Messages filtered due to an attempt to impersonate a domain that's defined in the impersonation protection settings of an anti-phishing policy.
  • Office 365 (Defender 的文件和 URL) :File and URL detonation (Defender for Office 365):
    • 文件触发:由安全附件策略筛选的邮件。File detonation: Messages filtered by a Safe Attachments policy.
    • URL 触发:由安全链接策略筛选的邮件。URL detonation: Message filtered by a Safe Links policy.
  • 传递后保护和 ZAP (ATP) 或 ZAP (EOP):ZAP 表示零时差自动清除。Post-delivery protection and ZAP (ATP), or ZAP (EOP): ZAP indicates zero hour auto-purge.

如果在数据表中选择一行,则电子邮件计数的进一步细分将显示在该飞出区中。If you select a row in the data table, a further breakdown of the email counts are shown in the flyout.

导出Export:

单击"选项 " 下的 " 导出"后,可以选择下列值之一:After you click Export under Options, you can select one of the following values:

  • 摘要 (最近 90 天的数据汇总)Summary (with data for last 90 days at most)
  • 有关 (最近 30 天的数据的详细信息)Details (with data for last 30 days at most)

"日期"下,选择一个范围,然后单击"应用 "。Under Date, choose a range, and then click Apply. 当前筛选器的数据将导出到 .csv 文件。Data for the current filters will be exported to a .csv file.

每个导出的 .csv 文件限制为 150,000 行。Each exported .csv file is limited to 150,000 rows. 如果数据包含超过 150,000 行,将创建多个 .csv 文件。If the data contains more than 150,000 rows, then multiple .csv files will be created.

邮件流状态报告中的漏斗视图Funnel view in the Mailflow status report

邮件流状态报告的技术视图Tech view for the Mailflow status report

" 技术" 视图类似于漏 斗视图 ,提供有关配置的威胁防护功能的更具体的详细信息。The Tech view is similar to the Funnel view, providing more granular details for the configured threat protections features. 从图中,你可以看到如何在威胁防护的不同阶段对邮件进行分类。From the chart, you can see how messages are categorized at the different stages of threat protection.

如果单击" 技术视图 "选项卡,默认情况下,此视图包含一个图表和一个使用以下筛选器配置的数据表:If you click the Tech view tab, by default, this view contains a chart and a data table that's configured with the following filters:

  • 日期:最近 7 天。Date: The last 7 days.

  • 方向Direction:

    • 入站Inbound
    • 出站Outbound
    • 组织内部:此计数用于租户内的邮件,即Intra-org: this count is for messages within a tenant i.e 发件人 abc@domain.com 发送到收件人的邮件 xyz@domain.com (与入站和出站邮件分开计数) sender abc@domain.com sends to recipient xyz@domain.com (counted separately from Inbound and Outbound)

聚合视图和数据表视图允许筛选 90 天。The aggregate view and data table view allow for 90 days of filtering.

如果单击 "筛选器",可以同时筛选图表和数据表。If you click Filter, you can filter both the chart and the data table.

此图显示按以下类别组织的邮件:This chart shows messages organized into the following categories:

  • 电子邮件总数Total email
  • 边缘允许边缘筛选Edge allow and Edge filtered
  • 非恶意软件安全附件检测 *反恶意软件引擎检测和****规则邮件Not malware, Safe Attachments detection*, Anti-malware engine detection, and Rule messages
  • 非网络钓鱼****、DMARC 失败模拟检测欺骗检测和****钓鱼检测Not phish, DMARC failure, Impersonation detection, Spoof detection, and Phish detection
  • 无需检测 URL 触发和 URL 触发检测*No detection with URL detonation and URL detonation detection*
  • 不是垃圾邮件垃圾邮件Not spam and Spam
  • 非恶意电子邮件安全链接检测和 * ZAPNon-malicious email, Safe Links detection*, and ZAP

* Defender for Office 365* Defender for Office 365

将鼠标悬停在图表中的类别上时,可以看到该类别中的消息数。When you hover over a category in the chart, you can see the number of messages in that category.

该数据表包含以下信息,按降序日期顺序显示:The data table contains the following information, shown in descending date order:

  • "日期"Date
  • 电子邮件总数Total email
  • 已筛选边缘Edge filtered
  • 反恶意软件引擎,安全附件,已筛选规则Anti-malware engine, Safe Attachments, rule filtered:
    • 已筛选规则:由于邮件流规则而筛选 (也称为传输规则) 。Rule filtered: Messages filtered due to mail flow rules (also known as transport rules).
  • DMARC, 模拟, 欺骗, 网络钓鱼筛选:DMARC, impersonation, spoof, phish filtered:
    • DMARC: 由于邮件未通过 DMARC 身份验证检查而筛选的邮件。DMARC: Messages filtered due to the message failing its DMARC authentication check.
  • URL 触发检测URL detonation detection
  • 已筛选反垃圾邮件Anti-spam filtered
  • ZAP 已删除ZAP removed
  • 通过安全链接检测Detection by Safe Links

如果在数据表中选择一行,则电子邮件计数的进一步细分将显示在该飞出区中。If you select a row in the data table, a further breakdown of the email counts are shown in the flyout.

