中国象棋
国际象棋The Compromised users report shows shows the number of user accounts that were marked as Suspicious or Restricted within the last 7 days. Accounts in either of these states are problematic or even compromised. With frequent use, you can use the report to spot spikes, and even trends, in suspicious or restricted accounts. For more information about compromised users, see Responding to a compromised email account.Note
This report is available in Microsoft 365 organizations with Exchange Online mailboxes. It's not available in standalone Exchange Online Protection (EOP) organizations.
The aggregate view shows data for the last 90 days and the detail view shows data for the last 30 days.
To view the report in the Microsoft 365 Defender portal, go to Reports > Email & collaboration > Email & collaboration reports. On the Email & collaboration reports page, find Compromised users and then click View details. To go directly to the report, open https://security.microsoft.com/reports/CompromisedUsers.
On the Compromised users page, the chart shows the following information for the specified date range:
- Restricted: The user account has been restricted from sending email due to highly suspicious patterns.
- Suspicious: The user account has sent suspicious email and is at risk of being restricted from sending email.
The details table below the graph shows the following information:
- Creation time
- User ID
- Action
You can filter both the chart and the details table by clicking Filter and selecting one or more of the following values in the flyout that appears:
- Date (UTC): Start date and End date.
- Activity: Restricted or Suspicious
When you're finished configuring the filters, click Apply, Cancel, or Clear filters.
On the main report page, the Create schedule icon.
Create schedule, Request report. 
Request report, and Export. Export buttons are available.