New-PhishSimOverrideRule

This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.

Use the New-PhishSimOverrideRule cmdlet to create third-party phishing simulation override rules to bypass Exchange Online Protection filtering. For more information, see Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

New-PhishSimOverrideRule
   [-Name] <String>
   -Policy <PolicyIdParameter>
   -SenderIpRanges <MultiValuedProperty>
   [-Comment <String>]
   [-Confirm]
   [-Domains <MultiValuedProperty>]
   [-SenderDomainIs <MultiValuedProperty>]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.

Examples

Example 1

New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains fabrikam.com,wingtiptoys.com -SenderIpRanges 192.168.1.55

This example creates a new phishing simulation override rule with the specified settings.

Parameters

-Comment

The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Domains

The Domains parameter specifies the email domain that's used by the third-party phishing simulation. You can use either of the following values:

  • The 5321.MailFrom address (also known as the MAIL FROM address, P1 sender, or envelope sender).
  • The DKIM domain.

You can specify up to 10 values separated by commas.

A phishing simulation requires at least one domain from this parameter and at least one IP address in the SenderIPRanges parameter.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Name

The Name parameter specifies the name for the policy. Regardless of the value you specify, the name will be PhishSimOverrideRule<GUID> where <GUID> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Policy

The Policy parameter specifies the phishing simulation override policy that's associated with the rule. You can use any value that uniquely identifies the policy. For example:

  • Name
  • Id
  • Distinguished name (DN)
  • GUID
Type:PolicyIdParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-SenderDomainIs

This parameter has been replaced by the Domains parameter.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-SenderIpRanges

The SenderIpRanges parameter specifies the source IP address that's used by the third-party phishing simulation. Valid values are:

  • Single IP address: For example, 192.168.1.1.
  • IP address range: For example, 192.168.0.1-192.168.0.254.
  • Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.

You can specify up to 10 entries separated by commas.

A phishing simulation entry requires at least one IP address in this parameter and at least one domain in the Domains parameter.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-WhatIf

The WhatIf switch doesn't work in Security & Compliance Center PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center

Inputs

Outputs