external help file | online version | applicable | title | schema | author | ms.author | ms.reviewer |
---|---|---|---|---|---|---|---|
Microsoft.Exchange.ServerStatus-Help.xml |
Exchange Online, Exchange Online Protection |
Get-CompromisedUserDetailReport |
2.0.0 |
chrisda |
chrisda |
This cmdlet is available only in the cloud-based service.
Use the Get-CompromisedUserDetailReport cmdlet to return detailed information about compromised users for the last 10 days.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Get-CompromisedUserDetailReport
[-Action <MultiValuedProperty>]
[-EndDate <System.DateTime>]
[-Page <Int32>]
[-PageSize <Int32>]
[-StartDate <System.DateTime>]
[<CommonParameters>]
This cmdlet returns the following information:
- Date
- UserCount
- Action
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Get-CompromisedUserDetailReport -StartDate 06-01-2020 -EndDate 06-10-2020 -Action Suspicious
This example returns all suspicious user accounts for the specified date range.
The Action parameter filters the results by the compromised user status. Valid values are:
- Restricted
- Suspicious
You can specify multiple values separated by commas.
Type: MultiValuedProperty
Parameter Sets: (All)
Aliases:
Applicable: Exchange Online, Exchange Online Protection
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The EndDate parameter specifies the end date of the date range.
Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format MM/dd/yyyy, enter 09/01/2018 to specify September 1, 2018.
Type: System.DateTime
Parameter Sets: (All)
Aliases:
Applicable: Exchange Online, Exchange Online Protection
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
This parameter is reserved for internal Microsoft use.
Type: Int32
Parameter Sets: (All)
Aliases:
Applicable: Exchange Online, Exchange Online Protection
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.
Type: Int32
Parameter Sets: (All)
Aliases:
Applicable: Exchange Online, Exchange Online Protection
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The StartDate parameter specifies the start date of the date range.
Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format MM/dd/yyyy, enter 09/01/2018 to specify September 1, 2018.
A value for this parameter can't be older than 30 days.
Type: System.DateTime
Parameter Sets: (All)
Aliases:
Applicable: Exchange Online, Exchange Online Protection
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.