Set-DlpComplianceRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the Set-DlpComplianceRule to modify data loss prevention (DLP) rules in the Microsoft Purview compliance portal. DLP rules define sensitive information to be protected and the actions to take on rule violations.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Set-DlpComplianceRule
[-Identity] <ComplianceRuleIdParameter>
[-AccessScope <Microsoft.Office.CompliancePolicy.Tasks.AccessScope>]
[-ActivationDate <System.DateTime>]
[-AddRecipients <PswsHashtable>]
[-AdvancedRule <String>]
[-AlertProperties <PswsHashtable>]
[-AnyOfRecipientAddressContainsWords <MultiValuedProperty>]
[-AnyOfRecipientAddressMatchesPatterns <MultiValuedProperty>]
[-ApplyBrandingTemplate <String>]
[-ApplyHtmlDisclaimer <PswsHashtable>]
[-AttachmentIsNotLabeled <Boolean>]
[-BlockAccess <Boolean>]
[-BlockAccessScope <Microsoft.Office.CompliancePolicy.Tasks.BlockAccessScope>]
[-Comment <String>]
[-Confirm]
[-ContentCharacterSetContainsWords <MultiValuedProperty>]
[-ContentContainsSensitiveInformation <PswsHashtable[]>]
[-ContentExtensionMatchesWords <MultiValuedProperty>]
[-ContentFileTypeMatches <MultiValuedProperty>]
[-ContentIsNotLabeled <Boolean>]
[-ContentIsShared <Boolean>]
[-ContentPropertyContainsWords <MultiValuedProperty>]
[-Disabled <Boolean>]
[-DocumentContainsWords <MultiValuedProperty>]
[-DocumentCreatedBy <MultiValuedProperty>]
[-DocumentCreatedByMemberOf <RecipientIdParameter[]>]
[-DocumentIsPasswordProtected <Boolean>]
[-DocumentIsUnsupported <Boolean>]
[-DocumentMatchesPatterns <MultiValuedProperty>]
[-DocumentNameMatchesPatterns <MultiValuedProperty>]
[-DocumentNameMatchesWords <MultiValuedProperty>]
[-DocumentSizeOver <Microsoft.Exchange.Data.ByteQuantifiedSize>]
[-EncryptRMSTemplate <RmsTemplateIdParameter>]
[-EndpointDlpBrowserRestrictions <PswsHashtable[]>]
[-EndpointDlpRestrictions <PswsHashtable[]>]
[-EnforcePortalAccess <Boolean>]
[-EvaluateRulePerComponent <Boolean>]
[-ExceptIfAccessScope <Microsoft.Office.CompliancePolicy.Tasks.AccessScope>]
[-ExceptIfAnyOfRecipientAddressContainsWords <MultiValuedProperty>]
[-ExceptIfAnyOfRecipientAddressMatchesPatterns <MultiValuedProperty>]
[-ExceptIfContentCharacterSetContainsWords <MultiValuedProperty>]
[-ExceptIfContentContainsSensitiveInformation <PswsHashtable[]>]
[-ExceptIfContentExtensionMatchesWords <MultiValuedProperty>]
[-ExceptIfContentFileTypeMatches <MultiValuedProperty>]
[-ExceptIfContentIsShared <Boolean>]
[-ExceptIfContentPropertyContainsWords <MultiValuedProperty>]
[-ExceptIfDocumentContainsWords <MultiValuedProperty>]
[-ExceptIfDocumentCreatedBy <MultiValuedProperty>]
[-ExceptIfDocumentCreatedByMemberOf <RecipientIdParameter[]>]
[-ExceptIfDocumentIsPasswordProtected <Boolean>]
[-ExceptIfDocumentIsUnsupported <Boolean>]
[-ExceptIfDocumentMatchesPatterns <MultiValuedProperty>]
[-ExceptIfDocumentNameMatchesPatterns <MultiValuedProperty>]
[-ExceptIfDocumentNameMatchesWords <MultiValuedProperty>]
[-ExceptIfDocumentSizeOver <Microsoft.Exchange.Data.ByteQuantifiedSize>]
[-ExceptIfFrom <RecipientIdParameter[]>]
[-ExceptIfFromAddressContainsWords <MultiValuedProperty>]
[-ExceptIfFromAddressMatchesPatterns <MultiValuedProperty>]
[-ExceptIfFromMemberOf <SmtpAddress[]>]
[-ExceptIfFromScope <Microsoft.Office.CompliancePolicy.PolicyEvaluation.FromScope>]
[-ExceptIfHasSenderOverride <Boolean>]
[-ExceptIfHeaderContainsWords <PswsHashtable>]
[-ExceptIfHeaderMatchesPatterns <PswsHashtable>]
[-ExceptIfMessageSizeOver <Microsoft.Exchange.Data.ByteQuantifiedSize>]
[-ExceptIfMessageTypeMatches <Microsoft.Office.CompliancePolicy.PolicyEvaluation.MessageTypes>]
[-ExceptIfProcessingLimitExceeded <Boolean>]
[-ExceptIfRecipientADAttributeContainsWords <PswsHashtable>]
[-ExceptIfRecipientADAttributeMatchesPatterns <PswsHashtable>]
[-ExceptIfRecipientDomainIs <MultiValuedProperty>]
[-ExceptIfSenderADAttributeContainsWords <PswsHashtable>]
[-ExceptIfSenderADAttributeMatchesPatterns <PswsHashtable>]
[-ExceptIfSenderDomainIs <MultiValuedProperty>]
[-ExceptIfSenderIPRanges <MultiValuedProperty>]
[-ExceptIfSentTo <MultiValuedProperty>]
[-ExceptIfSentToMemberOf <RecipientIdParameter[]>]
[-ExceptIfSubjectContainsWords <MultiValuedProperty>]
[-ExceptIfSubjectMatchesPatterns <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyMatchesPatterns <MultiValuedProperty>]
[-ExceptIfUnscannableDocumentExtensionIs <MultiValuedProperty>]
[-ExceptIfWithImportance <Microsoft.Office.CompliancePolicy.Tasks.WithImportance>]
[-ExpiryDate <System.DateTime>]
[-From <RecipientIdParameter[]>]
[-FromAddressContainsWords <MultiValuedProperty>]
[-FromAddressMatchesPatterns <MultiValuedProperty>]
[-FromMemberOf <SmtpAddress[]>]
[-FromScope <Microsoft.Office.CompliancePolicy.PolicyEvaluation.FromScope>]
[-GenerateAlert <MultiValuedProperty>]
[-GenerateIncidentReport <MultiValuedProperty>]
