TechQA.

Logic Apps / MS Graph API: Quarantine an email autonomously

185 views Asked by At

I want to be able to quarantine an email after some custom logic. Such as an alert in Azure Sentinel or KQL.

A sample solution I thought was: enter image description here Once an incident occurs the email entity is taken and then the email is quarantined. (We'll obtain the networkmessageid from emailevent logs)

However, I'm struggling to figure out what logic app module to use to quarantine?

  • Is it possible to do via graph API and what permission does the app registration need to perform that action?
  • Is there any existing module on logic apps - maybe exchange or outlook module?
email microsoft-graph-api azure-logic-apps azure-sentinel
Original Q&A
2

There are 2 answers

5
Turdie On

You could submit the email as a threat, if it contains malicious content. That's better than moving it to quarantine, because this way it could that Microsoft updates it's filters or machine learning algorithms

https://learn.microsoft.com/en-us/graph/api/resources/security-emailthreatsubmission?view=graph-rest-beta

0
HarriS On

This is what I want to achieve: https://learn.microsoft.com/en-us/answers/questions/1365900/what-microsoft-api-can-be-used-to-move-an-endusers

Looking for the graph query needed to go from networkmessageid from the sentinel alert to quarantining that email .

Related Questions in EMAIL

Related Questions in MICROSOFT-GRAPH-API

Related Questions in AZURE-LOGIC-APPS

Related Questions in AZURE-SENTINEL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions