Set-AntiPhishPolicy

This cmdlet is available only in the cloud-based service.

Use the Set-AntiPhishPolicy cmdlet to modify antiphishing policies in your cloud-based organization.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).

Syntax

Set-AntiPhishPolicy
   -Identity <AntiPhishPolicyIdParameter>
   [-AdminDisplayName <Basic | High>]
   [-AuthenticationFailAction <MoveToJmf | Quarantine>]
   [-Confirm]
   [-EnableAntispoofEnforcement <$true | $false>]
   [-EnableAuthenticationSafetyTip <$true | $false>]
   [-EnableAuthenticationSoftPassSafetyTip <$true | $false>]
   [-Enabled <$true | $false>]
   [-EnableMailboxIntelligence <$true | $false>]
   [-EnableOrganizationDomainsProtection <$true | $false>]
   [-EnableSimilarDomainsSafetyTips <$true | $false>]
   [-EnableSimilarUsersSafetyTips <$true | $false>]
   [-EnableTargetedDomainsProtection <$true | $false>]
   [-EnableTargetedUserProtection <$true | $false>]
   [-EnableUnusualCharactersSafetyTips <$true | $false>]
   [-ExcludedDomains <MultiValuedProperty>]
   [-ExcludedSenders <MultiValuedProperty>]
   [-MakeDefault]
   [-PhishThresholdLevel <Int32>]
   [-TargetedDomainActionRecipients <MultiValuedProperty>]
   [-TargetedDomainProtectionAction <NoAction | MoveToJmf | Redirect | Quarantine | Delete | BccMessage>]
   [-TargetedDomainsToProtect <MultiValuedProperty>]
   [-TargetedUserActionRecipients <MultiValuedProperty>]
   [-TargetedUserProtectionAction <NoAction | MoveToJmf | Redirect | Quarantine | Delete | BccMessage>]
   [-TargetedUsersToProtect <MultiValuedProperty>]
   [-TreatSoftPassAsAuthenticated <$true | $false>]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx).

Examples

-------------------------- Example 1 --------------------------

Set-AntiPhishPolicy -Identity "Contoso Antiphish" -TargetedDomainProtectionAction BccMessage -TargetedUserProtectionAction BccMessage -EnableTargetedUserProtection $true -TargetedDomainActionRecipients reviewer@contoso.com -TargetedUserActionRecipients reviewer@contoso.com

This example modifies the existing antiphishing policy named Contoso Antiphish by changing the notification action to Bcc, and specifies reviewer@contoso.com as the recipient of the messages.

Parameters

-AdminDisplayName

The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks (").

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-AuthenticationFailAction

The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication. Valid values are:

  • Delete: Delete the message during filtering. Use caution with this value, because the deleted messages are not recoverable.

  • MoveToJmf: Move the message to the user's Junk Email folder. This is the default value.

  • Quarantine: Move the message to the phishing quarantine.

Type:Delete | MoveToJmf | Quarantine
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableAntispoofEnforcement

The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the policy. Valid values are:

  • $true: Antispoofing is enabled for the policy. This is the default value, and is recommended.

  • $false: Antispoofing is disabled for the policy. We only recommend this value if you have a domain that's protected by another email filtering service.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableAuthenticationSafetyTip

The EnableAuthenticationSafetyTip parameter specifies whether to enable safety tips that are shown to recipients when a message fails composite authentication. Valid values are:

  • $true: Safety tips are enabled for messages that fail composite authentication. This is the default value, and we strongly recommend that you don't change it.

  • $false: Safety tips are disabled for messages that fail composite authentication.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableAuthenticationSoftPassSafetyTip

The EnableAuthenticationSoftPassSafetyTip parameter specifies whether to enable safety tips that are shown to recipients when a message fails composite authentication with low to medium confidence. Valid values are:

  • $true: Safety tips are enabled for messages that fail composite authentication with low to medium confidence. If you use this value, you might want to restrict the policy to a smaller number of users to avoid displaying too many of these types of safety tips to users.