[-HasSenderOverride <Boolean>]
[-HeaderContainsWords <PswsHashtable>]
[-HeaderMatchesPatterns <PswsHashtable>]
[-IncidentReportContent <ReportContentOption[]>]
[-MessageIsNotLabeled <Boolean>]
[-MessageSizeOver <Microsoft.Exchange.Data.ByteQuantifiedSize>]
[-MessageTypeMatches <Microsoft.Office.CompliancePolicy.PolicyEvaluation.MessageTypes>]
[-MipRestrictAccess <PswsHashtable[]>]
[-Moderate <PswsHashtable>]
[-ModifySubject <PswsHashtable>]
[-NonBifurcatingAccessScope <Microsoft.Office.CompliancePolicy.Tasks.NonBifurcatingAccessScope>]
[-NotifyAllowOverride <OverrideOption[]>]
[-NotifyEmailCustomSenderDisplayName <String>]
[-NotifyEmailCustomSubject <String>]
[-NotifyEmailCustomText <String>]
[-NotifyEmailExchangeIncludeAttachment <Boolean>]
[-NotifyEndpointUser <PswsHashtable>]
[-NotifyOverrideRequirements <Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicyOverrideRequirements>]
[-NotifyPolicyTipCustomDialog <String>]
[-NotifyPolicyTipCustomText <String>]
[-NotifyPolicyTipCustomTextTranslations <MultiValuedProperty>]
[-NotifyPolicyTipDisplayOption <Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicyTipDisplayOption>]
[-NotifyPolicyTipUrl <String>]
[-NotifyUser <MultiValuedProperty>]
[-NotifyUserType <Microsoft.Office.CompliancePolicy.PolicyEvaluation.NotifyUserType>]
[-OnPremisesScannerDlpRestrictions <PswsHashtable[]>]
[-PrependSubject <String>]
[-Priority <System.Int32>]
[-ProcessingLimitExceeded <Boolean>]
[-Quarantine <Boolean>]
[-RecipientADAttributeContainsWords <PswsHashtable>]
[-RecipientADAttributeMatchesPatterns <PswsHashtable>]
[-RecipientDomainIs <MultiValuedProperty>]
[-RedirectMessageTo <RecipientIdParameter[]>]
[-RemoveHeader <MultiValuedProperty>]
[-RemoveRMSTemplate <Boolean>]
[-ReportSeverityLevel <RuleSeverity>]
[-RestrictAccess <System.Collections.Hashtable[]>]
[-RestrictBrowserAccess <Boolean>]
[-RuleErrorAction <Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicyRuleErrorAction>]
[-SenderADAttributeContainsWords <PswsHashtable>]
[-SenderADAttributeMatchesPatterns <PswsHashtable>]
[-SenderAddressLocation <Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicySenderAddressLocation>]
[-SenderDomainIs <MultiValuedProperty>]
[-SenderIPRanges <MultiValuedProperty>]
[-SentTo <MultiValuedProperty>]
[-SentToMemberOf <RecipientIdParameter[]>]
[-SetHeader <PswsHashtable>]
[-SharedByIRMUserRisk <MultiValuedProperty>]
[-StopPolicyProcessing <Boolean>]
[-SubjectContainsWords <MultiValuedProperty>]
[-SubjectMatchesPatterns <MultiValuedProperty>]
[-SubjectOrBodyContainsWords <MultiValuedProperty>]
[-SubjectOrBodyMatchesPatterns <MultiValuedProperty>]
[-ThirdPartyAppDlpRestrictions <PswsHashtable[]>]
[-TriggerPowerAutomateFlow <String>]
[-UnscannableDocumentExtensionIs <MultiValuedProperty>]
[-WhatIf]
[-WithImportance <Microsoft.Office.CompliancePolicy.Tasks.WithImportance>]
[<CommonParameters>]
Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
Set-DlpComplianceRule -Identity 25bf67b6-3783-4f74-bde9-98dd40333082 -AccessScope NotInOrganization -BlockAccess $true
This example modifies the access scope and blocking behavior of a DLP compliance rule that's identified by its GUID value.
Example 2
Contents of the file named C:\Data\Sensitive Type.txt:
{
"Version": "1.0",
"Condition": {
"Operator": "And",
"SubConditions": [
{
"ConditionName": "ContentContainsSensitiveInformation",
"Value": [
{
"groups": [
{
"Operator": "Or",
"labels": [
{
"name": "defa4170-0d19-0005-000a-bc88714345d2",
"type": "Sensitivity"
}
],
"name": "Default",
"sensitivetypes": [
{
"confidencelevel": "Low",
"name": "Credit Card Number"
}
]
}
]
}
]
},
{
"Operator": "Not",
"SubConditions": [
{
"Operator": "OR",
"SubConditions": [
{
"ConditionName": "FromMemberOf",
"Value": [
"janesteam@contoso.com"
]
},
{
"ConditionName": "SentTo",
"Value": [
"adele@contoso.com"
]
}
],
}
]
}
]
}
}
$data = Get-Content -Path "C:\Data\Sensitive Type.txt" -ReadCount 0
$AdvancedRuleString = $data | Out-string
Set-DLPComplianceRule -Identity "Contoso Rule 1" -AdvancedRule $AdvancedRuleString
This example uses the AdvancedRule parameter to read the following complex condition from a file: "Content contains sensitive information: "Credit card number OR Highly confidential" AND (NOT (Sender is a member of "Jane's Team" OR Recipient is "adele@contoso.com")).
Parameters
-AccessScope
The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. Valid values are:
- InOrganization: The rule is applied to content that's accessible or delivered to a recipient inside the organization.
- NotInOrganization: The rule is applied to content that's accessible or delivered to a recipient outside the organization.
- None: The condition isn't used.
Type: | Microsoft.Office.CompliancePolicy.Tasks.AccessScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ActivationDate
This parameter is reserved for internal Microsoft use.
