Export Office 365 Spam and Malware Report using PowerShell
As an administrator, monitoring email traffic and analysing email threats such as spam/malware plays a crucial role in Exchange Online. There are major action items in Office 365 mail protection reports to help admins. If you are looking for a featured report to address spam and malware, you are in the right place.
Export Office 365 Email Protection Report – Reasons and Importance
Office 365 email security reports help in identifying the below factors,
- Office 365 spam detection report – To identify inbound and outbound spam emails that are filtered by Exchange Online Protection(EOP) and anti-spam technologies.
- Office 365 malware detection report – To identify the incoming and outgoing malware emails that are quarantined by the EOP policies and mail flow rules.
By using these reports, admin can modify the anti-spam and anti-malware policies to meet their organization’s needs.
How to Track Spam and Malware Emails?
To generate spam and malware reports, you can use any one of the methods.
Office 365 Security and Compliance center: In the O365 Security and Compliance center, go to ‘Reports’ and see the ‘Dashboard’. In the dashboard, see ‘Malware Detected in Email’ and ‘Spam Detections’. On clicking each report, you will find the email details. But it doesn’t have a filter to identify sent and received emails separately
PowerShell: To get the spam and malware emails blocked by EOP, you can use the Get-MailDetailSpamReport and Get-MailDetailMalwareReport cmdlets. But you need to use multiple filters to get the desired report.
To overcome the above-mentioned difficulties, we have created a PowerShell script to generate reports on spam and malware emails.
- Generates 4 different email protection reports.
- Automatically installs the Exchange Online PowerShell module upon your confirmation when it is not available in the system.
- Supports both MFA and Non-MFA accounts.
- Specify date ranges to generate reports for custom period.
- Exports the report to CSV.
- Scheduler-friendly. You can automate the report generation upon passing credentials as parameters.
Download Script: MailProtectionReport.ps1
Export Spam and Malware Report – Script Execution
The MailProtectionReport.ps1 script can generate following reports
- Spam emails sent report
- Spam emails received report
- Malware emails sent report
- Malware emails received report
Once the execution is completed, you will be notified with the status of your execution. Let’s take a deep dive into the script.
The exported output has the attributes like Date, Sender Address, Recipient Address, Subject, Event Type, Sender/Receiver Domain.
Script Execution – Best Practices:
- Mention a report name from the parameter list. If not, the execution will be terminated.
- Do not request more than one report at a time. Mentioning more than one report name will deliver you the highest priority report among them.
- Mention both the start date and end date when you need the customized report.
- Mention date in the ‘MM/dd/YYYY’ format to avoid execution errors.
Office 365 Spam Emails Received Report
Spam emails are a threat to security and can affect the organization’s data. Using the ‘SpamEmailsReceived’ switch param, you can get the inbound spam report.
By identifying top spam receivers and spam mail details, you can build the best email protection rule.
By referring to this report, the admin can take necessary actions for all the employees to ensure the organization’s data security.
The other typical digital attack that takes administrators to trouble is Email Spoofing, a phishing attack. To deal with the email spoofing crisis in your organization gracefully, you can add external email warnings message to external emails.
Office 365 Malware Emails Received Report
Despite the email securities like creating mail flow rules and Exchange Online protection, the employees receive malware emails in various new forms daily. So, the admins have to take necessary actions by analysing the received malware emails report. To generate an inbound malware report, you can use the ‘MalwareEmailsReceived‘ parameter.
With this report, you can identify frequent malware senders, email formats and add them to the blocked list.
Office 365 Spam Emails Sent Report
A Spam email is an unwanted junk email sent out in bulk to random recipients. The administrator is responsible for tracking the spam sent by their employees and blocking the senders to ensure outbound spam protection. To get the report, run the script with the ‘SpamEmailsSent’ switch param.
Using the outbound spam report, you can identify the spam email format, spam sender’s aim, and ways to stop it completely.
Office 365 Malware Emails Sent Report
Malware emails are sent purposefully to gain control over the employees’ machines. On downloading files and attachments, by clicking the forged requests and links, malware senders will easily achieve their aim. Using the malware emails sent report, the admins can identify who are performing malpractices in the organization.
On analysing the outbound malware report, the admins can bring-out the compromised accounts too.
Generate Spam and Malware Report for Custom Period
By default, the script retrieve last 10 days data. When you want the email security report for a desired date frame, you can use ‘StartDate’ and ‘EndDate’ params.
.\MailProtectionReport.ps1 -SpamEmailsSent -StartDate 05/04/2021 -EndDate 05/08/2021
The above format retrieves spam mails sent from 04 May 2021 12:00:00 AM to 08 May 2020 11:59:59 PM.
Schedule Office 365 Email Protection Report
As you can only collect data for 10 days using PowerShell, you may schedule the PowerShell script to get the historical data. This enables you to perform long-term data analysis on your email statistics.
To use the non-MFA admin accounts, try the format below.
.\MailProtectionReport.ps1 -MalwareEmailsReceived -UserName firstname.lastname@example.org -Password XXX
If the admin account has MFA, then they can’t use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work.
Both spam and malware are used for various reasons, like an advertisement, to gain control over user machines, fraudulent or malicious intent. We hope our spam and malware reports will help to plan the email protection activities like,
- Threat detection,
- Anti-spam and anti-malware protection
- Exchange online protection policies and rules,
- Outbound and inbound email security,
- Blocking the spam and malware emails senders,
- Stopping the spam and malware emails to the organization.
We wish you happy emailing!