ThreatAssessment.ReadWrite.All

Permission Details

Delegated Permission

Read and write threat assessment requests

Allows an app to read your organization's threat assessment requests on behalf of the signed-in user. Also allows the app to create new requests to assess threats received by your organization on behalf of the signed-in user.

Permission ID: cac97e40-6730-457d-ad8d-4852fddab7ad

Properties

Microsoft Graph v1.0 mapped-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`category`	`threatCategory`	The threat category. The possible values are: spam, phishing, malware.
`contentType`	`threatAssessmentContentType`	The content type of threat assessment. The possible values are: mail, url, file.
`createdBy`	`identitySet`	The threat assessment request creator.
`createdDateTime`	`DateTimeOffset`Nullable	The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
`expectedAssessment`	`threatExpectedAssessment`	The expected assessment from submitter. The possible values are: block, unblock.
`id`	`String`	The threat assessment request ID is a globally unique identifier (GUID).
`requestSource`	`threatAssessmentRequestSource`	The source of the threat assessment request. The possible values are: administrator.
`status`	`threatAssessmentStatus`	The assessment process status. The possible values are: pending, completed.
`results`	`threatAssessmentResult collection`	A collection of threat assessment results. Read-only. By default, a GET /threatAssessmentRequests/{id} does not return this property unless you apply $expand on it.

JSON Representation

Microsoft Graph v1.0 mapped-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{
  "category": "String",
  "contentType": "String",
  "createdBy": {
    "@odata.type": "microsoft.graph.identitySet"
  },
  "createdDateTime": "String (timestamp)",
  "expectedAssessment": "String",
  "id": "String (identifier)",
  "requestSource": "String",
  "status": "String"
}

Relationships

Microsoft Graph v1.0 mapped-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`results`	`threatAssessmentResult collection`	A collection of threat assessment results. Read-only. By default, a GET /threatAssessmentRequests/{id} does not return this property unless you apply $expand on it.
`category`	`threatCategory`	Related category data exposed by this resource.
`expectedAssessment`	`threatExpectedAssessment`	Related expectedAssessment data exposed by this resource.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/informationProtection/threatAssessmentRequests`
GET `/informationProtection/threatAssessmentRequests/{id}`
POST `/informationProtection/threatAssessmentRequests`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/informationProtection/threatAssessmentRequests`
GET `/informationProtection/threatAssessmentRequests/{id}`
POST `/informationProtection/threatAssessmentRequests`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgInformationProtectionThreatAssessmentRequest` /informationProtection/threatAssessmentRequests List threatAssessmentRequests
`Get-MgInformationProtectionThreatAssessmentRequest` /informationProtection/threatAssessmentRequests/{id} Get threatAssessmentRequest
`New-MgInformationProtectionThreatAssessmentRequest` /informationProtection/threatAssessmentRequests Create threatAssessmentRequest

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaInformationProtectionThreatAssessmentRequest` /informationProtection/threatAssessmentRequests List threatAssessmentRequests
`Get-MgBetaInformationProtectionThreatAssessmentRequest` /informationProtection/threatAssessmentRequests/{id} Get threatAssessmentRequest
`New-MgBetaInformationProtectionThreatAssessmentRequest` /informationProtection/threatAssessmentRequests Create threatAssessmentRequest

Code Examples

C# / .NET SDK

Create threatAssessmentRequest

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new MailAssessmentRequest
{
	OdataType = "#microsoft.graph.mailAssessmentRequest",
	RecipientEmail = "[email protected]",
	ExpectedAssessment = ThreatExpectedAssessment.Block,
	Category = ThreatCategory.Spam,
	MessageUri = "https://graph.microsoft.com/v1.0/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt=",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.InformationProtection.ThreatAssessmentRequests.PostAsync(requestBody);

JavaScript

Create threatAssessmentRequest

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const threatAssessmentRequest = {
  '@odata.type': '#microsoft.graph.mailAssessmentRequest',
  recipientEmail: '[email protected]',
  expectedAssessment: 'block',
  category: 'spam',
  messageUri: 'https://graph.microsoft.com/v1.0/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt='
};

await client.api('/informationProtection/threatAssessmentRequests')
	.post(threatAssessmentRequest);

PowerShell

Create threatAssessmentRequest

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.mailAssessmentRequest"
	recipientEmail = "[email protected]"
	expectedAssessment = "block"
	category = "spam"
	messageUri = "https://graph.microsoft.com/v1.0/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt="
}

New-MgInformationProtectionThreatAssessmentRequest -BodyParameter $params

Python

Create threatAssessmentRequest

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.mail_assessment_request import MailAssessmentRequest
from msgraph.generated.models.threat_expected_assessment import ThreatExpectedAssessment
from msgraph.generated.models.threat_category import ThreatCategory
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = MailAssessmentRequest(
	odata_type = "#microsoft.graph.mailAssessmentRequest",
	recipient_email = "[email protected]",
	expected_assessment = ThreatExpectedAssessment.Block,
	category = ThreatCategory.Spam,
	message_uri = "https://graph.microsoft.com/v1.0/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt=",
)

result = await graph_client.information_protection.threat_assessment_requests.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Delegated permissions and search for ThreatAssessment.ReadWrite.All

4

Grant Admin Consent

This delegated permission requires admin consent.