Type: | System.DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-AddRecipients
The AddRecipients parameter specifies an action for the DLP rule that adds the specified recipients to email messages. This parameter uses the following syntax:
@{<AddToRecipients | CopyTo | BlindCopyTo> = "emailaddress"}
. For example,@{AddToRecipients = "laura@contoso.com"}
or@{BlindCopyTo = "julia@contoso.com"}
.@{AddManagerAsRecipientType = "<To | Cc | Bcc>"}
. For example,@{AddManagerAsRecipientType = "Bcc"}
.
You can use this action in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-AdvancedRule
The AdvancedRule parameter uses complex rule syntax that supports multiple AND, OR, and NOT operators and nested groups.
This parameter uses JSON syntax that's similar to the traditional advanced syntax, but is read from a file that contains additional operators and combinations that aren't traditionally supported.
For syntax details, see Example 2.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-AlertProperties
{{ Fill AlertProperties Description }}
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-AnyOfRecipientAddressContainsWords
The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word or phrase length is 128 characters. The maximum number of words or phrases is 600.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-AnyOfRecipientAddressMatchesPatterns
The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ApplyBrandingTemplate
The ApplyBrandingTemplate parameter specifies an action for the DLP rule that applies a custom branding template for messages encrypted by Microsoft Purview Message Encryption. You identify the custom branding template by name. If the name contains spaces, enclose the name in quotation marks (").
Use the EnforcePortalAccess parameter to control whether external users are required to use the encrypted message portal to view encrypted messages.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ApplyHtmlDisclaimer
The ApplyHtmlDisclaimer parameter specifies an action for the rule that adds disclaimer text to messages.This parameter uses the syntax: @{Text = "Disclaimer text"; Location = <Append | Prepend>; FallbackAction = <Wrap | Ignore | Reject> }
.
- Text: Specifies the disclaimer text to add. Disclaimer text can include HTML tags and inline cascading style sheet (CSS) tags. You can add images using the IMG tag.
- Location: Specifies where to insert the HTML disclaimer text in the body of messages. Append = Add to the end of the message body. Prepend = Insert at the beginning of the message body.
- FallbackAction: Specifies what to do if the HTML disclaimer can't be added to a message. Wrap = The original message is wrapped in a new message envelope, and the disclaimer is used as the message body for the new message. Ignore = The rule is ignored and the message is delivered without the disclaimer. Reject = The message is rejected.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-AttachmentIsNotLabeled
{{ Fill AttachmentIsNotLabeled Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-BlockAccess
The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. Valid values are:
- $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item.
- $false: Allows access to the source item that matched the rule. This is the default value.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-BlockAccessScope
The BlockAccessScope parameter specifies the scope of the block access action. Valid values are:
- All: Blocks access to everyone except the owner and the last modifier.
- PerUser: Blocks access to external users.
- PerAnonymousUser: Blocks access to people through the "Anyone with the link" option in SharePoint and OneDrive.
Type: | Microsoft.Office.CompliancePolicy.Tasks.BlockAccessScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Comment
The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false
. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
This cmdlet has a built-in pause, so use -Confirm:$false
to skip the confirmation.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentCharacterSetContainsWords
The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.
Supported character sets are big5, din_66003, euc-jp, euc-kr, gb18030, gb2312, hz-gb-2312, iso-2022-jp, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, koi8-r, koi8-u, ks_c_5601-1987, ns_4551-1, sen_850200_b, shift_jis, utf-7, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-874
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentContainsSensitiveInformation
The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type. In addition to sensitive information types, the parameter can also be applied to files that contain sensitivity labels.
This parameter uses the basic syntax @(@{Name="SensitiveInformationType1";[minCount="Value"],@{Name="SensitiveInformationType2";[minCount="Value"],...)
. For example, @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"})
. Example for a sensitivity label: @(@{operator = "And"; groups = @(@{operator="Or";name="Default";labels=@(@{name="Confidential";type="Sensitivity"})})})
.
Use the Get-DLPSensitiveInformationType cmdlet to list the sensitive information types for your organization. For more information on sensitive information types, see What the sensitive information types in Exchange look for.
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentExtensionMatchesWords
The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file extensions. You can specify multiple words separated by commas. Irrespective of the original file type, this predicate matches based on the extension that is present in the name of the file.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentFileTypeMatches
{{ Fill ContentFileTypeMatches Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentIsNotLabeled
{{ Fill ContentIsNotLabeled Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentIsShared
{{ Fill ContentIsShared Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentPropertyContainsWords
The ContentPropertyContainsWords parameter specifies a condition for the DLP rule that's based on a property match in content. The rule is applied to content that contains the specified property.
This parameter accepts values in the format: "Property1:Value1,Value2","Property2:Value3,Value4",..."PropertyN:ValueN,ValueN"
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Disabled
The Disabled parameter specifies whether the DLP rule is disabled. Valid values are:
- $true: The rule is disabled.
- $false: The rule is enabled. This is the default value.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentContainsWords
The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.
To specify multiple words or phrases, this parameter uses the syntax: Word1,"Phrase with spaces",word2,...wordN
. Don't use leading or trailing spaces.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentCreatedBy
{{ Fill DocumentCreatedBy Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentCreatedByMemberOf
{{ Fill DocumentCreatedByMemberOf Description }}
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentIsPasswordProtected
The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection works for Office documents, compressed files (.zip, .7z, .rar, .tar, etc.), and .pdf files. Valid values are:
- $true: Look for password protected files.
- $false: Don't look for password protected files.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentIsUnsupported
The DocumentIsUnsupported parameter specifies a condition for the DLP rule that looks for files that can't be scanned. Valid values are:
- $true: Look for unsupported files that can't be scanned.
- $false: Don't look for unsupported files that can't be scanned.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentMatchesPatterns
The DocumentMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the content of message attachments by using regular expressions. Only supported attachment types are checked.
You can specify multiple text patterns by using the following syntax: "Regular expression1","Regular expression2",..."Regular expressionN"
.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentNameMatchesPatterns
The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentNameMatchesWords
The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word or phrase length is 128 characters. The maximum number of words or phrases is 50.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DocumentSizeOver
The DocumentSizeOver parameter specifies a condition for the DLP rule that looks for messages where any attachment is greater than the specified size.
