Set-HostedContentFilterPolicy
This cmdlet is available only in the cloud-based service.
Use the Set-HostedContentFilterPolicy cmdlet to modify spam filter policies (content filter policies) in your cloud-based organization.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Set-HostedContentFilterPolicy
[-Identity] <HostedContentFilterPolicyIdParameter>
[-AddXHeaderValue <String>]
[-AdminDisplayName <String>]
[-AllowedSenderDomains <MultiValuedProperty>]
[-AllowedSenders <MultiValuedProperty>]
[-BlockedSenderDomains <MultiValuedProperty>]
[-BlockedSenders <MultiValuedProperty>]
[-BulkQuarantineTag <String>]
[-BulkSpamAction <SpamFilteringAction>]
[-BulkThreshold <Int32>]
[-Confirm]
[-DownloadLink <Boolean>]
[-EnableEndUserSpamNotifications <Boolean>]
[-EnableLanguageBlockList <Boolean>]
[-EnableRegionBlockList <Boolean>]
[-EndUserSpamNotificationCustomFromAddress <SmtpAddress>]
[-EndUserSpamNotificationCustomFromName <String>]
[-EndUserSpamNotificationCustomSubject <String>]
[-EndUserSpamNotificationFrequency <Int32>]
[-EndUserSpamNotificationLanguage <EsnLanguage>]
[-EndUserSpamNotificationLimit <Int32>]
[-HighConfidencePhishAction <PhishFilteringAction>]
[-HighConfidencePhishQuarantineTag <String>]
[-HighConfidenceSpamAction <SpamFilteringAction>]
[-HighConfidenceSpamQuarantineTag <String>]
[-IncreaseScoreWithBizOrInfoUrls <SpamFilteringOption>]
[-IncreaseScoreWithImageLinks <SpamFilteringOption>]
[-IncreaseScoreWithNumericIps <SpamFilteringOption>]
[-IncreaseScoreWithRedirectToOtherPort <SpamFilteringOption>]
[-InlineSafetyTipsEnabled <Boolean>]
[-IntraOrgFilterState <IntraOrgFilterState>]
[-LanguageBlockList <MultiValuedProperty>]
[-MakeDefault]
[-MarkAsSpamBulkMail <SpamFilteringOption>]
[-MarkAsSpamEmbedTagsInHtml <SpamFilteringOption>]
[-MarkAsSpamEmptyMessages <SpamFilteringOption>]
[-MarkAsSpamFormTagsInHtml <SpamFilteringOption>]
[-MarkAsSpamFramesInHtml <SpamFilteringOption>]
[-MarkAsSpamFromAddressAuthFail <SpamFilteringOption>]
[-MarkAsSpamJavaScriptInHtml <SpamFilteringOption>]
[-MarkAsSpamNdrBackscatter <SpamFilteringOption>]
[-MarkAsSpamObjectTagsInHtml <SpamFilteringOption>]
[-MarkAsSpamSensitiveWordList <SpamFilteringOption>]
[-MarkAsSpamSpfRecordHardFail <SpamFilteringOption>]
[-MarkAsSpamWebBugsInHtml <SpamFilteringOption>]
[-ModifySubjectValue <String>]
[-PhishQuarantineTag <String>]
[-PhishSpamAction <SpamFilteringAction>]
[-PhishZapEnabled <Boolean>]
[-QuarantineRetentionPeriod <Int32>]
[-RedirectToRecipients <MultiValuedProperty>]
[-RegionBlockList <MultiValuedProperty>]
[-SpamAction <SpamFilteringAction>]
[-SpamQuarantineTag <String>]
[-SpamZapEnabled <Boolean>]
[-TestModeAction <SpamFilteringTestModeAction>]
[-TestModeBccToRecipients <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>]
Description
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
For more information about the limits for allowed and blocked senders, see Exchange Online Protection Limits.
Examples
Example 1
Set-HostedContentFilterPolicy -Identity "Contoso Executives" -HighConfidenceSpamAction Quarantine -SpamAction Quarantine -BulkThreshold 6
This example modifies the spam filter policy named Contoso Executives with the following settings:
- Quarantine messages when the spam filtering verdict is spam or high confidence spam.
