0

We have a process that downloads emails, using MSGraph, at regular intervals (for example...every 10 minutes). Once downloaded, the emails are examined and attachments are imported for additional processing.

We have a customer who moved to Office 365 Exchange Online and has Advanced Threat Protection enabled.

We are downloading the emails, but a subset of the emails (typically emails that were received within a minute of when we initiated the download) are failing. We assume that these emails have not had the ATP post-delivery protections scan executed on them...yet.

Is there a method to filter out Emails that are still waiting for the ATP post-delivery protections to be executed?

Sdev
  • 93
  • 2
  • 8

1 Answers1

0

I have no experience with ATP (and I don't have permissions for ATP in my tenant), but you can try to call /informationProtection/threatAssessmentRequest endpoint and filter mail threat assessment requests.

GET /v1.0/informationProtection/threatAssessmentRequests?$filter=contentType eq 'mail'

It will return collection of mailAssessmentRequest.

mailAssessmentRequest has properties messageUri and status.

messageUri is the resource URI of the mail message for assessment. The value should look like this (according to this example)

https://graph.microsoft.com/v1.0/users/{user_id}/messages/{message-id}

You can parse the message-id from messageUri and pair it with message-id of the current processed email and check status of mailAssessmentRequest whether is pending or completed.

user2250152
  • 14,658
  • 4
  • 33
  • 57