When you enter a value, qualify the value with one of the following units:
- B (bytes)
- KB (kilobytes)
- MB (megabytes)
- GB (gigabytes)
- TB (terabytes)
Unqualified values are typically treated as bytes, but small values may be rounded up to the nearest kilobyte.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Exchange.Data.ByteQuantifiedSize |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-EncryptRMSTemplate
The EncryptRMSTemplate parameter specifies an action for the DLP rule that applies rights management service (RMS) templates to files. You identify the RMS template by name. If the name contains spaces, enclose the name in quotation marks (").
Use the Get-RMSTemplate cmdlet to see the RMS templates that are available.
Type: | RmsTemplateIdParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-EndpointDlpBrowserRestrictions
{{ Fill EndpointDlpBrowserRestrictions Description }}
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-EndpointDlpRestrictions
Note: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID.
The EndpointDlpRestrictions parameter specifies the restricted endpoints for Endpoint DLP. This parameter uses the following syntax: @(@{"Setting"="<Setting>"; "Value"="<Value>}",@{"Setting"="<Setting>"; "Value"="<Value>"},...)
.
The value of <Setting>
is one of the supported values.
The value of <Value>
is Audit, Block, Ignore, or Warn.
Example values:
@{"Setting"="Print"; "Value"="Block"}
@{"Setting"="CopyPaste"; "Value"="Block";}
@{"Setting"="ScreenCapture"; "Value"="Block";}
@{"Setting"="RemovableMedia"; "Value"="Block";}
@{"Setting"="NetworkShare"; "Value"="Block";}
@{"Setting"="Print"; "Value"="Audit";}
@{"Setting"="UnallowedApps"; "Value"="notepad"; "value2"="Microsoft Notepad"}
When you use the values Block or Warn in this parameter, also need to use the NotifyUser parameter.
You can view and configure the available restrictions with the Get-PolicyConfig and Set-PolicyConfig cmdlets.
For more information about Endpoint DLP, see Learn about Endpoint data loss prevention.
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-EnforcePortalAccess
The EnforcePortalAccess parameter specifies whether external recipients are required to view encrypted mail using the encrypted message portal when the ApplyBrandingTemplate action is also specified. Valid values are:
- $true: External recipients are required to use the encrypted message portal to view encrypted messages.
- $false: External recipients aren't required to use the encrypted message portal. Outlook can decrypt messages inline.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-EvaluateRulePerComponent
The EvaluateRulePerComponent parameter specifies whether a match for conditions and exceptions in the rule is contained within the same message component. Valid values are:
- $true: A DLP rule match for conditions and exceptions must be in the same message component (for example, in the message body or in a single attachment).
- $false: A DLP rule match for conditions and exceptions can be anywhere in the message.
For example, say a DLP rule is configured to block messages that contain three or more Social Security numbers (SSNs). When the value of this parameter is $true, a message is blocked only if there are three or more SSNs in the message body, or there are three or more SSNs in a specific attachment. The DLP rule doesn't match and the message isn't blocked if there are two SSNs in the message body, one SSN in an attachment, and two SSNs in another attachment in the same email message.
This parameter works with the following conditions or exceptions only:
- Content contains
- Attachment contains
- Attachment is not labeled
- File extension is
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfAccessScope
The ExceptIfAccessScopeAccessScope parameter specifies an exception for the DLP rule that's based on the access scope of the content. The rule isn't applied to content that matches the specified access scope. Valid values are:
- InOrganization: The rule isn't applied to content that's accessible or delivered to a recipient inside the organization.
- NotInOrganization: The rule isn't applied to content that's accessible or delivered to a recipient outside the organization.
- None: The exception isn't used.
Type: | Microsoft.Office.CompliancePolicy.Tasks.AccessScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfAnyOfRecipientAddressContainsWords
The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses. You can specify multiple words separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word or phrase length is 128 characters. The maximum number of words or phrases is 600.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfAnyOfRecipientAddressMatchesPatterns
The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfContentCharacterSetContainsWords
The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages.
To specify multiple words, this parameter uses the syntax: Word1,word2,...wordN
. Don't use leading or trailing spaces.
Supported character sets are big5, din_66003, euc-jp, euc-kr, gb18030, gb2312, hz-gb-2312, iso-2022-jp, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, koi8-r, koi8-u, ks_c_5601-1987, ns_4551-1, sen_850200_b, shift_jis, utf-7, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-874
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfContentContainsSensitiveInformation
The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type. In addition to sensitive information types, the parameter can also be applied to files that contain sensitivity labels.
This parameter uses the basic syntax @(@{Name="SensitiveInformationType1";[minCount="Value"],@{Name="SensitiveInformationType2";[minCount="Value"],...)
. For example, @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"})
. Example for a sensitivity label: @(@{operator = "And"; groups = @(@{operator="Or";name="Default";labels=@(@{name="Confidential";type="Sensitivity"})})})
.
Use the Get-DLPSensitiveInformationType cmdlet to list the sensitive information types for your organization. For more information on sensitive information types, see What the sensitive information types in Exchange look for.
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfContentExtensionMatchesWords
The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file extensions. You can specify multiple words separated by commas. Irrespective of what the original file type is, this predicate matches based on the extension that is present in the name of the file.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfContentFileTypeMatches
{{ Fill ExceptIfContentFileTypeMatches Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfContentIsShared
{{ Fill ExceptIfContentIsShared Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfContentPropertyContainsWords
The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content. The rule is not applied to content that contains the specified property.
This parameter accepts values in the format: "Property1:Value1,Value2","Property2:Value3,Value4",..."PropertyN:ValueN,ValueN"
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentContainsWords
The ExceptIfDocumentContainsWords parameter specifies an exception for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.
To specify multiple words or phrases, this parameter uses the syntax: Word1,"Phrase with spaces",word2,...wordN
. Don't use leading or trailing spaces.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentCreatedBy
{{ Fill ExceptIfDocumentCreatedBy Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentCreatedByMemberOf
{{ Fill ExceptIfDocumentCreatedByMemberOf Description }}
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentIsPasswordProtected
The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection works for Office documents, compressed files (.zip, .7z, .rar, .tar, etc.), and .pdf files. Valid values are:
- $true: Look for password protected files.
- $false: Don't look for password protected files.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentIsUnsupported
The ExceptIfDocumentIsUnsupported parameter specifies an exception for the DLP rule that looks for files that can't be scanned. Valid values are:
- $true: Look for unsupported files that can't be scanned.