- BCL 6 triggers the action for a bulk email spam filtering verdict.
Parameters
-AddXHeaderValue
The AddXHeaderValue parameter specifies the X-header name (not value) to add to spam messages when a spam filtering verdict parameter is set to the value AddXHeader. The following spam filtering verdict parameters can use the AddXHeader action:
- BulkSpamAction
- HighConfidenceSpamAction
- PhishSpamAction
- SpamAction
The maximum length is 255 characters, and the value can't contain spaces or colons (:).
For example, if you enter the value This-is-my-custom-header
, the X-header that's added to the message is This-is-my-custom-header: This message appears to be spam.
If you enter a value that contains spaces or colons (:), the value is ignored, and the default X-header is added to the message (X-This-Is-Spam: This message appears to be spam.
).
Note that this setting is independent of the AddXHeader value of the TestModeAction parameter.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-AdminDisplayName
The AdminDisplayName parameter specifies a description for the policy. The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-AllowedSenderDomains
The AllowedSenderDomains parameter specifies trusted domains that aren't processed by the spam filter. Messages from senders in these domains are stamped with SFV:SKA
in the X-Forefront-Antispam-Report header
and receive a spam confidence level (SCL) of -1, so the messages are delivered to the recipient's inbox. Valid values are one or more SMTP domains.
Caution: Think very carefully before you add domains here. For more information, see Create safe sender lists in EOP.
To enter multiple values and overwrite any existing entries, use the following syntax: Value1,Value2,...ValueN
. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN"
.
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="Value1","Value2"...; Remove="Value3","Value4"...}
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-AllowedSenders
The AllowedSenders parameter specifies a list of trusted senders that skip spam filtering. Messages from these senders are stamped with SFV:SKA in the X-Forefront-Antispam-Report header and receive an SCL of -1, so the messages are delivered to the recipient's inbox. Valid values are one or more SMTP email addresses.
Caution: Think very carefully before you add senders here. For more information, see Create safe sender lists in EOP.
To enter multiple values and overwrite any existing entries, use the following syntax: Value1,Value2,...ValueN
. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN"
.
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="Value1","Value2"...; Remove="Value3","Value4"...}
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-BlockedSenderDomains
The BlockedSenderDomains parameter specifies domains that are always marked as spam sources. Messages from senders in these domains are stamped with SFV:SKB
value in the X-Forefront-Antispam-Report
header and receive an SCL of 6 (spam). Valid values are one or more SMTP domains.
Note: Manually blocking domains isn't dangerous, but it can increase your administrative workload. For more information, see Create block sender lists in EOP.
To enter multiple values and overwrite any existing entries, use the following syntax: Value1,Value2,...ValueN
. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN"
.
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="Value1","Value2"...; Remove="Value3","Value4"...}
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-BlockedSenders
The BlockedSenders parameter specifies senders that are always marked as spam sources. Messages from these senders are stamped with SFV:SKB
in the X-Forefront-Antispam-Report
header and receive an SCL of 6 (spam). Valid values are one or more SMTP email addresses.
Note: Manually blocking senders isn't dangerous, but it can increase your administrative workload. For more information, see Create block sender lists in EOP.
To enter multiple values and overwrite any existing entries, use the following syntax: Value1,Value2,...ValueN
. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN"
.
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="Value1","Value2"...; Remove="Value3","Value4"...}
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-BulkQuarantineTag
The BulkQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as bulk email (the BulkSpamAction parameter value is Quarantine). You can use any value that uniquely identifies the quarantine policy. For example:
- Name
- Distinguished name (DN)
- GUID
Quarantine policies define what users are able to do to quarantined messages based on why the message was quarantined and quarantine notification settings. For more information about quarantine policies, see Quarantine policies.
The default value for this parameter is the built-in quarantine policy named DefaultFullAccessPolicy (no notifications) or NotificationEnabledPolicy (if available in your organization). This quarantine policy enforces the historical capabilities for messages that were quarantined as bulk as described in the table here.