导出Export:

单击" 导出", 在" 选项 "下,可以选择下列值之一:On clicking Export, under Options you can select one of the following values:

  • 摘要 (最近 90 天的数据汇总)Summary (with data for last 90 days at most)
  • 有关 (最近 30 天的数据的详细信息)Details (with data for last 30 days at most)

"日期"下,选择一个范围,然后单击"应用 "。Under Date, choose a range, and then click Apply. 当前筛选器的数据将导出到 .csv 文件。Data for the current filters will be exported to a .csv file.

每个导出的 .csv 文件限制为 150,000 行。Each exported .csv file is limited to 150,000 rows. 如果数据包含超过 150,000 行,将创建多个 .csv 文件。If the data contains more than 150,000 rows, then multiple .csv files will be created.

邮件流状态报告中的技术视图Tech view in the Mailflow status report

已发送和已接收电子邮件报告Sent and received email report

" 已发送和 已接收电子邮件"报告是一个智能报告,它显示有关传入和传出电子邮件的信息,包括垃圾邮件检测、恶意软件和标识为"良好"的电子邮件。The Sent and received email report is a smart report that shows information about incoming and outgoing email, including spam detections, malware, and email identified as "good." 此报告与邮件流状态报告之间的区别在于:此报告不包含有关被边缘保护阻止的邮件的数据。必须了解,如果将一封邮件发送给五个收件人,我们会将邮件计为一封邮件。The difference between this report and the Mailflow status report is: this report doesn't include data about messages blocked by edge protection.It's important to understand that if a message is sent to five recipients we count it as one message.

聚合视图和报告的详细视图允许筛选 90 天。The aggregate view and the detail view of the report allow for 90 days of filtering.

若要查看报告,请打开安全与&中心,转到报告 仪表板 > ,然后选择 已发送和已接收的电子邮件To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Sent and received email. 若要直接转到报告,请打开 https://protection.office.com/reportv2?id=SentAndReceivedMailATPTo go directly to the report, open https://protection.office.com/reportv2?id=SentAndReceivedMailATP.

"报告"仪表板中的"已发送和已接收电子邮件"小组件

已发送和已接收电子邮件报告的报告视图Report view for the Sent and received email report

下表中提供了以下报表视图:The following charts are available in the report view:

  • 分类:类型:图表显示所有可用类别:Break down by: Type: The chart shows all available categories:

    • TotalTotal
    • 良好的邮件Good mail
    • EOP (反恶意软件) ( 恶意软件) Malware (anti-malware) (EOP)
    • 垃圾邮件检测Spam detections
    • 规则邮件Rule messages
    • Microsoft Defender for Office 365 (高级恶意软件) Advanced malware (Microsoft Defender for Office 365)

    当您将鼠标悬停在图表中 (一) ,可以看到当天的详细信息。When you hover over a day (data point) in the chart, you can see details for that day.

    "已发送和已接收电子邮件"报告中的类型视图

  • 按:方向: 图表显示 总计入站出站 数据。Break down by: Direction: The chart shows Total, Inbound, and Outbound data. 当您将鼠标悬停在图表中 (一) ,可以看到当天的详细信息。When you hover over a day (data point) in the chart, you can see details for that day.

    已发送和已接收电子邮件报告中的方向视图

  • 向下钻取 >恶意软件 (反恶意软件) : 此选择将你带至电子邮件 报告中的恶意软件检测Drill down by > Malware (anti-malware): This selection takes you to the Malware detections in email report.

  • 向下钻取 >垃圾邮件检测) : 此选择将您带至 垃圾邮件检测报告Drill down by > Spam detections): This selection takes you to the Spam Detections report.

如果 单击筛选器 中的报表视图,可以使用以下筛选器修改结果:If you click Filters in a report view, you can modify the results with the following filters:

  • 开始日期和****结束日期Start date and End date
  • 方向值Direction values
  • 类型值Type values

若要返回到报告报表视图,请单击"查看 报告"。To go back to the report view, click View report.

已发送和已接收电子邮件报告的详细信息表视图Details table view for the Sent and received email report

如果在"中断者: 方向"或"中断者:方向"视图中单击"查看详细信息"表,将显示以下信息:If you click View details table in the Break down by: Direction or Break down by: Direction view, the following information is shown:

  • Date (UTC)Date (UTC)
  • 类型Type
  • 方向Direction
  • 邮件计数Message count

如果在详细信息 视图中单击"筛选器",可以使用以下筛选器修改结果:If you click Filters in a details table view, you can modify the results with the following filters:

  • 开始日期和****结束日期Start date and End date
  • 方向值Direction values
  • 类型值Type values

若要返回到报告报表视图,请单击"查看 报告"。To go back to the report view, click View report.

