Monitor Spam Detection Reports in M365

Ever clicked on a 'You got promoted' email, only to discover it as spam? It's a common trap. Distinguishing professional emails from attractive spam offers, like 'best deals' or 'limited time offers' is a constant challenge. The temptation is real, and as a Microsoft 365 admin, it’s challenging to detect and prevent every incoming email threat. This guide will equip you with strategies to efficiently monitor spam reports in Microsoft 365, identify potential spam victims, prevent attacks, and create a threat-free email environment.

Native Solution

Microsoft 365 Permission Required

High

Global Admin, Security Admin, Security Reader, or Global Reader.

Option 1 Using Microsoft 365 Defender Portal

Login to the Microsoft 365 Defender portal.
View email security reports in Microsoft 365 Defender portal by navigating to Reports»Email & collaboration»Email & collaboration reports.
Next, select 'View details' in the "Threat protection status" report.
Change "View data by Overview" to "View data by Email > Spam" to get the spam detection report.

Option 2 Using Exchange Online PowerShell

Connect to Exchange Online PowerShell module.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Run the PowerShell command below to generate a report on Microsoft 365 spam emails.

Windows PowerShell

 Get-MailDetailATPReport | Where-Object {$_.VerdictSource -eq 'Spam'} | Select-Object Date, Subject, SenderAddress, RecipientAddress, MessageId | Format-Table -AutoSize

Option 3 Using PowerShell Script

While the above PowerShell cmdlets can help retrieve spam emails, generating the specific report you need on Exchange Online spam involves more steps. This process includes additional filtering and handling of various parameter attributes, making it time-consuming.
To simplify this process, we've developed a PowerShell script that effortlessly exports Microsoft 365 spam email reports.
Please be aware that the script is designed to generate 9 different mail protection reports. However, to specifically generate a report, you must specify a parameter while running the script in this format.
./MailProtectionReport.ps1 -parameter
For spam-related reports, you can use any one of the following parameters:
- SpamEmailsReceived: You can use this param to get the inbound spam report.
- SpamEmailsSent: Utilize this parameter for retrieving the outbound spam report.
- IntraOrgSpamMails: Use this param switch to identify the users who are sending spam emails within your organization.

MailProtectionReport.ps1

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access assigned by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 portal.
Navigate to All Spam Mails report under Audit»Email»Spam Mails.

AdminDroid's Microsoft 365 spam reports offer a transparent view of spam emails, providing detailed analytics on incoming & outgoing spam emails, internal spam detection statistics, and much more.

Use the chart above to obtain the list of domains involved in spam and block suspicious domains in your organization with high volumes of spam emails.

Explore a full range of reporting options

Discover Microsoft 365 Spam Reports at Your Fingertips!

Protect your organization from spam attacks with AdminDroid's powerful spam reporting tool. Keep communications secure and operations seamless. Gain deep insights into spam threats and strengthen your defenses now!

Witness the report in action using the

Live Demo

Important Tips

Keep your emails out of spam folders and protect your organization's reputation by configuring outbound spam policies in Microsoft 365.

Turn on and add all users to standard and strict preset security policies to enhance your organization's anti-spam protection in Microsoft 365.

Adjust the spam confidence level (SCL) on messages using mail flow rules to fine-tune your spam filtering.

Exchange OnlineMonitor Spam Detections to Enhance Email Security in M365

Showing 1 of 7

How to find the top spam receivers report in Microsoft 365? What are the spam detection technologies used in Microsoft 365? How to find spam detection method in Microsoft 365? What is the bulk email threshold in Microsoft 365? What are the dangers of spam emails in Microsoft 365? What is non-spam mail in Microsoft 365? How to report a spam message in Microsoft Outlook?

How to find the top spam receivers report in Microsoft 365?

A top spam receiver is a user who attracts a high volume of spam mails, often targeted by spammers to extract sensitive data or deploy malware.

Identifying these top spam receivers is crucial for strengthening your defenses. It allows for tailored security measures, ensuring that the most vulnerable inboxes are shielded effectively, thereby enhancing your overall email security.

Use Security Portal to Find Top Spam Recipients

Sign in to your Microsoft 365 Defender account.
Go to the Reports»Email & collaboration»Email & collaboration reports.
Access the "Top senders and recipients" report card.
Adjust the view to "Show data by top spam recipients".

Get Top Spam Recipients in Microsoft 365 Using PowerShell

Connect to Exchange Online PowerShell module.
Execute the 'Get-MailTrafficSummaryReport' cmdlet as shown below to fetch the top spam recipient report.