To view the list of available quarantine policies, run the following command: Get-QuarantinePolicy | Format-List Name,EndUser*,ESNEnabled
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-BulkSpamAction
The BulkSpamAction parameter specifies the action to take on messages that are marked as bulk email (also known as gray mail) based on the bulk complaint level (BCL) of the message, and the BCL threshold you configure in the BulkThreshold parameter. Valid values are:
- AddXHeader: Add the AddXHeaderValue parameter value to the message header and deliver the message.
- Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message.
- ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf).
- MoveToJmf: This is the default value. Deliver the message to the Junk Email folder in the recipient's mailbox. In standalone Exchange Online Protection environments, you need to configure mail flow rules in your on-premises Exchange organization. For instructions, see Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments.
- NoAction
- Quarantine: Deliver the message to quarantine. By default, messages that are quarantined as bulk email are available to the intended recipients and admins. Or, you can use the BulkQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
- Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
Type: | SpamFilteringAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-BulkThreshold
The BulkThreshold parameter specifies the BCL on messages that triggers the action specified by the BulkSpamAction parameter (greater than or equal to the specified BCL value). A valid value is an integer from 1 to 9. The default value is 7, which means a BCL of 7, 8, or 9 on messages will trigger the action that's specified by the BulkSpamAction parameter.
A higher BCL indicates the message is more likely to generate complaints (and is therefore more likely to be spam). For more information, see Bulk complaint level (BCL) in EOP.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false
. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-DownloadLink
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EnableEndUserSpamNotifications
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EnableLanguageBlockList
The EnableLanguageBlockList parameter enables or disables marking messages that were written in specific languages as spam. Valid values are:
- $true: Mark messages hat were written in the languages specified by the LanguageBlockList parameter as spam.
- $false: Don't mark messages as spam solely based on their languages. This is the default value.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EnableRegionBlockList
The EnableRegionBlockList parameter enables or disables marking messages that are sent from specific countries or regions as spam. Valid values are:
- $true: Mark messages from senders in the RegionBlockList parameter as spam.
- $false: Don't mark messages as spam solely based on the source country or region. This is the default value.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EndUserSpamNotificationCustomFromAddress
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | SmtpAddress |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EndUserSpamNotificationCustomFromName
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EndUserSpamNotificationCustomSubject
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EndUserSpamNotificationFrequency
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EndUserSpamNotificationLanguage
This parameter has been deprecated and is no longer used. End-user quarantine notifications are controlled by quarantine policies as specified by the *QuarantineTag parameters.
Type: | EsnLanguage |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-EndUserSpamNotificationLimit
This parameter is reserved for internal Microsoft use.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-HighConfidencePhishAction
The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing (not phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are:
- Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
- Quarantine: Move the message to quarantine. By default, messages that are quarantined as high confidence phishing are available only to admins. Or, you can use the HighConfidencePhishQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
Type: | PhishFilteringAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-HighConfidencePhishQuarantineTag
The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as high confidence phishing (the HighConfidencePhishAction parameter value is Quarantine). You can use any value that uniquely identifies the quarantine policy. For example:
- Name
- Distinguished name (DN)
- GUID
Quarantine policies define what users are able to do to quarantined messages based on why the message was quarantined and quarantine notification settings. For more information about quarantine policies, see Quarantine policies.
The default value for this parameter is the built-in quarantine policy named AdminOnlyAccessPolicy. This quarantine policy enforces the historical capabilities for messages that were quarantined as high confidence phishing as described in the table here.
To view the list of available quarantine policies, run the following command: Get-QuarantinePolicy | Format-List Name,EndUser*,ESNEnabled
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-HighConfidenceSpamAction
The HighConfidenceSpamAction parameter specifies the action to take on messages that are marked as high confidence spam (not spam, bulk email, phishing, or high confidence phishing). Valid values are:
- AddXHeader: Add the AddXHeaderValue parameter value to the message header, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf).
- Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message.
- ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf).
- MoveToJmf: Deliver the message to the Junk Email folder in the recipient's mailbox. In standalone Exchange Online Protection environments, you need to configure mail flow rules in your on-premises Exchange organization. For instructions, see Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments.
