Set-PhishSimOverrideRule

This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.

Use the Set-PhishSimOverrideRule cmdlet to modify third-party phishing simulation override rules to bypass Exchange Online Protection filtering. For more information, see Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-PhishSimOverrideRule
   [-Identity] <ComplianceRuleIdParameter>
   [-AddSenderDomainIs <MultiValuedProperty>]
   [-AddSenderIpRanges <MultiValuedProperty>]
   [-Comment <String>]
   [-Confirm]
   [-RemoveSenderDomainIs <MultiValuedProperty>]
   [-RemoveSenderIpRanges <MultiValuedProperty>]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.

Examples

Example 1

Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55

This example modifies the phishing simulation override rule with the specified settings.

Parameters

-AddSenderDomainIs

The AddSenderDomainIs parameter specifies an existing entry to add to the list of email domains that are used by the third-party phishing simulation.

You can specify multiple values separated by commas. A maximum of 10 entries are allowed in the list.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddSenderIpRanges

The AddSenderIpRanges parameter specifies an existing entry to add to the list of source IP addresses that are used by the third-party phishing simulation. Valid values are:

  • Single IP address: For example, 192.168.1.1.
  • IP address range: For example, 192.168.0.1-192.168.0.254.
  • Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.

You can specify multiple values separated by commas.

A maximum of 10 entries are allowed in the list.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Comment

The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Identity

The Identity parameter specifies the phishing simulation override rule that you want to modify. You can use any value that uniquely identifies the rule. For example:

  • Name
  • Id
  • Distinguished name (DN)
  • GUID
Type:ComplianceRuleIdParameter
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveSenderDomainIs

The RemoveSenderDomainIs parameter specifies an existing entry to remove from the list of email domains that are used by the third-party phishing simulation.

You can specify multiple values separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveSenderIpRanges

The RemoveSenderIpRanges parameter specifies an existing entry to remove from the list of source IP addresses that are used by the third-party phishing simulation. Valid values are:

  • Single IP address: For example, 192.168.1.1.
  • IP address range: For example, 192.168.0.1-192.168.0.254.
  • Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.

You can specify multiple values separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-WhatIf

The WhatIf switch doesn't work in Security & Compliance Center PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center

Inputs

Outputs