Get-MailTrafficSummaryReport -Category TopSpamRecipient

top-spam-recipient-powershell-method-faq1

However, these native methods are often time-consuming and lack detailed information, such as data about top spam senders. Additionally, limited data aggregation and accessibility issues might make it hard to fully understand spam threats.

No more searching through complex filters or looping through PowerShell parameters. With AdminDroid, monitoring top spam receivers is as easy as a few clicks!

With its user-friendly interface, AdminDroid offers a comprehensive report on top spam receivers effortlessly.

Head to Audit»Email»User Level Email Statistics»Top Email Statistics to access the comprehensive Top Spam Receivers report.
Besides identifying top spam receivers, AdminDroid offers insights into top mail senders, spam senders, phishing senders, spoofed emails, malware instances, and much more to identify top attackers and top impacted email users in your exchange environment.

Quick Tip: Want your reports at your fingertips? Just hit the download button 📥 in the top-right corner. Select from HTML, PDF, CSV, XLS, and more to get your report instantly! Quick and convenient!

But wait, there's more! AdminDroid doesn't just stop at tabular reports; it also offers a real-time threat monitoring dashboard with interactive graphs and insights under Dashboards»Email.

What are the spam detection technologies used in Microsoft 365?

In Microsoft 365, various technologies and methods are employed to detect spam and malicious emails. Here's an overview of some of the key spam detection technologies used:

URL malicious reputation: This technology checks the reputation of URLs included in emails to determine if they are associated with malicious content or phishing attempts.
Advanced filter: Microsoft 365 uses advanced filters that analyze email content, headers, and sender information to identify suspicious patterns that may indicate spam or phishing.
General filter: General filters in Microsoft 365 help detect and block known spam patterns and common phishing attempts based on predefined rules and algorithms.
Mixed analysis detection: This approach combines multiple detection techniques, such as machine learning, heuristics, and behavioral analysis, to identify spam and malicious emails.
Fingerprint matching: Fingerprint matching compares email content against known spam and phishing templates or signatures to detect and block malicious messages.
Domain reputation: Microsoft 365 checks the reputation of the sending domain to assess the likelihood that an email is spam or malicious.
Bulk detection: Bulk detection identifies emails sent in large quantities, which is a common characteristic of spam campaigns.
IP reputation: Similar to domain reputation, IP reputation checks the reputation of the sending IP address to determine if an email is likely to be spam or malicious.

By utilizing these technologies in combination, Microsoft 365 helps protect users from spam, phishing, and other email-based threats.

How to find spam detection method in Microsoft 365?

Understanding and monitoring the spam detection method in Microsoft 365 is key to keeping your email environment secure. Here’s how you can find out spam detection methods using the Microsoft 365 Defender portal:

Sign in to the Microsoft 365 Defender portal.
Go to Reports»Email & collaboration.
Select "Email & collaboration reports" and navigate to "Threat protection status".
Change the view from "View data by Overview" to "View data by Email > Spam".
Choose the specific spam email you want to investigate.
Look for the "Delivery details" section and locate the "Detection technologies".
You can now find the spam detection method listed under "Detection technologies".

Discover spam detection technology seamlessly with AdminDroid's email monitoring tool!

AdminDroid offers dedicated reports for each spam detection methods, including reputation-based, bulk, and filter-based detections.
This means you can efficiently manage and analyze spam emails without the need for manual, time-consuming checks.

What is the bulk email threshold in Microsoft 365?

The bulk complaint level (BCL) is a measure used by Microsoft Defender for Office 365 to assess the likelihood that an email message is part of a bulk email campaign, such as a newsletter or marketing email. The BCL serves as the bulk email threshold, helping to differentiate between legitimate bulk mail and potentially harmful spam.

BCL Values and Their Interpretation

0 - Indicates that the message is not from a bulk sender.
1, 2, 3 - The email is from a bulk sender with minimal complaints.
4, 5, 6, 7 - Indicates that the message is from a bulk sender with mixed complaints.
8, 9 - Denotes the email is from a bulk sender with a high number of complaints.

BCL Thresholds in Anti-Spam Policies

The following list describes the default BCL threshold used in anti-spam policies:

For the default anti-spam policy and new anti-spam policies, the threshold is 7.
For the Standard preset security policy, it's 6.
For the Strict preset security policy, it's 5.

Exceeding these thresholds triggers specific actions, such as delivering the message to the recipient's junk email folder or quarantining it, depending on the policy.

Filtering Emails Based on BCL in Threat Protection Status Report

Follow the steps below to filter emails based on the BCL threshold value in the Threat protection status report and check their severity.