首要发件人和收件人报告Top senders and recipients report

The Top senders and recipients report is a pie chart showing your top email senders and recipients.The Top senders and recipients report is a pie chart showing your top email senders and recipients.

若要查看报告,请打开安全与合规&,转到" 报告 仪表板",然后选择" > 顶级发件人和收件人"。To view the report, open the Security & Compliance Center, go to Reports > Dashboard and select Top senders and recipients. 若要直接转到报告,请打开 https://protection.office.com/reportv2?id=TopSenderRecipientsATPTo go directly to the report, open https://protection.office.com/reportv2?id=TopSenderRecipientsATP.

"报告"仪表板中的"热门发件人和收件人"小组件

顶级发件人和收件人报告的报告视图Report view for the Top senders and recipient report

下表中提供了以下报表视图:The following charts are available in the report view:

  • 显示热门 > 邮件发件人的数据Show data for > Top mail senders
  • 显示热门 > 邮件收件人的数据Show data for > Top mail recipients
  • 显示热门 > 垃圾邮件收件人的数据Show data for > Top spam recipients
  • 显示数据 > EOP 邮件 (恶意软件) Show data for > Top malware recipients (EOP)
  • 在 Defender for > Office 365 (中显示热门恶意软件收件人)Show data for > Top malware recipients (Defender for Office 365)

饼图的组成将基于这些选择进行更改。The composition of the pie chart changes based on these selections.

将鼠标悬停在饼图中的一个浮点上时,可以看到已发送或已接收邮件的计数。When you hover over a wedge in the pie chart, you can see a count of messages sent or received.

如果 单击筛选器中的 报表视图,可以指定开始日期和 结束日期的日期范围If you click Filters in a report view, you can specify a date range with Start date and End date.

"热门发件人和收件人"报告中的"报告"视图中的饼图

"热门发件人和收件人"报告的详细信息表视图Details table view for the Top senders and recipient report

如果单击 "查看详细信息表",显示的信息取决于您所查看的图表:If you click View details table, the information that's shown depends on the chart you were looking at:

  • 显示热门 > 邮件发件人的数据Show data for > Top mail senders

    • 热门邮件发件人Top mail senders
    • CountCount
  • 显示热门 > 邮件收件人的数据Show data for > Top mail recipients

    • 热门邮件收件人Top mail recipients
    • CountCount
  • 显示热门 > 垃圾邮件收件人的数据Show data for > Top spam recipients

    • 热门垃圾邮件收件人Top spam recipients
    • CountCount
  • 显示数据 > EOP 邮件 (恶意软件) Show data for > Top malware recipients (EOP)

    • 热门恶意软件收件人Top malware recipients
    • CountCount
  • 在 Defender for > Office 365 (中显示热门恶意软件收件人)Show data for > Top malware recipients (Defender for Office 365)

    • 适用于 Office 365 (Defender 的热门恶意软件)Top malware recipients (Defender for Office 365)
    • CountCount

如果在详细信息 视图中单击"筛选器",可以指定开始日期和 结束日期的日期范围If you click Filters in a details table view, you can specify a date range with Start date and End date.

若要返回到报告报表视图,请单击"查看 报告"。To go back to the report view, click View report.

查看这些报告需要哪些权限?What permissions are needed to view these reports?

若要查看和使用本文中所述的报告,你需要是安全与合规中心内以下角色&之一:In order to view and use the reports described in this article, you need to be a member of one of the following role groups in the Security & Compliance Center:

  • 组织管理Organization Management
  • 安全管理员Security Administrator
  • 安全读者Security Reader
  • 全局读者Global Reader

有关详细信息,请参阅 安全与合规中心的权限For more information, see Permissions in the Security & Compliance Center.

备注

向 Microsoft 365 管理中心相应的 Azure 活动目录添加用户会向其提供安全与合规中心的必备权限 以及 Microsoft 365其它功能的权限。Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions in the Security & Compliance Center and permissions for other features in Microsoft 365. 有关详细信息,请参阅 关于管理员角色For more information, see About admin roles.

安全与合规中心内的智能报告和见解Smart reports and insights in the Security & Compliance Center

安全与合规中心内的邮件流见解Mail flow insights in the Security & Compliance Center

查看安全与合规中心内的电子邮件安全报告View email security reports in the Security & Compliance Center

查看适用于 Office 365 的 Microsoft Defender 报告View reports for Microsoft Defender for Office 365