  • $false: Safety tips are disabled for messages that fail composite authentication with low to medium confidence. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableMailboxIntelligence

The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection. Valid values are:

  • $true: Use mailbox intelligence in domain and user impersonation protection. This is the default value.

  • $false: Don't use mailbox intelligence in domain and user impersonation protection.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableOrganizationDomainsProtection

The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization. Valid values are:

  • $true: Domain impersonation protection is enabled for all registered domains in the Office 365 organization.

  • $false: Domain impersonation protection isn't enabled for all registered domains in the Office 365 organization. This is the default value. You can enable domain impersonation protection for specific domains by using the EnableTargetedDomainsProtection and TargetedDomainsToProtect parameters.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableSimilarDomainsSafetyTips

The EnableSimilarDomainsSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for domain impersonation detections. Valid values are:

  • $true: Safety tips for similar domains are enabled.

  • $false: Safety tips for similar domains are disabled. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableSimilarUsersSafetyTips

The EnableSimilarUsersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for user impersonation detections. Valid values are:

  • $true: Safety tips for similar users are enabled.

  • $false: Safety tips for similar users are disabled. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableTargetedDomainsProtection

The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains. Valid values are:

  • $true: Domain impersonation protection is enabled for the domains specified by the TargetedDomainsToProtect parameter.

  • $false: The TargetedDomainsToProtect parameter isn't used. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableTargetedUserProtection

The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter. Valid values are:

  • $true: User impersonation protection is enabled for the specified users.

  • $false: The TargetedUsersToProtect parameter isn't used. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-EnableUnusualCharactersSafetyTips

The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections. Valid values are:

  • $true: Safety tips for unusual characters are enabled.

  • $false: Safety tips for unusual characters are disabled. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Enabled
Position:Named
Default value:None
Accept pipeline input:false
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-ExcludedDomains

The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-ExcludedSenders

The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-Identity

The Identity parameter specifies the antiphishing policy that you want to modify. You can use any value that uniquely identifies the policy. For example:

  • Name

  • Distinguished name (DN)

  • GUID

Type:AntiPhishPolicyIdParameter
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-MakeDefault

{{Fill MakeDefault Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-PhishThresholdLevel

The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. Valid values are:

  • 1: Standard (this is the default value)

  • 2: Aggressive

  • 3: More aggressive

  • 4: Most aggressive

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TargetedDomainActionRecipients

The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage.

A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TargetedDomainProtectionAction

The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages for the domains specified by the TargetedDomainsToProtect parameter. Valid values are:

  • NoAction (This is the default value)

  • BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message.

  • Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message.

  • MoveToJmf: Move the message to the user's Junk Email folder.

  • Quarantine: Move the message to the phishing quarantine.

  • Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TargetedDomainsToProtect

The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.

You can specify multiple domains separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TargetedUserActionRecipients

The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage.

A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TargetedUserProtectionAction

The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter. Valid values are:

  • NoAction (This is the default value)

  • BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message.

  • Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message.

  • MoveToJmf: Move the message to the user's Junk Email folder.

  • Quarantine: Move the message to the phishing quarantine.

  • Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TargetedUsersToProtect

The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.

This parameter uses the syntax "DisplayName;EmailAddress".

  • DisplayName specifies the display name of the user that could be a target of impersonation. This value can contain special characters.

  • EmailAddress specifies the internal or external email address that's associated with the display name.

  • You can specify multiple value sets by using the syntax: "DisplayName1;EmailAddress1","DisplayName2;EmailAddress2",..."DisplayNameN;EmailAddressN". The combination of DisplayName and EmailAddress needs to be unique for each value set.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-TreatSoftPassAsAuthenticated

The TreatSoftPassAsAuthenticated parameter specifies whether or not to respect the composite authentication softpass result. Valid values are:

  • $true: This is the default value.

  • $false: Only use this value when you want to enable more restrictive antispoofing filtering, because this value might cause false positives.

Note: This parameter corresponds to the Strict filtering value in the Office 365 admin center.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection
-WhatIf

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

Inputs

Outputs