Export Office 365 Spam and Malware Report using PowerShell

As an administrator, monitoring email traffic and analysing email threats such as spam/malware plays a crucial role in Exchange Online. There are major action items in Office 365 mail protection reports to help admins. If you are looking for a featured report to address spam and malware, you are in the right place.


Export Office 365 Email Protection Report – Reasons and Importance

Office 365 email security reports help in identifying the below factors, 

  1. Office 365 spam detection report  To identify inbound and outbound spam emails that are filtered by Exchange Online Protection(EOP) and anti-spam technologies. 
  2. Office 365 malware detection report – To identify the incoming and outgoing malware emails that are quarantined by the EOP policies and mail flow rules

By using these reports, admin can modify the anti-spam and anti-malware policies to meet their organization’s needs.


How to Track Spam and Malware Emails? 

To generate spam and malware reports, you can use any one of the methods.

Office 365 Security and Compliance center:  In the O365 Security and Compliance center, go to ‘Reports’ and see the ‘Dashboard’. In the dashboard, see ‘Malware Detected in Email’ and ‘Spam Detections’. On clicking each report, you will find the email detailsBut it doesn’t have a filter to identify sent and received emails separately

PowerShell:  To get the spam and malware emails blocked by EOP, you can use the Get-MailDetailSpamReport and Get-MailDetailMalwareReport cmdletsBut you need to use multiple filters to get the desired report.

To overcome the above-mentioned difficulties, we have created a PowerShell script to generate reports on spam and malware emails. 


Script Highlights: 
  • Generates 4 different email protection reports.  
  • Automatically installs the Exchange Online PowerShell module upon your confirmation when it is not available in the system. 
  • Supports both MFA and Non-MFA accounts.    
  • Specify date ranges to generate reports for custom period. 
  • Exports the report to CSV 
  • Scheduler-friendly. You can automate the report generation upon passing credentials as parameters. 


Download Script: MailProtectionReport.ps1


Export Spam and Malware Report – Script Execution

The MailProtectionReport.ps1 script can generate following reports

Once the execution is completed, you will be notified with the status of your execution. Let’s take a deep dive into the script.

The exported output has the attributes like Date, Sender Address, Recipient Address, Subject, Event Type, Sender/Receiver Domain.  


Script Execution – Best Practices: 
  1. Mention a report name from the parameter list. If not, the execution will be terminated.  
  2. Do not request more than one report at a time. Mentioning more than one report name will deliver you the highest priority report among them. 
  3. Mention both the start date and end date when you need the customized report. 
  4. Mention date in the ‘MM/dd/YYYY’ format to avoid execution errors. 


Office 365 Spam Emails Received Report

Spam emails are a threat to security and can affect the organization’s data. Using the  SpamEmailsReceived’  switch param, you can get the inbound spam report. 

By identifying top spam receivers and spam mail details, you can build the best email protection rule. 

By referring to this report, the admin can take necessary actions for all the employees to ensure the organization’s data security. 

Sample Output: 

Office 365 spam and malware report

The other typical digital attack that takes administrators to trouble is Email Spoofing, a phishing attack. To deal with the email spoofing crisis in your organization gracefully, you can add external email warnings message to external emails. 


Office 365 Malware Emails Received Report 

Despite the email securities like creating mail flow rules and Exchange Online protection, the employees receive malware emails in various new forms daily. So, the admins have to take necessary actions by analysing the received malware emails report. To generate an inbound malware report, you can use the ‘MalwareEmailsReceived‘ parameter. 

 With this report, you can identify frequent malware sendersemail formats and add them to the blocked list. 


Office 365 Spam Emails Sent Report

A Spam email is an unwanted junk email sent out in bulk to random recipients. The administrator is responsible for tracking the spam sent by their employees and blocking the senders to ensure outbound spam protection. To get the report, run the script with the SpamEmailsSent switch param.  

Using the outbound spam report, you can identify the spam email format, spam sender’s aim, and ways to stop it completely.  


Office 365 Malware Emails Sent Report 

Malware emails are sent purposefully to gain control over the employees’ machines. On downloading files and attachments, by clicking the forged requests and links, malware senders will easily achieve their aim.  Using the malware emails sent report, the admins can identify who are performing malpractices in the organization.   

On analysing the outbound malware report, the admins can bring-out the compromised accounts too. 

Sample Output:

Office 365 malware report


Generate Spam and Malware Report for Custom Period

By default, the script retrieve last 10 days data. When you want the email security report for a desired date frame, you can use ‘StartDate’ and EndDate’ params. 

The above format retrieves spam mails sent from 04 May 2021 12:00:00 AM to 08 May 2020 11:59:59 PM 


Schedule Office 365 Email Protection Report 

As you can only collect data for 10 days using PowerShell, you may schedule the PowerShell script to get the historical data. This enables you to perform long-term data analysis on your email statistics. 

To use the non-MFA admin accounts, try the format below.   

If the admin account has MFA, then they can’t use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work.


Both spam and malware are used for various reasons, like an advertisement, to gain control over user machines, fraudulent or malicious intent. We hope our spam and malware reports will help to plan the email protection activities like, 

  • Threat detection, 
  • Anti-spam and anti-malware protection   
  • Exchange online protection policies and rules,   
  • Outbound and inbound email security, 
  • Blocking the spam and malware emails senders,
  • Stopping the spam and malware emails to the organization. 

We wish you happy emailing!