- Quarantine: Deliver the message to quarantine. By default, messages that are quarantined as high confidence spam are available to the intended recipients and admins. Or, you can use the HighConfidenceSpamQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
- Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
Type: | SpamFilteringAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-HighConfidenceSpamQuarantineTag
The HighConfidenceSpamQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as high confidence spam (the HighConfidenceSpamAction parameter value is Quarantine). You can use any value that uniquely identifies the quarantine policy. For example:
- Name
- Distinguished name (DN)
- GUID
Quarantine policies define what users are able to do to quarantined messages based on why the message was quarantined and quarantine notification settings. For more information about quarantine policies, see Quarantine policies.
The default value for this parameter is the built-in quarantine policy named DefaultFullAccessPolicy (no notifications) or NotificationEnabledPolicy (if available in your organization). This quarantine policy enforces the historical capabilities for messages that were quarantined as high confidence spam as described in the table here.
To view the list of available quarantine policies, run the following command: Get-QuarantinePolicy | Format-List Name,EndUser*,ESNEnabled
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-Identity
The Identity parameter specifies the spam filter policy that you want to modify. You can use any value that uniquely identifies the policy. For example:
- Name
- Distinguished name (DN)
- GUID
Type: | HostedContentFilterPolicyIdParameter |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-IncreaseScoreWithBizOrInfoUrls
The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or .info domains. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain links to .biz or .info domains are given a higher spam score and therefore have a higher chance of getting marked as spam with SCL 5 or 6, and the X-header
X-CustomSpam: URL to .biz or .info websites
is added to the message. Not all messages that match this setting will be marked as spam. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-IncreaseScoreWithImageLinks
The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to remote websites. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain image links to remote websites are given a higher spam score and therefore have a higher chance of getting marked as spam with SCL 5 or 6, and the X-header
X-CustomSpam: Image links to remote sites
is added to the message. Not all messages that match this setting will be marked as spam. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-IncreaseScoreWithNumericIps
The IncreaseScoreWithNumericIps parameter increases the spam score of messages that contain links to IP addresses. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain links to IP addresses are given the SCL 5 or 6 (spam), and the X-header
X-CustomSpam: Numeric IP in URL
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-IncreaseScoreWithRedirectToOtherPort
The IncreaseScoreWithRedirectToOtherPort parameter increases the spam score of messages that contain links that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS). Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain links that redirect to other TCP ports are given the SCL 5 or 6 (spam), and the X-header
X-CustomSpam: URL redirect to other port
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-InlineSafetyTipsEnabled
The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages. Valid values are:
- $true: Safety tips are enabled. This is the default value.
- $false: Safety tips are disabled.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-IntraOrgFilterState
The IntraOrgFilterState parameter specifies whether to enable anti-spam filtering for messages sent between internal users (users in the same organization). The action that's configured in the policy for the specified spam filter verdicts is taken on messages sent between internal users. Valid values are:
- Default: This is the default value. Currently, HighConfidencePhish.
- HighConfidencePhish
- Phish: Includes phishing and high confidence phishing.
- HighConfidenceSpam: Includes high confidence spam, phishing, and high confidence phishing.
- Spam: Includes spam, high confidence spam, phishing, and high confidence phishing.
- Disabled
Type: | IntraOrgFilterState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-LanguageBlockList
The LanguageBlockList parameter specifies the email content languages that are marked as spam when the EnableLanguageBlockList parameter value is $true. A valid value is a supported uppercase ISO 639-1 two-letter language code:
AF, AR, AZ, BE, BG, BN, BR, BS, CA, CS, CY, DA, DE, EL, EN, EO, ES, ET, EU, FA, FI, FO, FR, FY, GA, GL, GU, HA, HE, HI, HR, HU, HY, ID, IS, IT, JA, KA, KK, KL, KN, KO, KU, KY, LA, LB, LT, LV, MI, MK, ML, MN, MR, MS, MT, NB, NL, NN, PA, PL, PS, PT, RM, RO, RU, SE, SK, SL, SQ, SR, SV, SW, TA, TE, TH, TL, TR, UK, UR, UZ, VI, WEN, YI, ZH-CN, ZH-TW, and ZU.
A reference for two-letter language codes is available at ISO 639-2. Not all possible language codes are available as input for this parameter.