- $false: Don't look for unsupported files that can't be scanned.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentMatchesPatterns
The ExceptIfDocumentMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the content of message attachments by using regular expressions. Only supported attachment types are checked.
You can specify multiple text patterns by using the following syntax: "Regular expression1","Regular expression2",..."Regular expressionN"
.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentNameMatchesPatterns
The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentNameMatchesWords
The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word or phrase length is 128 characters. The maximum number of words or phrases is 50.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfDocumentSizeOver
The ExceptIfDocumentSizeOver parameter specifies an exception for the DLP rule that looks for messages where any attachment is greater than the specified size.
When you enter a value, qualify the value with one of the following units:
- B (bytes)
- KB (kilobytes)
- MB (megabytes)
- GB (gigabytes)
- TB (terabytes)
Unqualified values are typically treated as bytes, but small values may be rounded up to the nearest kilobyte.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Exchange.Data.ByteQuantifiedSize |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFrom
The ExceptIfFrom parameter specifies an exception for the DLP rule that looks for messages from specific senders. You identify the senders by email address. You can specify multiple values separated by commas.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFromAddressContainsWords
The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word length is 128 characters. The maximum number of words or phrases is 50.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFromAddressMatchesPatterns
The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFromMemberOf
The FromMemberOf parameter specifies an exception for the DLP rule that looks for messages sent by group members. You identify the group by its email address.
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN"
.
Type: | SmtpAddress[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFromScope
The ExceptIfFromScope parameter specifies an exception for the rule that looks for the location of message senders. Valid values are:
- InOrganization: The sender is a mailbox, mail user, group, or mail-enabled public folder in your organization or The sender's email address is in an accepted domain that's configured as an authoritative domain or an internal relay domain, and the message was sent or received over an authenticated connection.
- NotInOrganization: The sender's email address isn't in an accepted domain or the sender's email address is in an accepted domain that's configured as an external relay domain.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.FromScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfHasSenderOverride
The ExceptIfHasSenderOverride parameter specifies an exception for the rule that looks for messages where the sender chose to override a DLP policy. Valid values are:
- $true: Look for messages where the sender took action to override a DLP policy.
- $false: Don't look for messages where the sender took action to override a DLP policy.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfHeaderContainsWords
The HeaderContainsWords parameter specifies an exception for the DLP rule that looks for words in a header field.
To specify multiple words or phrases, this parameter uses the syntax: Word1,"Phrase with spaces",word2,...wordN
. Don't use leading or trailing spaces.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfHeaderMatchesPatterns
The HeaderMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in a header field by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1","regular expression2",..."regular expressionN"
.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfMessageSizeOver
The ExceptIfMessageSizeOver parameter specifies an exception for the DLP rule that looks for messages larger than the specified size. The size include the message and all attachments.
When you enter a value, qualify the value with one of the following units:
- B (bytes)
- KB (kilobytes)
- MB (megabytes)
- GB (gigabytes)
- TB (terabytes)
Unqualified values are typically treated as bytes, although small values may be rounded up to the nearest kilobyte.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Exchange.Data.ByteQuantifiedSize |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfMessageTypeMatches
The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type. Valid values are:
- ApprovalRequest: Moderation request messages sent to moderators.
- AutomaticForward: Messages automatically forwarded to an alternative recipient (by Exchange, not by auto-forwarding rules that users configure in Outlook on the web or Outlook).
- AutomaticReply: Out of office (OOF) messages configured by the user.
- Calendaring: Meeting requests and responses.
- Encrypted: S/MIME encrypted messages.
- PermissionControlled: Messages protected with Rights Management, Office 365 Message Encryption (OME), and sensitivity labels (with encryption).
- ReadReceipt: Read receipts.
- Signed: Digitally signed messages.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.MessageTypes |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfProcessingLimitExceeded
The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn't complete. Valid values are:
- $true: Look for files where scanning couldn't complete.
- $false: Don't look for files where scanning couldn't complete.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRecipientADAttributeContainsWords
The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception for the DLP rule that looks for words in Active Directory attributes of message recipients. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="Word"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="Word1";AttributeName2="Word2";...AttributeNameN="WordN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRecipientADAttributeMatchesPatterns
The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in Active Directory attributes of message recipients by using regular expressions. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="RegularExpression"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="RegularExpression1";AttributeName2="RegularExpression2";...AttributeNameN="RegularExpressionN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRecipientDomainIs
The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSenderADAttributeContainsWords
The ExceptIfSenderADAttributeContainsWords parameter specifies an exception for the DLP rule that looks for words in Active Directory attributes of message senders. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="Word"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="Word1";AttributeName2="Word2";...AttributeNameN="WordN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSenderADAttributeMatchesPatterns
The ExceptIfSenderADAttributeMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in Active Directory attributes of message senders by using regular expressions. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="RegularExpression"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="RegularExpression1";AttributeName2="RegularExpression2";...AttributeNameN="RegularExpressionN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSenderDomainIs
The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. You can specify multiple values separated by commas.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSenderIPRanges
The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. Valid values are:
- Single IP address: For example, 192.168.1.1.
- IP address range: For example, 192.168.0.1-192.168.0.254.
- Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSentTo
The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address. You can specify multiple values separated by commas.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSentToMemberOf
The ExceptIfSentToMemberOf parameter specifies an exception for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address. You can specify multiple values separated by commas.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSubjectContainsWords
The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word or phrase length is 128 characters. The maximum number of words or phrases is 50.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSubjectMatchesPatterns
The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSubjectOrBodyContainsWords
The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.
To specify multiple words or phrases, this parameter uses the syntax: Word1,"Phrase with spaces",word2,...wordN
. Don't use leading or trailing spaces.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | <MultiValuedProperty> |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSubjectOrBodyMatchesPatterns
The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages. You can specify multiple text patterns by using the following syntax: "regular expression1","regular expression2",..."regular expressionN"
.
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | <MultiValuedProperty> |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfUnscannableDocumentExtensionIs
The ExceptIfUnscannableDocumentExtensionIs parameter specifies an exception for the rule that looks for the specified true file extension when the files are unscannable. Irrespective of the original file type, this predicate matches based on the extension that is present in the name of the file.