Navigate to Reports»Email & collaboration reports»Threat protection status report.
Switch the View from Overview to View data by Email > Spam.
Select the Filter option.
Under the Bulk compliant level slider, adjust the value from 1-9.
Click Apply to see the spam emails for the configured BCL value.

Monitoring and filtering emails based on their BCL score is crucial for assessing their potential impact and taking appropriate actions. Understanding the volume of bulk emails hitting your organization is the first step in fine-tuning your email security policies with BCL scoring.

Fortunately, AdminDroid provides a detailed report on bulk spam detections to help you stay ahead of potential threats!

AdminDroid offers a clear overview of daily bulk spam detections in your Exchange Online environment through its Bulk Spam Detections. To access this report, navigate to Audit»Email»By Spam Detections.
This report allows you to effortlessly monitor incoming, outgoing, and intra-org bulk emails for your tenant.

What are the dangers of spam emails in Microsoft 365?

Spam emails pose several dangers in Microsoft 365, including:

Phishing Spam emails often contain links or attachments that, when clicked or opened, can lead to phishing attacks. These attacks aim to trick users into providing sensitive information, such as passwords or financial details.
Scams Spammers often try to deceive users through email scams, promising fake lottery winnings, fraudulent job offers, or requests for financial assistance. These scams can lead to financial loss or identity theft.
Data Theft With spam emails, attackers trick users into providing login credentials or other sensitive information. This information can then be used for identity theft or other malicious purposes.
Malware Spam emails may contain malicious attachments or links that, when interacted with, can download malware onto the user's device. This malware can compromise the security of the device and the data it contains.
Disruption Even if junk emails do not contain malicious content, they can still disrupt productivity by cluttering inboxes and distracting users from legitimate emails.

To mitigate these risks, it's important for organizations to use spam filters, anti-spam policies, and to follow the best email security measures provided by Microsoft 365. It's also crucial to educate users about the dangers of spam emails and encourage them to exercise caution when interacting with emails from unknown or suspicious senders.

What is non-spam mail in Microsoft 365?

Non-spam mail in Microsoft 365 refers to legitimate emails that are not considered spam, junk, or malicious by the system's filtering mechanisms. These emails are typically relevant and important communications from known contacts or trusted sources. Monitoring non-spam mail is essential for several reasons:

False Positives: Even the most advanced spam filters can mistakenly classify legitimate emails as spam (false positives). Checking non-spam mails ensures important emails aren't lost in the spam folder, maintaining uninterrupted communications.
Adapting Filters: By monitoring non-spam and spam emails, organizations can fine-tune their spam filtering rules and policies. This helps them to better suit their specific needs, reducing the chances of false positives and negatives.
User Training: Regular checks of non-spam mails can identify patterns in legitimate emails. These insights can then help train users to distinguish between safe and potentially harmful emails, enhancing their email security skills.
Compliance and Security: In some industries, it's crucial to ensure that all communications are retained for compliance reasons. Tracking non-spam emails can help in maintaining these records. Additionally, it helps in identifying any potential security threats that might not be classified as spam but could still be harmful or unwanted.

While Microsoft 365 lacks dedicated non-spam mail reports, AdminDroid bridges this gap with precision!

AdminDroid's threat protection reports provide a detailed overview of non-spam emails, including incoming, outgoing, and intra-organization non-spam emails within Microsoft 365.
Navigate to Audit»Email»Threat Protection Statistical Reports and explore the Non Spam Emails Passed Stats report.

Handy Hint: Struggling to find a report in AdminDroid? Use the Ctrl+Shift+F shortcut to quickly access the search feature. Just a few keywords, and you're on your way to the insights you need!

How to report a spam message in Microsoft Outlook?

Reporting a message as spam is crucial because it helps Microsoft improve its spam filters, preventing similar messages from being delivered to other users. It also protects against security threats and reduces unwanted emails in your inbox.

To report a spam message in Microsoft Outlook, follow these steps below.

Login to your Microsoft Outlook account.
Select the message from your inbox that you want to report.
Click on 'More options' (ellipses) in the email message.
Choose the 'Report' option.
Select 'Report junk' from the drop-down menu.

In addition to reporting inbox messages as spam, you can also report spam in shared or delegated mailboxes. This feature is invaluable for security admins, allowing them to activate it in their tenant and view user-reported messages. By using this feature, users can easily report any suspicious emails as spam, helping admins as well as Microsoft to better identify the spammers.