To enter multiple values and overwrite any existing entries, use the following syntax: "Value1","Value2",..."ValueN"
.
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="Value1","Value2"...; Remove="Value3","Value4"...}
.
To empty the list, use the value $null.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MakeDefault
The MakeDefault switch makes the specified spam filter policy the default spam filter policy. You don't need to specify a value with this switch.
The default spam filter policy is applied to everyone (no corresponding spam filter rule), can't be renamed, and has the unmodifiable priority value Lowest (the default policy is always applied last).
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamBulkMail
The MarkAsSpamBulkMail parameter allows spam filtering to act on bulk email messages. Valid values are:
- Off: The message is stamped with the BCL, but no action is taken for a bulk email filtering verdict. In effect, the values of the BulkThreshold and BulkSpamAction parameters are irrelevant.
- On: This is the default value. A BCL that's greater than the BulkThreshold value is converted to an SCL 6 that corresponds to a filtering verdict of spam, and the BulkSpamAction value is taken on the message.
- Test: This value is available, but isn't used for this parameter.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamEmbedTagsInHtml
The MarkAsSpamEmbedTagsInHtml parameter marks a message as spam when the message contains HTML <embed> tags. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain HTML <embed> tags are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Embed tag in html
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamEmptyMessages
The MarkAsSpamEmptyMessages parameter marks a message as spam when the message contains no subject, no content in the message body, and no attachments. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Empty messages are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Empty Message
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamFormTagsInHtml
The MarkAsSpamFormTagsInHtml parameter marks a message as spam when the message contains HTML <form> tags. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain HTML <form> tags are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Form tag in html
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamFramesInHtml
The MarkAsSpamFramesInHtml parameter marks a message as spam when the message contains HTML <frame> or <iframe> tags. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain HTML <frame> or <iframe> tags are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: IFRAME or FRAME in HTML
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamFromAddressAuthFail
The MarkAsSpamFromAddressAuthFail parameter marks a message as spam when Sender ID filtering encounters a hard fail. This setting combines an Sender Policy Framework (SPF) check with a Sender ID check to help protect against message headers that contain forged senders. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages where Sender ID filtering encounters a hard fail are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: SPF From Record Fail
is added to the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamJavaScriptInHtml
The MarkAsSpamJavaScriptInHtml parameter marks a message as spam when the message contains JavaScript or VBScript. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain JavaScript or VBScript are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Javascript or VBscript tags in HTML
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamNdrBackscatter
The MarkAsSpamNdrBackscatter parameter marks a message as spam when the message is a non-delivery report (also known as an NDR or bounce messages) sent to a forged sender (known as backscatter). Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Backscatter is given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Backscatter NDR
is added to the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamObjectTagsInHtml
The MarkAsSpamObjectTagsInHtml parameter marks a message as spam when the message contains HTML <object> tags. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain HTML <object> tags are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Object tag in html
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamSensitiveWordList
The MarkAsSpamSensitiveWordList parameter marks a message as spam when the message contains words from the sensitive words list. Microsoft maintains a dynamic but non-editable list of words that are associated with potentially offensive messages. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain words from the sensitive word list in the subject or message body are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Sensitive word in subject/body
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamSpfRecordHardFail
The MarkAsSpamSpfRecordHardFail parameter marks a message as spam when SPF record checking encounters a hard fail. Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages sent from an IP address that isn't specified in the SPF Sender Policy Framework (SPF) record in DNS are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: SPF Record Fail
is added to the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-MarkAsSpamWebBugsInHtml
The MarkAsSpamWebBugsInHtml parameter marks a message as spam when the message contains web bugs (also known as web beacons). Valid values are:
- Off: The setting is disabled. This is the default value, and we recommend that you don't change it.
- On: The setting is enabled. Messages that contain web bugs are given the SCL 9 (high confidence spam), and the X-header
X-CustomSpam: Web bug
is added to the message. - Test: The action specified by the TestModeAction parameter is taken on the message.
Type: | SpamFilteringOption |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-ModifySubjectValue
The ModifySubjectValue parameter specifies the text to prepend to the existing subject of messages when a spam filtering verdict parameter is set to the value ModifySubject. The following spam filtering verdict parameters can use the ModifySubject action:
- BulkSpamAction
- HighConfidenceSpamAction
- PhishSpamAction
- SpamAction
If the value contains spaces, enclose the value in quotation marks (").
