ThreatSubmissionPolicy.ReadWrite.All

Permission Details

Application Permission

Read and write all of the organization's threat submission policies

Allows the app to read your organization's threat submission policies without a signed-in user. Also allows the app to create new threat submission policies without a signed-in user.

Permission ID: 926a6798-b100-4a20-a22f-a4918f13951d

Delegated Permission

Read and write all threat submission policies

Allows the app to read your organization's threat submission policies on behalf of the signed-in user. Also allows the app to create new threat submission policies on behalf of the signed-in user.

Permission ID: 059e5840-5353-4c68-b1da-666a033fc5e8

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`alerts`	`alert collection`
`alerts_v2`	`security.alert collection`	A collection of alerts in Microsoft 365 Defender.
`attackSimulation`	`object`
`cases`	`object`
`dataSecurityAndGovernance`	`object`
`id`	`string`	The unique identifier for an entity. Read-only.
`identities`	`object`	A container for security identities APIs.
`incidents`	`security.incident collection`	A collection of incidents in Microsoft 365 Defender, each of which is a set of correlated alerts and associated metadata that reflects the story of an attack.
`labels`	`object`
`secureScoreControlProfiles`	`secureScoreControlProfile collection`
`secureScores`	`secureScore collection`
`subjectRightsRequests`	`subjectRightsRequest collection`
`threatIntelligence`	`object`
`triggers`	`object`
`triggerTypes`	`object`

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`alerts`	`alert collection`	Read-only. Nullable.
`alertsv2`	`security.alert collection`	A collection of alerts in Microsoft 365 Defender.
`data security and compliance`	`tenantDataSecurityAndGovernance`	A container for Microsoft Purview data security and compliance APIs.
`identities`	`security.identityContainer`	A container for security identities APIs.
`incidents`	`security.incident collection`	A collection of incidents in Microsoft 365 Defender, each of which is a set of correlated alerts and associated metadata that reflects the story of an attack.
`alerts_v2`	`security.alert collection`	A collection of alerts in Microsoft 365 Defender.
`secureScoreControlProfiles`	`secureScoreControlProfile collection`	Related secureScoreControlProfiles data exposed by this resource.
`secureScores`	`secureScore collection`	Related secureScores data exposed by this resource.
`subjectRightsRequests`	`subjectRightsRequest collection`	Related subjectRightsRequests data exposed by this resource.
`cloudAppSecurityProfiles`	`cloudAppSecurityProfile collection`	Related cloudAppSecurityProfiles data exposed by this resource.
`domainSecurityProfiles`	`domainSecurityProfile collection`	Related domainSecurityProfiles data exposed by this resource.
`fileSecurityProfiles`	`fileSecurityProfile collection`	Related fileSecurityProfiles data exposed by this resource.
`hostSecurityProfiles`	`hostSecurityProfile collection`	Related hostSecurityProfiles data exposed by this resource.
`incidentTasks`	`security.incidentTask collection`	A collection of tasks associated with security incidents.
`ipSecurityProfiles`	`ipSecurityProfile collection`	Related ipSecurityProfiles data exposed by this resource.
`providerTenantSettings`	`providerTenantSetting collection`	Related providerTenantSettings data exposed by this resource.
`securityActions`	`securityAction collection`	Related securityActions data exposed by this resource.
`tiIndicators`	`tiIndicator collection`	Related tiIndicators data exposed by this resource.
`userSecurityProfiles`	`userSecurityProfile collection`	Related userSecurityProfiles data exposed by this resource.
`zones`	`security.zone collection`	A collection of cloud zones in Microsoft Defender for Cloud that group and manage cloud environments across multiple cloud providers.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/security/threatSubmission/emailThreatSubmissionPolicies`
GET `/security/threatSubmission/emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId}`
POST `/security/threatSubmission/emailThreatSubmissionPolicies`
PATCH `/security/threatSubmission/emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId}`
DELETE `/security/threatSubmission/emailThreatSubmissionPolicies/{id}`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaSecurityThreatSubmissionEmailThreatSubmissionPolicy` /security/threatSubmission/emailThreatSubmissionPolicies List emailThreatSubmissionPolicies
`Get-MgBetaSecurityThreatSubmissionEmailThreatSubmissionPolicy` /security/threatSubmission/emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId} Get emailThreatSubmissionPolicy
`New-MgBetaSecurityThreatSubmissionEmailThreatSubmissionPolicy` /security/threatSubmission/emailThreatSubmissionPolicies Create emailThreatSubmissionPolicy
`Update-MgBetaSecurityThreatSubmissionEmailThreatSubmissionPolicy` /security/threatSubmission/emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId} Update emailThreatSubmissionPolicy

Code Examples

C# / .NET SDK

Create emailThreatSubmissionPolicy

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.Security;

var requestBody = new EmailThreatSubmissionPolicy
{
	IsReportToMicrosoftEnabled = true,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.ThreatSubmission.EmailThreatSubmissionPolicies.PostAsync(requestBody);

JavaScript

Create emailThreatSubmissionPolicy

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const emailThreatSubmissionPolicy = {
  isReportToMicrosoftEnabled: true
};

await client.api('/security/threatSubmission/emailthreatSubmissionPolicies')
	.version('beta')
	.post(emailThreatSubmissionPolicy);

PowerShell

Create emailThreatSubmissionPolicy

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Beta.Security

$params = @{
	isReportToMicrosoftEnabled = $true
}

New-MgBetaSecurityThreatSubmissionEmailThreatSubmissionPolicy -BodyParameter $params

Python

Create emailThreatSubmissionPolicy

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.security.email_threat_submission_policy import EmailThreatSubmissionPolicy
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = EmailThreatSubmissionPolicy(
	is_report_to_microsoft_enabled = True,
)

result = await graph_client.security.threat_submission.email_threat_submission_policies.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for ThreatSubmissionPolicy.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.