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfWithImportance
The ExceptIfWithImportance parameter specifies an exception for the rule that looks for messages with the specified importance level. Valid values are:
- Low
- Normal
- High
You can use this exception in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Office.CompliancePolicy.Tasks.WithImportance |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExpiryDate
This parameter is reserved for internal Microsoft use.
Type: | System.DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-From
The From parameter specifies a condition for the DLP rule that looks for messages from specific senders. You identify the senders by email address. You can specify multiple values separated by commas.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-FromAddressContainsWords
The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word length is 128 characters. The maximum number of words or phrases is 50.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-FromAddressMatchesPatterns
The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-FromMemberOf
The FromMemberOf parameter specifies a condition for the DLP rule that looks for messages sent by group members. You identify the group by its email address.
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN"
.
Type: | SmtpAddress[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-FromScope
The FromScope parameter specifies a condition for the rule that looks for the location of message senders. Valid values are:
- InOrganization: The sender is a mailbox, mail user, group, or mail-enabled public folder in your organization or The sender's email address is in an accepted domain that's configured as an authoritative domain or an internal relay domain.
- NotInOrganization: The sender's email address isn't in an accepted domain or the sender's email address is in an accepted domain that's configured as an external relay domain.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.FromScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-GenerateAlert
The GenerateAlert parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met. Valid values are:
- An email address.
- SiteAdmin
You can specify multiple values separated by commas.
The email message that's generated by this action contains a link to detailed information in the Microsoft Purview compliance portal (the details aren't in the email message itself).
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-GenerateIncidentReport
The GenerateIncidentReport parameter specifies an action for the DLP rule that sends an incident report to the specified users when the conditions of the rule are met. Valid values are:
- An email address.
- SiteAdmin
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-HasSenderOverride
The SenderOverride parameter specifies a condition for the rule that looks for messages where the sender chose to override a DLP policy. Valid values are:
- $true: Look for messages where the sender took action to override a DLP policy.
- $false: Don't look for messages where the sender took action to override a DLP policy.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-HeaderContainsWords
The HeaderContainsWords parameter specifies a condition for the DLP rule that looks for words in a header field.
To specify multiple words or phrases, this parameter uses the syntax: Word1,"Phrase with spaces",word2,...wordN
. Don't use leading or trailing spaces.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-HeaderMatchesPatterns
The HeaderMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in a header field by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1","regular expression2",..."regular expressionN"
.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Identity
The Identity parameter specifies the DLP rule that you want to modify. You can use any value that uniquely identifies the rule. For example:
- Name
- Distinguished name (DN)
- GUID
- Id
Type: | ComplianceRuleIdParameter |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-IncidentReportContent
The IncidentReportContent parameter specifies the content to include in the report when you use the GenerateIncidentReport parameter. Valid values are:
- All
- Default
- Detections
- DocumentAuthor
- DocumentLastModifier
- MatchedItem
- RulesMatched
- Service
- Severity
- Service
- Title
You can specify multiple values separated by commas. You can only use the value "All" by itself. If you use the value "Default", the report includes the following content:
- DocumentAuthor
- MatchedItem
- RulesMatched
- Service
- Title
Therefore, any additional values that you use with the value "Default" are ignored.
Type: | ReportContentOption[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-MessageIsNotLabeled
{{ Fill MessageIsNotLabeled Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-MessageSizeOver
The MessageSizeOver parameter specifies a condition for the DLP rule that looks for messages larger than the specified size. The size include the message and all attachments.
When you enter a value, qualify the value with one of the following units:
- B (bytes)
- KB (kilobytes)
- MB (megabytes)
- GB (gigabytes)
- TB (terabytes)
Unqualified values are typically treated as bytes, but small values may be rounded up to the nearest kilobyte.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Exchange.Data.ByteQuantifiedSize |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-MessageTypeMatches
The MessageTypeMatches parameter specifies a condition for the rule that looks for messages of the specified type. Valid values are:
- ApprovalRequest: Moderation request messages sent to moderators.
- AutomaticForward: Messages automatically forwarded to an alternative recipient (by Exchange, not by auto-forwarding rules that users configure in Outlook on the web or Outlook).
- AutomaticReply: Out of office (OOF) messages configured by the user.
- Calendaring: Meeting requests and responses.
- Encrypted: S/MIME encrypted messages.
- PermissionControlled: Messages protected with Rights Management, Office 365 Message Encryption (OME), and sensitivity labels (with encryption).
- ReadReceipt: Read receipts.
- Signed: Digitally signed messages.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.MessageTypes |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-MipRestrictAccess
{{ Fill MipRestrictAccess Description }}
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Moderate
The Moderate parameter specifies an action for the DLP rule that sends the email message to a moderator. This parameter uses the syntax: @{ModerateMessageByManager = <$true | $false>; ModerateMessageByUser = "emailaddress1,emailaddress2,...emailaddressN"}
.
You can use this action in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ModifySubject
The ModifySubject parameter uses regular expressions to find text patterns in the subject of the email message, and then modifies the subject with the text that you specify. This parameter uses the syntax: @{Patterns="RegEx1","RegEx2",..."RegEx10}"; SubjectText="Replacement Text"; ReplaceStrategy="Value"}
.
The ReplaceStrategy=
property uses one of the following values:
- Replace: Replaces all regular expression matches (the
Patterns=
value) in the subject with theSubjectText=
value. - Append: Removes all regular expression matches (the
Patterns=
value) in the subject and inserts theSubjectText=
value at the end of the subject. - Prepend: Removes all regular expression matches (the
Patterns=
value) and inserts theSubjectText=
value at the beginning of the subject.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 10.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NonBifurcatingAccessScope
The NonBifurcatingAccessScope parameter specifies a condition for the DLP rule that looks for recipients in the specified access scope. The rule is applied to all copies of the message. Valid values are:
- HasInternal: At least one recipient is inside the organization.
- HasExternal: At least one recipient is outside the organization.
- None: The condition isn't used.
You can use this condition in DLP policies that are scoped only to Exchange
Type: | Microsoft.Office.CompliancePolicy.Tasks.NonBifurcatingAccessScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyAllowOverride
The NotifyAllowOverride parameter specifies the notification override options when the conditions of the rule are met. Valid values are:
- FalsePositive: Allows overrides in the case of false positives.