AdminDroid Email Analytics ReporterNavigate Spam Email Challenges in Microsoft 365 with Ease

AdminDroid’s email monitoring tool makes it easy to elevate your mail management in Microsoft 365. Beyond spam, gain insights into malware, phishing, and spoofing threats. It helps you audit email traffic, pinpoint inactive users, and analyze peak & slack periods. With AdminDroid, every detail of your Microsoft 365 email activities is in clear view, empowering you to enhance your organization's defenses effortlessly.

Monitor Daily Sent and Received Spam Emails in Microsoft 365 with AdminDroid!

The 'All Spam Mails' report provides a bird's-eye view of all spam emails affecting your organization. It includes spam from external sources, emails flagged as spam within internal communications, and those originating and circulating internally. It details key aspects like event timing, sender & recipient addresses, subject, spam detection methods, and actions taken, offering in-depth insights into your organization's spam email activity.

A Quick Summary

Email Dashboard for Visualizing Spam Data

AdminDroid's email dashboard offers a wide-angle view of your spam data, showcasing spam emails, top spam recipients, and more for insightful control.

Stay Ahead of Spam with AdminDroid Alerting

Keep informed of potential email threats with AdminDroid's instant alerting feature, notifying you of unusual spam email patterns and activities in real time.

Monitor Outgoing Spam to Secure Your Domain

Monitoring AdminDroid’s outgoing spam emails report helps identify why sent emails are flagged as spam, safeguarding your domain's reputation.

Discover Spam Traffic to Strengthen Email Security

Track daily spam email traffic easily for a quick overview of received spam, filtered content, and blocked emails, enhancing your spam filter's precision.

Track Daily Microsoft 365 Spam Activity to Combat Spam

Be aware of the spam mail flow with daily spam sent/received by users reports to proactively manage and mitigate spam-related risks.

Spam Detection Statistic Analysis for Enhanced Defense

Leverage the Office 365 spam detection report to pinpoint emails resembling past malicious messages and delve into mixed detections within your tenant.

In essence, AdminDroid delivers an advanced, all-in-one solution for spam monitoring within your organization. Equipped with real-time insights, customizable reports, and visually compelling dashboards, AdminDroid ensures a robust security framework for your Microsoft 365 email communications.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps While Monitoring Spam in Microsoft 365

The following are possible errors and troubleshooting hints when exporting Microsoft 365 spam reports.

Error: Invalid StartDate value. The StartDate can't be older than 92 days from today.

This error occurs when you select a report period longer than the standard 92 days while running the 'Get-MailDetailATPReport' cmdlet in the Exchange Online PowerShell.

Troubleshooting hint :Mention the StartDate and EndDate properly by entering a value within 92 days.

Get-MailDetailATPReport -StartDate 01/24/2024 -EndDate 03/21/2024 -EventType Bulk

Error: Exiting. Choose one report to generate. Please try again.

This error occurs when you don’t mention the report to be generated while executing the PowerShell script.

Troubleshooting hint :Specify what report must be generated while executing the script to avoid this error as shown below.

./MailProtectionReport.ps1 -SpamEmailsReceived

Error: Invalid DataSource value. Possible values are RealtimePipeline or Database.

This error occurs when the EventType parameter is not specified while executing the ‘Get-MailDetailATPReport' cmdlet in PowerShell.

Troubleshooting hint :Ensure to mention the valid values of the EventType parameter and use double quotations when the values have spacing in between them. For example,

Get-MailDetailATPReport -EventType "Advanced Filter"

Error: The term 'Get-MailDetailSpamReport' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error occurs because the 'Get-MailDetailSpamReport' cmdlet no longer exists and has been deprecated from the Exchange Online PowerShell module.

Troubleshooting hint :You can now use the 'Get-MailDetailATPReport' cmdlet to retrieve spam detection reports using PowerShell.

Get-MailDetailATPReport | Where-Object{$_.VerdictSource -eq 'Spam'}

Error: Invalid Category value.

This error occurs when you execute the 'Get-MailTrafficSummaryReport' cmdlet without specifying a category value or providing an invalid category value in the Exchange Online PowerShell.

Troubleshooting hint :Specify one of the accepted category values, as shown below.

Get-MailTrafficSummaryReport -Category TopSpamRecipient

Error: The operation couldn't be performed because object 'Executives' couldn't be found on 'MA0P287A04DC003.INDP287A004.PROD.OUTLOOK.COM

This error arises when the identity of the spam filter policies is incorrectly specified or if such policies do not exist.

Troubleshooting hint :Use the following cmdlet to retrieve all your spam filter policies and verify whether the particular policy exists to access its specific settings.

Get-HostedContentFilterPolicy

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to View Spam Detection Reports in Microsoft 365