Set-PolicyConfig

This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.

Use the Set-PolicyConfig cmdlet to modify the endpoint restrictions that are configured in the organization.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-PolicyConfig
   [-ClassificationScheme <ClassificationScheme>]
   [-ComplianceUrl <String>]
   [-Confirm]
   [-DocumentIsUnsupportedSeverity <RuleSeverity>]
   [-EnableLabelCoauth <Boolean>]
   [-EnableSpoAipMigration <Boolean>]
   [-EndpointDlpGlobalSettings <PswsHashtable[]>]
   [-EndpointDlpGlobalSettingsPsws <PswsHashtable[]>]
   [-OnPremisesWorkload <Workload>]
   [-ProcessingLimitExceededSeverity <RuleSeverity>]
   [-RetentionForwardCrawl <Boolean>]
   [-RuleErrorAction <PolicyRuleErrorAction>]
   [-SenderAddressLocation <PolicySenderAddressLocation>]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.

Examples

Example 1

{{ Add example code here }}

{{ Add example description here }}

Parameters

-ClassificationScheme

{{ Fill ClassificationScheme Description }}

Type:ClassificationScheme
Accepted values:Default, V0_AggregatedOnly, V1_DetailedResults
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ComplianceUrl

{{ Fill ComplianceUrl Description }}

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-DocumentIsUnsupportedSeverity

{{ Fill DocumentIsUnsupportedSeverity Description }}

Type:RuleSeverity
Accepted values:Low, Medium, High, None, Informational, Information
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-EnableLabelCoauth

{{ Fill EnableLabelCoauth Description }}

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-EnableSpoAipMigration

{{ Fill EnableSpoAipMigration Description }}

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-EndpointDlpGlobalSettings

The EndpointDlpGlobalSettings parameter specifies the global endpoints. This parameter uses the following syntax: @(@{"Setting"="<Setting>"; "Value"="<Value>}",@{"Setting"="<Setting>"; "Value"="<Value>"},...).

The value of <Setting> is one of the supported values.

Example values:

  • @{"Setting"="PathExclusion"; "Value"="C:\Windows";}
  • @{"Setting"="PathExclusion"; "Value"="%AppData%\Mozilla";}
  • @{"Setting"="PathExclusion"; "Value"="C:\Users\*\Desktop";}
  • @{"Setting"="UnallowedApp"="Notepad ++;"Executable"="notepad++"}
  • @{"Setting"="UnallowedApp"="Executable"="cmd"}
  • @{"Setting"="UnallowedBrowser"="Chrome";"Executable"="chrome"}
  • @{"Setting"="CloudAppRestrictions"="Allow"}
  • @{"Setting"="CloudAppRestrictionList"="1.1.2.2"}
  • @{"Setting"="CloudAppRestrictionList"="subdomain.com"}
  • @{"Setting"="CloudAppRestrictionList"="another.differentdomain.edu"}
  • @{"Setting"="ShowEndpointJustificationDropdown"; "True";}
Type:PswsHashtable[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-EndpointDlpGlobalSettingsPsws

{{ Fill EndpointDlpGlobalSettingsPsws Description }}

Type:PswsHashtable[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-OnPremisesWorkload

{{ Fill OnPremisesWorkload Description }}

Type:Workload
Accepted values:None, Exchange, SharePoint, Intune, OneDriveForBusiness, PublicFolder, SharePointOnPremises, ExchangeOnPremises, AuditAlerting, Skype, ModernGroup, DynamicScope, Teams, UnifiedAuditAzure, EndpointDevices, ThirdPartyApps, OnPremisesScanner
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ProcessingLimitExceededSeverity

{{ Fill ProcessingLimitExceededSeverity Description }}

Type:RuleSeverity
Accepted values:Low, Medium, High, None, Informational, Information
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RetentionForwardCrawl

{{ Fill RetentionForwardCrawl Description }}

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RuleErrorAction

The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are:

  • Ignore
  • RetryThenBlock (This is the default value)
Type:PolicyRuleErrorAction
Accepted values:Ignore, RetryThenBlock
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-SenderAddressLocation

The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses. Valid values are:

  • Header: Only examine senders in the message headers (for example, the From, Sender, or Reply-To fields). This is the default value.
  • Envelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field).
  • HeaderOrEnvelope: Examine senders in the message header and the message envelope.
Type:PolicySenderAddressLocation
Accepted values:Header, Envelope, HeaderOrEnvelope
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-WhatIf

The WhatIf switch doesn't work in Security & Compliance Center PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center

Inputs

Outputs