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-PhishQuarantineTag
The PhishQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as phishing (the PhishSpamAction parameter value is Quarantine). You can use any value that uniquely identifies the quarantine policy. For example:
- Name
- Distinguished name (DN)
- GUID
Quarantine policies define what users are able to do to quarantined messages based on why the message was quarantined and quarantine notification settings. For more information about quarantine policies, see Quarantine policies.
The default value for this parameter is the built-in quarantine policy named DefaultFullAccessPolicy (no notifications) or NotificationEnabledPolicy (if available in your organization). This quarantine policy enforces the historical capabilities for messages that were quarantined as phishing as described in the table here.
To view the list of available quarantine policies, run the following command: Get-QuarantinePolicy | Format-List Name,EndUser*,ESNEnabled
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-PhishSpamAction
The PhishSpamAction parameter specifies the action to take on messages that are marked as phishing (not high confidence phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are:
- AddXHeader: Add the AddXHeaderValue parameter value to the message header and deliver the message.
- Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message.
- ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf).
- MoveToJmf: Deliver the message to the Junk Email folder in the recipient's mailbox.
- Quarantine: Deliver the message to quarantine. By default, messages that are quarantined as phishing are available to admins and (as of April 2020) the intended recipients. Or, you can use the PhishQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
- Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
Type: | SpamFilteringAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-PhishZapEnabled
The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing in already delivered messages in Exchange Online mailboxes. Valid values are:
- $true: ZAP for phishing messages is enabled. This is the default value. The result depends on the spam filtering verdict action for phishing messages: MoveToJmf = Read and unread phishing messages are moved to the Junk Email folder. Delete, Redirect, or Quarantine = Read and unread phishing messages are quarantined. AddXHeader or ModifySubject = no action is taken on the message.
- $false: ZAP for phishing messages is disabled.
You configure ZAP for spam with the SpamZapEnabled parameter.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-QuarantineRetentionPeriod
The QuarantineRetentionPeriod parameter specifies the number of days that spam messages remain in quarantine when a spam filtering verdict parameter is set to the value Quarantine. All spam filtering verdict parameters can use the Quarantine action:
- BulkSpamAction
- HighConfidencePhishAction
- HighConfidenceSpamAction
- PhishSpamAction
- SpamAction
A valid value is an integer between 1 and 30.
After the time period expires, the message is deleted.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-RedirectToRecipients
The RedirectToRecipients parameter specifies the email addresses of replacement recipients when a spam filtering verdict parameter is set to the value Redirect. The following spam filtering verdict parameters can use the Redirect action:
- BulkSpamAction
- HighConfidenceSpamAction
- PhishSpamAction
- SpamAction
You can specify multiple email addresses separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-RegionBlockList
The RegionBlockList parameter specifies the source countries or regions that are marked as spam when the EnableRegionBlockList parameter value is $true. A valid value is a supported ISO 3166-1 two-letter country code:
AD, AE, AF, AG, AI, AL, AM, AO, AQ, AR, AS, AT, AU, AW, AX, AZ, BA, BB, BD, BE, BF, BG, BH, BI, BJ, BL, BM, BN, BO, BQ, BR, BS, BT, BV, BW, BY, BZ, CA, CC, CD, CF, CG, CH, CI, CK, CL, CM, CN, CO, CR, CU, CV, CW, CX, CY, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ER, ES, ET, FI, FJ, FK, FM, FO, FR, GA, GB, GD, GE, GF, GG, GH, GI, GL, GM, GN, GP, GQ, GR, GS, GT, GU, GW, GY, HK, HM, HN, HR, HT, HU, ID, IE, IL, IM, IN, IO, IQ, IR, IS, IT, JE, JM, JO, JP, KE, KG, KH, KI, KM, KN, KP, KR, KW, KY, KZ, LA, LB, LC, LI, LK, LR, LS, LT, LU, LV, LY, MA, MC, MD, ME, MF, MG, MH, MK, ML, MM, MN, MO, MP, MQ, MR, MS, MT, MU, MV, MW, MX, MY, MZ, NA, NC, NE, NF, NG, NI, NL, NO, NP, NR, NU, NZ, OM, PA, PE, PF, PG, PH, PK, PL, PM, PN, PR, PS, PT, PW, PY, QA, RE, RO, RS, RU, RW, SA, SB, SC, SD, SE, SG, SH, SI, SJ, SK, SL, SM, SN, SO, SR, ST, SV, SX, SY, SZ, TC, TD, TF, TG, TH, TJ, TK, TL, TM, TN, TO, TR, TT, TV, TW, TZ, UA, UG, UM, US, UY, UZ, VA, VC, VE, VG, VI, VN, VU, WF, WS, XE, XJ, XS, YE, YT, ZA, ZM, and ZW.