- WithAcknowledgement: Allows overrides with explicit user acknowledgement. (Exchange only)
- WithoutJustification: Allows overrides without justification.
- WithJustification: Allows overrides with justification.
You can specify multiple values separated by commas. The values WithoutJustification and WithJustification are mutually exclusive.
Type: | OverrideOption[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyEmailCustomSenderDisplayName
{{ Fill NotifyEmailCustomSenderDisplayName Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyEmailCustomSubject
The NotifyEmailCustomSubject parameter specifies the custom text in the subject line of email notification message that's sent to recipients when the conditions of the rule are met.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyEmailCustomText
The NotifyEmailCustomText parameter specifies the custom text in the email notification message that's sent to recipients when the conditions of the rule are met.
This parameter has a 5000 character limit, and supports plain text, HTML tags and the following tokens (variables):
- %%AppliedActions%%: The actions applied to the content.
- %%ContentURL%%: The URL of the document on the SharePoint site or OneDrive for Business site.
- %%MatchedConditions%%: The conditions that were matched by the content. Use this token to inform people of possible issues with the content.
- %%BlockedMessageInfo%%: The details of the message that was blocked. Use this token to inform people of the details of the message that was blocked.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyEmailExchangeIncludeAttachment
{{ Fill NotifyEmailExchangeIncludeAttachment Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyEndpointUser
Note: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID.
{{ Fill NotifyEndpointUser Description }}
For more information about Endpoint DLP, see Learn about Endpoint data loss prevention.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyOverrideRequirements
{{ Fill NotifyOverrideRequirements Description }}
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicyOverrideRequirements |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyPolicyTipCustomDialog
{{ Fill NotifyPolicyTipCustomDialog Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyPolicyTipCustomText
The NotifyPolicyTipCustomText parameter specifies the custom text in the Policy Tip notification message that's shown to recipients when the conditions of the rule are met. The maximum length is 256 characters. HTML tags and tokens (variables) aren't supported.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyPolicyTipCustomTextTranslations
The NotifyPolicyTipCustomTextTranslations parameter specifies the localized policy tip text that's shown when the conditions of the rule are met, based on the client settings. This parameter uses the syntax CultureCode:Text
.
Valid culture codes are supported values from the Microsoft .NET Framework CultureInfo class. For example, da-DK for Danish or ja-JP for Japanese. For more information, see CultureInfo Class.
To enter multiple values and overwrite any existing entries, use the following syntax: Value1,Value2,...ValueN
. For example: "en:PolicyTipInEnglish","zh:警告:这个文件含有非法内容","th:คำแนะนำนโยบายในไทย"
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyPolicyTipDisplayOption
The NotifyPolicyTipDialogOption parameter specifies a display option for the policy tip. Valid values are:
- Tip: Displays policy tip at the top of the mail. This is the default value.
- Dialog: Displays policy tip at the top of the mail and as a popup dialog. (exchange only)
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicyTipDisplayOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyPolicyTipUrl
The NotifyPolicyTipUrl parameter specifies the URL in the popup dialog for Exchange workloads. This URL value has priority over the global: Set-PolicyConfig -ComplianceUrl
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyUser
The NotifyUser parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met. Valid values are:
- An email address.
- LastModifier
- Owner
- SiteAdmin
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-NotifyUserType
The NotifyUserType parameter specifies the type of notification that's used for the rule. Valid values are:
- NotSet
- PolicyTip
- Email,PolicyTip
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.NotifyUserType |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-OnPremisesScannerDlpRestrictions
{{ Fill OnPremisesScannerDlpRestrictions Description }}
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-PrependSubject
The PrependSubject parameter specifies an action for the rule that adds text to add to the beginning of the Subject field of messages. The value for this parameter is the text that you specify. If the text contains spaces, enclose the value in quotation marks (").
Consider ending the value for this parameter with a colon (:) and a space, or at least a space, to separate it from the original subject.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Priority
The Priority parameter specifies a priority value for the rule that determines the order of rule processing within the policy. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.
Valid values and the default value for this parameter depend on the number of existing rules in the policy. For example, if there are 8 existing rules:
- Valid priority values for the existing 8 rules are from 0 through 7.
- Valid priority values for a new 9th rule that you add to the policy are from 0 through 8.
- The default value for a new 9th rule that you add to the policy is 8.
If you modify the priority value of a rule, the position of the rule in the list changes to match the priority value you specify. In other words, if you set the priority value of a rule to the same value as an existing rule, the priority value of the existing rule and all other lower priority rules after it are increased by 1.
Type: | System.Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ProcessingLimitExceeded
The ProcessingLimitExceeded parameter specifies a condition for the DLP rule that looks for files where scanning couldn't complete. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned. Valid values are:
- $true: Look for files where scanning couldn't complete.
- $false: Don't look for files where scanning couldn't complete.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Quarantine
This parameter specifies an action or part of an action for the rule.
The Quarantine parameter specifies an action that quarantines messages. Valid values are:
- $true: The message is delivered to the hosted quarantine.
- $false: The message is not quarantined.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RecipientADAttributeContainsWords
The RecipientADAttributeContainsWords parameter specifies a condition for the DLP rule that looks for words in Active Directory attributes of message recipients. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="Word"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="Word1";AttributeName2="Word2";...AttributeNameN="WordN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RecipientADAttributeMatchesPatterns
The RecipientADAttributeMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in Active Directory attributes of message recipients by using regular expressions. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="RegularExpression"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="RegularExpression1";AttributeName2="RegularExpression2";...AttributeNameN="RegularExpressionN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RecipientDomainIs
The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RedirectMessageTo
The RedirectMessageTo parameter specifies an action for the DLP rule that redirects the message to the specified email address. You can specify multiple values separated by commas.
You can use this action in DLP policies that are scoped only to Exchange.
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RemoveHeader
The RemoveHeader parameter specifies an action for the DLP rule that removes a header field from the message header. This parameter uses the syntax HeaderName
or "HeaderName:HeaderValue"
.You can specify multiple header names or header name and value pairs separated by commas: HeaderName1,"HeaderName2:HeaderValue2",HeaderName3,..."HeaderNameN:HeaderValueN"
.
The maximum header name length is 64 characters, and header names can't contain spaces or colons ( : ). The maximum header value length is 128 characters.
