Merge pull request MicrosoftDocs#9084 from MicrosoftDocs/ContMal-chrisda

chrisda · web-flow · commit 7dc790d046c5 · 2022-03-10T11:49:05.000-08:00
ContMal-chrisda to Main
diff --git a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md
@@ -14,6 +14,8 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
+**Note**: This cmdlet will be deprecated. Use the [Get-ContentMalwareMdoDetailReport](https://docs.microsoft.com/powershell/module/exchange/get-contentmalwaremdodetailreport) cmdlet instead.
+
 Use the Get-AdvancedThreatProtectionDocumentDetailReport cmdlet to view the detailed results of Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in your Microsoft Defender for Office 365 organization.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
diff --git a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md
@@ -14,6 +14,8 @@ ms.reviewer:
 ## SYNOPSIS
 This cmdlet is available only in the cloud-based service.
 
+**Note**: This cmdlet will be deprecated. Use the [Get-ContentMalwareMdoAggregateReport](https://docs.microsoft.com/powershell/module/exchange/get-contentmalwaremdoaggregatereport) cmdlet instead.
+
 Use the Get-AdvancedThreatProtectionDocumentReport cmdlet to view the results of Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in your Microsoft Defender for Office 365 organization.
 
 **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
diff --git a/exchange/exchange-ps/exchange/Get-ContentMalwareMdoAggregateReport.md b/exchange/exchange-ps/exchange/Get-ContentMalwareMdoAggregateReport.md
@@ -0,0 +1,184 @@
+---
+external help file: Microsoft.Exchange.ServerStatus-Help.xml
+online version: https://docs.microsoft.com/powershell/module/exchange/get-contentmalwaremdoaggregatereport
+applicable: Exchange Online, Exchange Online Protection
+title: Get-ContentMalwareMdoAggregateReport
+schema: 2.0.0
+author: chrisda
+ms.author: chrisda
+ms.reviewer:
+---
+
+# Get-ContentMalwareMdoAggregateReport
+
+## SYNOPSIS
+This cmdlet is available only in the cloud-based service.
+
+Use the Get-ContentMalwareMdoAggregateReport cmdlet to view a summary detections by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in Microsoft Defender for Office 365.
+
+**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
+
+For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
+
+## SYNTAX
+
+```
+Get-ContentMalwareMdoAggregateReport
+ [-DetectionTechnology <MultiValuedProperty>]
+ [-EndDate <System.DateTime>]
+ [-Page <Int32>]
+ [-PageSize <Int32>]
+ [-StartDate <System.DateTime>]
+ [-Workload <MultiValuedProperty>]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+For the specified reporting period, the cmdlet returns the following information:
+
+- Date
+- Detection Technology
+- Workload
+- Count
+
+By default, the command returns data for the last 14 days. Data for the last 90 days is available.
+
+You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
+
+## EXAMPLES
+
+### Example 1
+```powershell
+Get-ContentMalwareMdoAggregateReport -StartDate 1/1/2022 -EndDate 1/4/2022 -Workload OneDriveForBusiness
+```
+
+This example returns the results for OneDrive detections for the specified date range.
+
+## PARAMETERS
+
+### -DetectionTechnology
+The DetectionTechnology parameter filters the results by what classified the file as malware. Valid values are:
+
+- AntiMalware
+- AtpSafeAttachment
+- Reputation
+
+You can specify multiple values separated by commas.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -EndDate
+The EndDate parameter specifies the end date of the date range.
+
+Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2021 to specify September 1, 2021.
+
+```yaml
+Type: System.DateTime
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Page
+The Page parameter specifies the page number of the results you want to view. Valid input for this parameter is an integer between 1 and 1000. The default value is 1.
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PageSize
+The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -StartDate
+The EndDate parameter specifies the start date of the date range.
+
+Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2021 to specify September 1, 2021.
+
+```yaml
+Type: System.DateTime
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Workload
+The Workload parameter filters the results by where the detected file is located. Valid values are:
+
+- OneDriveForBusiness
+- SharePoint
+- Teams
+
+You can specify multiple values separated by commas.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).
+
+## INPUTS
+
+###  
+
+## OUTPUTS
+
+###  
+
+## NOTES
+
+## RELATED LINKS
diff --git a/exchange/exchange-ps/exchange/Get-ContentMalwareMdoDetailReport.md b/exchange/exchange-ps/exchange/Get-ContentMalwareMdoDetailReport.md
@@ -0,0 +1,186 @@
+---
+external help file: Microsoft.Exchange.ServerStatus-Help.xml
+online version: https://docs.microsoft.com/powershell/module/exchange/get-contentmalwaremdodetailreport
+applicable: Exchange Online, Exchange Online Protection
+title: Get-ContentMalwareMdoDetailReport
+schema: 2.0.0
+author: chrisda
+ms.author: chrisda
+ms.reviewer:
+---
+
+# Get-ContentMalwareMdoDetailReport
+
+## SYNOPSIS
+This cmdlet is available only in the cloud-based service.
+
+Use the ContentMalwareMdoDetailReport cmdlet to view detection details by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in Microsoft Defender for Office 365.
+
+**Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
+
+For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
+
+## SYNTAX
+
+```
+Get-ContentMalwareMdoDetailReport
+ [-DetectionTechnology <MultiValuedProperty>]
+ [-EndDate <System.DateTime>]
+ [-Page <Int32>]
+ [-PageSize <Int32>]
+ [-StartDate <System.DateTime>]
+ [-Workload <MultiValuedProperty>]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+For the specified reporting period, the cmdlet returns the following information:
+
+- Date
+- File Name
+- Workload
+- Detection Technology
+- File Size
+- Last modifying user
+
+By default, the command returns data for the last 14 days. Data for the last 30 days is available.
+
+You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
+
+## EXAMPLES
+
+### Example 1
+```powershell
+Get-ContentMalwareMdoDetailReport -StartDate 1/1/2022 -EndDate 1/4/2022 -DetectionTechnology AtpSafeAttachment
+```
+
+This example returns the results for detections by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams for the specified date range.
+
+## PARAMETERS
+
+### -DetectionTechnology
+The DetectionTechnology parameter filters the results by what classified the file as malware. Valid values are:
+
+- AntiMalware
+- AtpSafeAttachment
+- Reputation
+
+You can specify multiple values separated by commas.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -EndDate
+The EndDate parameter specifies the end date of the date range.
+
+Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2021 to specify September 1, 2021.
+
+```yaml
+Type: System.DateTime
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Page
+The Page parameter specifies the page number of the results you want to view. Valid input for this parameter is an integer between 1 and 1000. The default value is 1.
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PageSize
+The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.
+
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -StartDate
+The EndDate parameter specifies the start date of the date range.
+
+Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2021 to specify September 1, 2021.
+
+```yaml
+Type: System.DateTime
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Workload
+The Workload parameter filters the results by where the detected file is located. Valid values are:
+
+- OneDriveForBusiness
+- SharePoint
+- Teams
+
+You can specify multiple values separated by commas.
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216).
+
+## INPUTS
+
+###  
+
+## OUTPUTS
+
+###  
+
+## NOTES
+
+## RELATED LINKS
diff --git a/exchange/exchange-ps/exchange/exchange.md b/exchange/exchange-ps/exchange/exchange.md
diff --git a/exchange/mapping/serviceMapping.json b/exchange/mapping/serviceMapping.json