A reference for two-letter country codes is available at Country Codes List.
To enter multiple values and overwrite any existing entries, use the following syntax: Value1,Value2,...ValueN
.
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="Value1","Value2"...; Remove="Value3","Value4"...}
.
To empty the list, use the value $null.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-SpamAction
The SpamAction parameter specifies the action to take on messages that are marked as spam (not high confidence spam, bulk email, phishing, or high confidence phishing). Valid values are:
- AddXHeader: Add the AddXHeaderValue parameter value to the message header, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf).
- Delete : Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message.
- ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf).
- MoveToJmf: This is the default value. Deliver the message to the Junk Email folder in the recipient's mailbox. In standalone Exchange Online Protection environments, you need to configure mail flow rules in your on-premises Exchange organization. For instructions, see Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments.
- Quarantine: Deliver the message to quarantine. By default, messages that are quarantined as spam are available to the intended recipients and admins. Or, you can use the SpamQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
- Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
Type: | SpamFilteringAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-SpamQuarantineTag
The SpamQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as spam (the SpamAction parameter value is Quarantine). You can use any value that uniquely identifies the quarantine policy. For example:
- Name
- Distinguished name (DN)
- GUID
Quarantine policies define what users are able to do to quarantined messages based on why the message was quarantined and quarantine notification settings. For more information about quarantine policies, see Quarantine policies.
The default value for this parameter is the built-in quarantine policy named DefaultFullAccessPolicy (no notifications) or NotificationEnabledPolicy (if available in your organization). This quarantine policy enforces the historical capabilities for messages that were quarantined as spam as described in the table here.
To view the list of available quarantine policies, run the following command: Get-QuarantinePolicy | Format-List Name,EndUser*,ESNEnabled
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-SpamZapEnabled
The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in already delivered messages in Exchange Online mailboxes. Valid values are:
- $true: ZAP for spam is enabled. This is the default value. The result depends on the spam filtering verdict action for spam messages: MoveToJmf = Unread spam messages are moved to the Junk Email folder. Delete, Redirect, or Quarantine = Unread spam messages are quarantined. AddXHeader or ModifySubject = no action is taken on the message.
- $false: ZAP for spam is disabled.
You configure ZAP for phishing messages with the PhishZapEnabled parameter.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-TestModeAction
The TestModeAction parameter specifies the additional action to take on messages when one or more IncreaseScoreWith* or MarkAsSpam* ASF parameters are set to the value Test. Valid values are:
- None: This is the default value, and we recommend that you don't change it.
- AddXHeader: The X-header value
X-CustomSpam: This message was filtered by the custom spam filter option
is added to the message. - BccMessage: Redirect the message to the recipients specified by the TestModeBccToRecipients parameter.
Type: | SpamFilteringTestModeAction |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-TestModeBccToRecipients
The TestModeBccToRecipients parameter specifies the blind carbon copy (Bcc) recipients to add to spam messages when the TestModeAction ASF parameter is set to the value BccMessage.
Valid input for this parameter is an email address. Separate multiple email addresses with commas.
This parameter is meaningful only when the value of the TestModeAction parameter is BccMessage, and when the value of one or more IncreaseScoreWith* or MarkAsSpam* parameters is Test.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
-WhatIf
The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Exchange Online Protection |
Inputs
Input types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.
Outputs
Output types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn't return data.