You can use this action in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RemoveRMSTemplate
The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Microsoft Purview Message Encryption from messages and their attachments. Valid values are:
- $true: The message and attachments are decrypted.
- $False: The messages and attachments are not decrypted.
You can use this action in DLP policies that are scoped only to Exchange.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ReportSeverityLevel
The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. Valid values are:
- None: You can't select this value if the rule has no actions configured.
- Low: This is the default value.
- Medium
- High
Type: | RuleSeverity |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RestrictAccess
{{ Fill RestrictAccess Description }}
Type: | System.Collections.Hashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RestrictBrowserAccess
{{ Fill RestrictBrowserAccess Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-RuleErrorAction
The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are:
- Ignore: Ignore the failure of the rule and thereby any actions in that rule and move to the next rule.
- RetryThenBlock: Do a maximum of 5 retries of the rule with an increasing time gap of 10 min (i.e, 1st retry happens after 10 min, 2nd retry after 20 min, etc.). After the failure of the fifth retry, the message is dropped and we send a non-delivery report (also known as an NDR or bounce messages).
- Blank (the value $null): Defer the delivery of the message and keep retrying the rule. This is the default value.
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicyRuleErrorAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderADAttributeContainsWords
The SenderADAttributeContainsWords parameter specifies a condition for the DLP rule that looks for words in Active Directory attributes of message senders. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="Word"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="Word1";AttributeName2="Word2";...AttributeNameN="WordN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderADAttributeMatchesPatterns
The SenderADAttributeMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in Active Directory attributes of message senders by using regular expressions. You can use any of the following Active Directory attributes:
- City
- Company
- Country or Region
- CustomAttribute1 to CustomAttribute15
- Department
- DisplayName
- Email Addresses
- Fax
- FirstName
- HomePhoneNumber
- Initials
- LastName
- Manager
- Mobile Phone
- Notes
- Office
- OtherFax
- OtherHomePhone
- Other Telephone
- Pager
- Phone
- Post Office Box
- State or Province
- Street Address
- Title
- UserLogonName
- Postal Code
This parameter uses the syntax: @{AttributeName="RegularExpression"}
. To specify multiple attributes, use the following syntax: @{AttributeName1="RegularExpression1";AttributeName2="RegularExpression2";...AttributeNameN="RegularExpressionN"}
. Don't use words with leading or trailing spaces.
When you specify multiple attributes, the OR operator is used.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderAddressLocation
The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses. Valid values are:
- Header: Only examine senders in the message headers (for example, the From, Sender, or Reply-To fields). This is the default value.
- Envelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field).
- HeaderOrEnvelope: Examine senders in the message header and the message envelope.
Note that message envelope searching is available only for the following conditions and exceptions:
- From and ExceptIfFrom
- FromAddressContainsWords and ExceptIfFromAddressContainsWords
- FromAddressMatchesPatterns and ExceptIfFromAddressMatchesPatterns
- FromMemberOf and ExceptIfFromMemberOf
- SenderDomainIs and ExceptIfSenderDomainIs
Type: | Microsoft.Office.CompliancePolicy.PolicyEvaluation.PolicySenderAddressLocation |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderDomainIs
The SenderDomainIs parameter specifies a condition for the DLP rule that looks for messages from senders with email address in the specified domains. You can specify multiple values separated by commas.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderIPRanges
The SenderIpRanges parameter specifies a condition for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. Valid values are:
- Single IP address: For example, 192.168.1.1.
- IP address range: For example, 192.168.0.1-192.168.0.254.
- Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SentTo
The SentTo parameter specifies a condition for the DLP rule that looks for recipients in messages. You identify the recipients by email address. You can specify multiple values separated by commas.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SentToMemberOf
The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address. You can specify multiple values separated by commas.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | RecipientIdParameter[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SetHeader
The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. This parameter uses the syntax "HeaderName:HeaderValue"
. You can specify multiple header name and value pairs separated by commas: "HeaderName1:HeaderValue1",HeaderName2:HeaderValue2",..."HeaderNameN:HeaderValueN"
.
The maximum header name length is 64 characters, and header names can't contains spaces or colons ( : ). The maximum header value length is 128 characters.
You can use this action in DLP policies that are scoped only to Exchange.
Type: | PswsHashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SharedByIRMUserRisk
{{ Fill SharedByIRMUserRisk Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-StopPolicyProcessing
The StopPolicyProcessing parameter specifies an action that stops processing more DLP policy rules. Valid values are:
- $true: Stop processing more rules.
- $false: Continue processing more rules after this one.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SubjectContainsWords
The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.
- Single word:
"no_reply"
- Multiple words:
no_reply,urgent,...
- Multiple words and phrases:
"phrase 1",word1,"phrase with , or spaces",word2,...
The maximum individual word or phrase length is 128 characters. The maximum number of words or phrases is 50.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SubjectMatchesPatterns
The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions. You can specify multiple text patterns by using the following syntax: "regular expression1"|"regular expression2"|..."regular expressionN"
.
The maximum individual regular expression length is 128 characters. The maximum number of regular expressions is 300.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SubjectOrBodyContainsWords
The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.
To specify multiple words or phrases, this parameter uses the syntax: Word1,"Phrase with spaces",word2,...wordN
. Don't use leading or trailing spaces.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | <MultiValuedProperty> |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SubjectOrBodyMatchesPatterns
The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages. You can specify multiple text patterns by using the following syntax: "regular expression1","regular expression2",..."regular expressionN"
.
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | <MultiValuedProperty> |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ThirdPartyAppDlpRestrictions
{{ Fill ThirdPartyAppDlpRestrictions Description }}
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-TriggerPowerAutomateFlow
{{ Fill TriggerPowerAutomateFlow Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-UnscannableDocumentExtensionIs
The UnscannableDocumentExtensionIs parameter specifies a condition for the rule that looks for the specified true file extension when the files are unscannable. Irrespective of what the original file type is, this predicate matches based on the extension that is present in the name of the file.
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-WithImportance
The WithImportance parameter specifies a condition for the rule that looks for messages with the specified importance level. Valid values are:
- Low
- Normal
- High
You can use this condition in DLP policies that are scoped only to Exchange.
Type: | Microsoft.Office.CompliancePolicy.Tasks.WithImportance |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |